There was a time when biometric data, specifically retinal scans or facial recognition technologies, seemed like something out of a science-fiction movie. Nowadays, businesses collect biometric information to regulate anything from iPhone access to employee time and attendance. While biometrics can help protect personal information, is there a limit to when an employer can go beyond their limits? The Ebbert Law Firm can help you if you get involved in a case regarding biometric misuse.
How can your biometric data affect your employment case?
Biometrics are the unique physical parts that identify you. Biometric data includes fingerprints, palm prints, audio recordings, eye scans, and face recognition technology. Security experts believe biometric data might be safer than passwords in protecting sensitive information.
You are probably already using biometrics. You use it whenever you scan your finger to unlock your cell phone. Some airlines use facial recognition to speed up security checks at airports. Alexa, Siri, Google Assistant, and other smart home gadgets use voice recognition as a biometric identity.
Employee Rights & Biometric Data
Balancing an employer’s right to collect and use biometric data with individual privacy is a developing topic of law. Some states, such as Illinois, have noticed an increase in class-action litigation as a result of companies’ inability to keep up with the state’s comprehensive Biometric Information Privacy Act (BIPA). Tennessee’s proposed bill, like BIPA, allows people to seek thousands of bucks in damages per violation, covering attorney’s fees and court costs.
Companies must establish a retention schedule and guidelines for permanently disposing of biometric data once the employer’s main purpose for collecting that information has been met or within one to three years of the person’s last interaction with the employer, based on the applicable regulation. The rules should prohibit employees from exposing any worker’s biometric information without his or her consent, as well as selling or benefiting from any biometric data.
Employers should also give all employees individualized written notices before collecting, keeping, or exploiting biometric data.
To be in line with BIPA, all written biometric data notifications must include at least one of the following:
- Language indicating to the data user that biometric data is being gathered and kept.
- The exact purpose and duration of gathering data, storage, and use.
- When applicable, include text informing the data subject that their biometric data will be transferred with service providers or other parties.
Conclusion
Employers who collect and use employee biometric details should develop and remain aware of the significant hazards associated with biometric data and work to reduce them.
