Current COVID-19 Alert

COVID Updates & Resources: Learn More

Fingerprint Scans and Other Biometric Data Used by Employers May Prove Costly

On May 31, 2018, a federal judge in Chicago refused to dismiss allegations that an employer and its time-keeping equipment supplier violated the Illinois Biometric Information Privacy Act (“BIPA”). In part, BIPA requires private entities in possession of biometric information — including retina or iris scans, fingerprints, voiceprints, or scans of hand or face geometry — to: (a) inform an individual that biometric information is being collected, the purpose of such collection, and the length of time the biometric information will be stored; (b) develop written biometric information retention and destruction policies; (c) obtain a written release from the individual whose biometric information is being collected; and (d) refrain from sharing biometric information without the individual’s consent.

The lawsuit, Dixon v. Senior Smith Living et al., alleges the employer required its employees to clock in and out of work by scanning their fingerprints, which the employer stored in a database after the first time they were scanned. The lawsuit further alleges the employer: (i) did not inform its employees of the specific purpose or length of time for which the stored fingerprints were to be collected, stored, and/or used; (ii) did not make available information about its biometric data retention policy (if it had such a policy) or other guidelines regarding the permanent destruction of the biometric information it possessed; (iii) neglected to obtain a release from its employees to collect or store their fingerprints; and (iv) “systematically disclosed” that information to its time-keeping supplier. If proven, the employer could be required to pay the greater of actual damages or liquidated damages of $1,000 or $5,000 per employee.

The lawsuit serves as a reminder to employers adopting technology that uses biometric information. Before implementing those technologies, employers must take steps mandated by BIPA to ensure the privacy of its employees’ biometric information.

For more information or to discuss biometric information issues and the policies required by BIPA, contact author Jay Scholl.