Laura Briggs

Biometric Privacy Lawsuits Are on The Rise; How Can Companies Prepare? When it comes to collecting paperwork, conducting background checks, and managing employment agreements, many business owners assume they’ve covered all necessary ground with compliance and risk mitigation. But as technology plays an increasing important role in streamlining processes in most today, it’s important to be mindful not just of existing statutes, but of how to implement tactics to protect you and your business from litigation in the future. Keeping data collection and storage streamlined is a top goal for many companies looking to take advantage of technology, but this comes with potential legal pitfalls regarding biometric data. Can My Company Use Biometric Data Collection? What you can collect and store from employees depends on your state, especially when it comes to using biometric details for workers to clock in and out of their shifts. A growing number of class action lawsuits target companies who have allegedly violated the biometric privacy of their employees. Requesting that employees authenticate their time logged on the work clock with biometric technologies could have significant legal implications and many of the companies using these are discovering this after the fact. Biometric lawsuits pose more risks today for employers in a changing landscape, meaning that proper strategies and information collection is key for companies of all sizes. How Biometric Technology Is Impacting the Employment Landscape Biometric authentication technology is already impacting individual lives and businesses. Facial and finger recognition have become so popular that many employers have realized that they could save significant time and increase the authenticity of logged hours by using similar technologies. However, a growing number of class action lawsuits highlight the privacy dangers inherent with biometric authentication devices. Illinois is leading the landscape in articulating individual privacy rights with more than 50 companies now being sued under the Illinois Biometric Information Privacy Act. Although only a handful of states have laws on these issues, the risk of a biometric privacy lawsuit looms as a potential threat. What is the Biometric Information Privacy Act? The BIPA outlines the rules for protection, retention, and disclosure of biometric data. Furthermore, it enables aggrieved employees to recover up to $5000 for every intentional violation of the law and $1000 each for negligent violation. New York has a labor law covering the concept of biometric information but does not currently enable consumers to initiate lawsuits. Washington and Texas have passed laws similar to Illinois. The BIPA outlines both biometric identifiers and biometric information. Biometric identifiers include a voice print, retina scan, finger print or scan of face or hand geometry. Biometric information has a broader definition; meaning any details that are linked to an individual's biometric identifier used to identify that person. Companies in Illinois and states that are now implementing their own biometric privacy acts must comply with numerous statutory provisions, which frequently include written notice, written release, not using these biometrics for profit, a written policy, and a consent to disclose. Why is BIPA Important Now? The BIPA was originally enacted in 2008, but recent years have seen this act become more prominent in class action lawsuits. Courts have currently interpreted that due to the language of the BIPA, only individuals who have been aggrieved due to the collection, storage or sharing of their biometric identifiers are eligible to sue. This is a strong hint that plaintiffs must be able to illustrate actual injury. Companies now must be mindful about whether or not these biometric laws could apply to their businesses and how the changing landscape of biometric privacy acts could influence them in the future. Companies looking to invest in the use of biometric data should look carefully to states that have already established laws as similar provisions may be required in the future. Even though your state might not currently have a Biometric Information Privacy Act that requires you to comply with certain provisions or enables aggrieved employees to sue you, being proactive could minimize the potential for litigation in the future. Assessing compliance issues and determining a forward-thinking plan will put you one step ahead of those who are already facing litigation over this issue. An established relationship with knowledgeable lawyers and HR professionals can help you develop a plan for collecting and protecting employee data.