Advances in technology often lead to increased efficiency, greater connectivity, and useful integration and exchange of information. The “Internet of Things” has made everything smart–our phones, our cars, and our homes. Encroachment of technology into our daily routines has been gradual but pervasive, including the workplace and workplace rights.

Technology that collects our physiological and physical characteristics can prove useful and even fun for tracking fitness goals, analyzing sleep quality, and learning about our ancestors. But when employers collect and store employees’ biometric data, they must be careful to adhere to privacy laws that protect workers.

What Are Biometrics?

Biometric identifiers are unique physical, physiological, or even behavioral characteristics that can be used to identify an individual. Biometrics are electronic images or recordings of a person’s:

  • Facial geometry.
  • Fingerprints.
  • Iris.
  • Retina.
  • Hand or palm.
  • Voice.
  • Gait.
  • Keystroke patterns.

Unlike passwords, biometrics are unique to the individual and can’t easily be replicated. But when digital scans and other biometrics are misused, they leave sensitive information vulnerable.

How Do Employers Use Biometrics?

Employers generally use biometrics to increase security and efficiency. They may use biometrics to track employees’ hours, control access to facilities, or secure equipment. Biometric-activated timekeeping systems can reduce fraud and disputes about timesheet errors. Some employers use data from fitness trackers to provide incentives for employee wellness programs.

Biometric technology in the medical field can reduce pharmaceutical theft, prevent counterfeit drug manufacturing, and protect proprietary information. Tracking information about computer logins or building entries can deter theft, vandalism, and unauthorized use of company resources.

There are many potential benefits to employers and workers. But when employers collect or retain biometric information without employees’ consent or fail to secure such data, employee rights and privacy are at risk.

How Do Biometrics Threaten Employees’ Rights?

All the sensitive information collected by biometric technology is subject to exploitation or theft if it is not properly protected. Stolen or duplicated biometric data can give wrongdoers access to an employee’s health, financial, and employment records. Thanks to other advanced technology like 3D printing, biometrics can be forged. The touch of an AI fingerprint could expose a wealth of personal information on smartphones and computers. The same technology that allows us to control our cars and homes with a glance or touch can upend our lives when in the wrong hands, giving bad actors opportunities for fraud, personal property or identity theft, or extortion.

Health or life insurance companies may misuse information about medical conditions to increase premiums or deny coverage improperly. Current or future employers may use data to illegally discriminate based on racial, ethnic, or gender biases.

Many employers don’t manage biometric data themselves. They rely on third-party vendors, adding another layer of complexity and risk to the storage of sensitive data.

What Laws Protect Employees’ Biometric Data?

Illinois led the nation in regulating the collection and use of biometric data when it passed the Illinois Biometric Information Privacy Act (BIPA) in 2008. Texas and Washington have since passed similar laws, but Illinois is the only one of the three that permits a private right of action. Legislation to regulate handling biometric data has been introduced but not yet enacted in Massachusetts, New York, New Jersey, and Rhode Island.

BIPA protects employees by:

  • Requiring employers to notify and receive consent before collecting biometric data.
  • Limiting an employer’s right to release biometric data.
  • Requiring employers to develop a policy regarding retention of biometric data.
  • Prohibiting employers from profiting from the release of employees’ biometric data.

The Illinois Supreme Court ruled that employees don’t have to prove actual harm. Employees may recover $1,000 for negligent violations and up to $5,000 for each reckless or willful violation of BIPA.

In February 2022, the Illinois Supreme Court ruled that the BIPA claims are not barred by workers’ compensation laws. This left some employers scrambling for a defense and will likely result in settlements in favor of plaintiffs. Plaintiffs waiting on the final word from the court can now proceed to hold their employers accountable for BIPA violations.

Consumers in Illinois have sought relief in class action lawsuits against companies such as Facebook, United Airlines, Google, and Snapchat for violations of BIPA. The rise of technology across all industries means that BIPA applies to nearly all employers, including long-term care facilities, gas stations, restaurants, retail stores, hospitals, food production and processing, and financial services.

The attorneys in Sommers Schwartz’s Complex Litigation Group are strong advocates for workers’ rights. We stay informed about emerging laws affecting employees and are ready to help if you believe your privacy has been compromised. If your employer uses biometrics in the workplace and you have questions about your rights, contact us today.

"*" indicates required fields

Jesse Young

View all posts by
Jesse Young

Jesse Young represents clients in serious employment disputes, such as severance negotiations, discrimination, retaliation, whistleblowing activity, employment contracts, terminations, and compliance. In addition, he has appeared in hundreds of wage-and-hour lawsuits and hundreds more arbitrations arising under the Fair Labor Standards Act and similar state laws.