Biometrics at Work: Rules and Ramifications

Biometric technology is everywhere, and for good reason: It reduces the time it takes for things like clocking in, unlocking phones, and logging into computers to virtually nothing, making it perfect for any efficient workplace. However, like any personal details from your employees, storing biometric information requires caution and transparency if you want to avoid a lawsuit.

Here are a few things to keep in mind when using biometric devices in the workplace.

What is Biometric Data?

Biometric information includes any form of identifying physical features from your employees. This can be as simple as a fingerprint or a retinal scan, but some biometric devices go so far as to scan a user’s facial details or voice. Naturally, storing details regarding employees’ unique physical attributes is a potential minefield from a legal standpoint, especially if you don’t disclose to employees the full extent to which you plan on using their data.

To avoid any pitfalls, there are a couple of things you need to do before introducing biometric technology to your workplace.

Legality and Convenience

Before implementing any form of biometric technology in your office, the first thing you need to do is ensure that doing so is legal in your area. Some states either directly or indirectly prohibit certain types of biometric technology. For example, New York prohibits gathering employees’ fingerprints, thus rendering any fingerprint-based biometrics impossible to use, while in 2008 Illinois enacted the Illinois Biometric Information Privacy Act, with more states beginning to follow suit. Penalties will add up quickly, from $1,000 to $5,000 per violation.

Similarly, many states have privacy laws that prevent you from requiring employees to undergo biometric scans of any kind.

If biometric technology is legal in your state, that doesn’t necessarily mean you should use it in your workplace. Since you probably can’t (and shouldn’t) fire employees who are nervous about using biometrics by virtue of their discomfort, you will need to have a backup option for anyone who wants to opt out. Depending on the size of your business, this may be enough of an incentive to stick to a traditional payroll option in order to save on costs.

Transparency

Once you identify all sources of information in use, you should define how your organization will securely handle the storage, retention, disclosure and destruction of biometric information. The next step in avoiding the messy ramifications of improper data use is to communicate to your employees exactly what you want to use their biometric information for. Before implementing any biometric technology in your workplace, make sure your employees have read and signed your terms for data storage and use.

These terms should include the following information:

1.  What you plan on using the data for (even if it’s just clocking in and out)
2.  How you plan to keep employees’ data safe
3.  Whether or not you will share the data with third-party services or companies

Your employees may also require more of an in-depth explanation regarding things like encryption and what happens if they leave the company. The most important thing is for your employees to feel secure.

Of course, once you outline the stipulations for biometric data use, you cannot deviate from those parameters without either amending the circumstances—complete with signed employee permission—or risking a lawsuit. This is actually trickier than it sounds; for example, if you use a payroll service that stores employee data in a manner that differs from your written terms, you may inadvertently violate those terms.

For this reason, you should always check the contracts for your biometric devices before drafting a policy for your employee handbook.

Proactive Security

Your employees’ stored data will invariably become irrelevant or outdated. This may be because an employee leaves the company, your payroll company updates its data storage policies, or the state introduces legislature that prohibits your biometric devices. Whatever the case, you need to be ready to delete any stored employee information at a moment’s notice.

Some devices, such as smartphones and computers, make the act of removing a biometric profile as easy as logging into the employee’s account and deleting the fingerprint or face scan from the device’s settings. However, if your employees’ data goes through a third-party device such as a time clock, you may need to contact the company to remove the pertinent profiles as needed. Naturally, this process will depend on your selected payroll company.

As with anything else you do regarding your biometric usage, make sure your employees know what your data deletion policy and process is, or ensure that they know how to remove their own profiles when necessary. If you’re using a biometric time clock, you’ll want to disclose the payroll company’s data storage and deletion policy before asking employees to sign up for it.

Biometric technology comes with some pretty attractive advantages for the modern workplace, but it isn’t without it drawbacks—and those drawbacks can cost you if your use doesn’t comply with local and state law. For more information on how you can safely implement biometric scanners for your employees, call Abacus Payroll at (856) 667-6225 today!

Biometric Data for Employers: Infographic

Infographic: Using Biometric Data at the Workplace