Biometrics measure an individual’s unique physical characteristics, creating a digital trail of the person’s monitored activities in the workplace. Traditional employment tools of time cards and passwords are going by the wayside. While offering companies new opportunities and efficiencies, biological technologies can pose privacy concerns and human resources challenges.
With growing frequency, companies have integrated facial- and voice-recognition systems, finger- and hand-screening devices and iris scanning. Such biometric technology assists in the measurement of employees’ time, productivity and attendance.
Biometrics also offer enhanced security measures to enforce access restrictions, allowing employers to limit or trace how and when individuals are present in specific locations. Biometric devices provide “keyless” locks, which are particularly important to restrict the travels of nonemployees who visit a facility or office.
There is no comprehensive federal law regarding biometric data usage and compilation. The Federal Trade Commission has issued a report titled “Facing Facts: Best Practices for Common Uses of Facial Recognition Technologies” that addresses privacy issues concerning facial-recognition technology. Companies interacting with federal agencies should check whether the regulators offer guidance or directives on the use of biometric technology.
In Rhode Island, employers should incorporate biometric data into their written information security programs required under the Rhode Island Identity Theft Protection Act.
Like any digital asset, biometric data has value that is appealing to hackers and cyber intruders. To guard against such continual threats, cross-functional managerial teams of senior officers, human resources leaders and information technology personnel must develop and enforce strict security protocols relating to the company’s storage and safeguarding of biometric data. Also, cyber insurance policies should be reviewed to confirm the extent to which biometric data is covered.
Workers will raise questions and concerns about the collection of their biometric data, with employees fearing the misuse of their personal information or questioning the extent to which their privacy may be invaded. Although many companies are at-will employers and may terminate employees who decline to provide a fingerprint or biometric scan, such drastic action could have detrimental impacts upon employee morale and retention.
Increasingly, issues relating to biometrics have been the focus of employee lawsuits. Courts have addressed claims whether the use of biometric data in wellness programs can violate an employee’s rights under the Americans with Disabilities Act. Also, employees may raise objections on religious grounds. Employers should carefully consider any objection or request for accommodations relating to the use of biometrics, paying attention to the possibility of unlawful discrimination claims under federal or state law.
A workplace policy should define what biometric data will be collected from employees and for what reasons. An employer should commit explicitly to keeping employees’ biometric data confidential and protected to the same extent as personal identifying information such as Social Security numbers and health care records. Biometric data should be included when setting and enforcing records retention and destruction protocols.
Biometric technology within companies’ daily functions will only grow. Employers should not lose sight of the many considerations that must be evaluated and understood when it comes to biometrics. By doing so, the operational benefits of biometrics will outweigh the risks.
Steven M. Richard is a trial and appellate lawyer at Nixon Peabody LLP.