More employers are using biometrics for timekeeping and security review. The biometric identifiers most frequently used by employers are face scans (“facial recognition”), fingerprints, voiceprints, and video surveillance. Although only five states regulate the use of biometrics—Illinois, New York, Texas, Vermont, and Washington—common-law invasion/breach-of-privacy claims are available to everyone. So, establishing a biometrics policy can help employers avoid a biometric privacy violation claim and other workplace disruption.
Drafting Your Biometrics Policy
Your biometrics policy should include four primary sections:
Consent. You should obtain consent before collecting biometric information. The consent form should explain why you’re collecting the information and how long the information will be retained.
Disclosure. The disclosure provision of the policy should state that you won’t share the employee’s biometric information with anyone other than your biometric identifier vendors unless legally required or you obtain the employee’s consent.
Storage protocol. The storage language should state that you’ll store the data according to reasonable standards of care in the industry and that the data will be maintained in the same manner as other confidential information is stored and protected.
Retention schedule. The retention schedule should include a timetable for when the biometric information will be destroyed. The timetable depends on the information. For example, under the Fair Labor Standards Act (FLSA), timekeeping records must be maintained for three years, so if biometrics are used for timekeeping, the biometric information must be maintained for three years. Other biometric information may be destroyed when the employee terminates employment or moves to a different role in the organization—again, this destruction is superseded by record retention requirements.
Bottom Line
As more employers use biometric data, developing a biometric policy and consent form would be a best practice to protect your company and avoid surprising your employees.
If you have any questions or would like additional information, please contact Richard Lehr at 205-323-9260 or rlehr@lehrmiddlebrooks.com.