More employers are using biometrics for time-keeping and security review. The biometric identifiers most frequently used by employers are face scans (“facial recognition”), fingerprints, voiceprints and video surveillance. Although only five states regulate the use of biometrics—Illinois, New York, Texas, Vermont and Washington—common law invasion/breach of privacy claims are available to everyone. Thus, establishing a biometrics policy can help employers avoid a biometric privacy violation claim and other workplace disruption.
A biometrics policy should include four primary sections—disclosure, consent, storage protocol and a retention schedule. The consent should be obtained prior to the collection of the biometric information. The consent form should explain why the employer is collecting the employee’s biometric information and how long the biometric information will be retained.
The disclosure provision of the policy should state that the employer will not share the employee’s biometric information with anyone other than its biometric identifier vendors unless legally required or with the employee’s consent. The storage language should state that the employer will store the data according to reasonable standards of care in the industry and will be maintained in the same manner as other confidential information is stored and protected.
The retention schedule should include a timetable for when the biometric information will be destroyed. The timetable depends on the information. For example, under the Fair Labor Standards Act, timekeeping records must be maintained for three years, so if biometrics are used for timekeeping, the biometric information must be maintained for three years. Other biometric information may be destroyed when the employee terminates employment or moves to a different role in the organization—again, this destruction is superseded by record retention requirements.
As more employers embrace the use of biometric data, developing a biometric policy and consent form would be a best practice to protect the employer and not surprise the employee.
If you have any questions or would like additional information, please contact Richard Lehr at 205-323-9260 or rlehr@lehrmiddlebrooks.com.
Website Design and Digital Marketing by
