Everything You Need to Know About Biometric Time Clock Laws

Fingerprint scanners and facial recognition software used to be exclusively reserved for spy movies. But what was once exclusive has been adapted to everyday business.

Biometric data collection has increased in the workplace more recently, and it has a lot to do with biometric time and attendance systems that are now being implemented. These systems allow employers to track and record employees by palm, iris, facial, or fingerprint scanners.

As technology, such as biometric technology, develops and becomes more salient, it's only a matter of time before all industries begin using this timekeeping solution. However, it's also important to take precautions, ensuring that biometric time clock laws are being adhered to and upheld. Here is everything you need to know.

A Quick Overview on Employee Time and Attendance

If businesses are not able to accurately track the attendance of their employees they are liable for workers taking advantage of this. A lack of control over these parameters means that employees might get paid for the time they have not worked.

The traditional systems of tracking employee attendance such old punch-in time clocks, paper timesheets/time cards or punch cards are becoming more and more obsolete and are being replaced by more advanced systems. Since the tracking of employee time is so important this task needs to be more accurate.

By using the more advanced system such as a biometric time clock employers can digitally track their employees and attain real-time data every time employees clock in and clock out. This information can in turn automatically be transferred into the payroll system for the employees. This is not only helpful, but it's useful in preventing the dreaded time theft.

Almost 50% of employees in the U.S have admitted to time theft. This is a huge problem that costs employers all over the country just over $11 billion annually.

An unfortunate phenomenon, employee time theft is, and combating it almost feels impossible. However, by using digital systems, employees simply clock in when they arrive and out when they leave for the day, all of which can only be activated with biometric data of each individual employee. Biometric identification systems require the employees to be there in person to punch in/out using retina, fingerprint, palm, or facial scanners.

This is where the legal concerns come into play.

The Current Regulations of Biometric Time and Attendance Systems

At the moment, there are currently only four states that have legal regulations when it comes to the use of biometric systems. These four states are- Texas, Illinois, Washington, and the latest addition is the state of California, which enacted biometric privacy laws earlier this year.

These laws regulate how companies may collect, store, and disclose the use of these biometric timekeeping systems, and this issue will only grow since similar legislation is pending in several other states.

In 2008, the first state which was the state of Illinois took action and passed the Illinois Biometric Privacy Information Act. The privacy act regulates and requires employees to acquire consent before collecting data through biometric systems. The act also regulates how the information is profited from and protected.

Just the year after the state of Texas followed the example set by Illinois by passing legislation regarding the use and collection of biometric data. The legislations require the companies to acquire consent from the employees if they are using the data for commercial use. Examples of this might be if the businesses are disclosing, selling, or leasing the data collected by biometric systems.

Washington passed a law in 2017 that explains how biometric data is stored, collected, and used. And in 2020 California passed a law regarding the businesses that are collecting biometric identifiers for commercial purposes.

New York's Department of Labor has interpreted that previous laws will apply to the biometric systems and bans companies from requiring employees to use fingerprint scanners.

Lawsuits Against Commercial Use of Biometrics

Unlike Washington and Texas, both California and Illinois have a private right of action. This means that someone other than the state has the right to enforce rights under a statute. As a result of this, Illinois has been the state that has been most active when it comes to biometric legislation.

Since the Illinois Biometric Privacy Act has a private right of action, this has resulted in a lot of class-action lawsuits being filed in the last few years. The legislation would force penalties of $1,000 - $5,000 per violation. Since the attorneys argue that every scan of an individual's biometrics is a separate violation this will add up to great costs for the businesses.

How to Comply With the Legislations Regarding Biometric Workplace Laws

In order to ensure that you are not breaking biometric time clock laws, the first thing you need to find out is which of these laws apply to your business and what they require you to do.

The next step would be to analyze the data that you are collecting, using, and storing and make sure that the information falls under the category of biometric data according to any of the current laws. The analysis of the data should also disclose how the data is being shared, collected, and for how long the sensitive information is being stored. The data, for example, needs to be stored in a safe way to prevent a data breach.

Companies that are using biometric time clocks need to have a well-constructed compliance program that is in accordance with all the laws regarding the use of biometric data. Some states require that every employer needs a written letter of consent before collecting and using the biometric information of employees.

Employers need to develop a complete program that describes and informs employees how the company is collecting the information when it is destroyed, how it is stored, and for how long.

The companies using biometric timekeeping systems need to make sure that all third-party companies with access to this information are also following the law. The companies must also make sure that their insurance policies cover all the claims that can be pressed against the business.

The situation becomes even more confusing if the company has employees outside of state borders or is represented by a union. If the company has operations in other states, they should develop a system that is in harmony with the different laws of all the states involved. Employers will also need to stay up to date with the actions taken by unions so it does not result in any bargaining obligations that will halt business.

What Employees Can Do

One of the most obvious options that the employee has is to just refuse to provide any biometric scan, but by refusing they can very well be fired.

Because most employers are required to get written consent from the employee before they can use any of the information, the employee can refuse and not give consent, which would restrict the company to use/collect the employee biometric information. But the employer can make it the written consent a condition of employment, which would mean that the employee could not work without giving the consent, ensuring compliance from the employee.

This is the situation in jurisdictions where employers are not needed to acquire consent from the employee as well. This means that the company can make the need for consent a requirement for employment basically making it a mandatory action. If an employee refuses on religious grounds or has some form of physical deficiency, the employer will most likely need to provide another option for stamping in and out.

Future of Biometric Law

To date, there are a few states that have pending legislation about the use and collection of biometric data. Although there are only currently four states with privacy laws regarding this matter, experts believe that in the near future, laws around biometric information will spread across the country.

As of this moment, there are currently several proposed legislators around the country as states are taking legal considerations around biometrics. As a result of the California Consumer Privacy Act, it will most likely force companies to make adjustments on how their biometric data is being used and collected since more states will follow.