What Employers Need to Know About Biometric Employee Data Storage
Biometric time clocks offer a streamlined way to managed employees’ time, attendance and automate payroll processes. Most biometric time clock systems capture and use an employee’s face or a fingerprint as identification. Biometric information is a highly sensitive form of data that needs to be stored carefully and correctly. Biometric time clock laws help protect employees and their personal data by giving clear and structured guidance on how a company must store and secure this information. Additionally, these laws protect employees by ensuring their employer and/or third parties are not profiting from the data by selling or leveraging it.
Data Protection Laws Vary by State As of the date of publishing in April 2021, there are no singular, all-encompassing laws regarding biometric time clocks at the federal level. However, several states have passed biometric data laws to protect their citizens’ personal information in the workplace. Companies that are multinational also need to be aware of international privacy laws that may affect the use and storage of employee biometric data. Here are the states that have implemented privacy laws:
The Illinois Biometric Privacy Act (BIPA), passed in 2008, requires companies to request consent from their employees before obtaining their biometric data. This act also regulates how data is disclosed, protected, retained, and profited from.
Texas’ Biometric Privacy Act was passed in 2009, with similar requirements. Companies intent on using biometric data in Texas must receive consent from their employees prior to obtaining, selling, leasing, or disclosing it. The data can only be stored for one year.
Washington passed H.B. 1493 in 2017 as a biometric privacy law to safeguard its residents, but this does not cover facial recognition. This law also requires notice to be provided to the individual, consent to be obtained, and that the biometric identifier cannot be used for commercial purposes.
The California Consumer Privacy Act (CCPA), passed in 2018, states that employers must safeguard personal information and provide a notice to the employees regarding what is collected and how it is used. This only applies to employers who do business in the state of California and meet certain revenue criteria.
As the collection and use of biometric data become more commonplace in the workplace, it is important to work with a technology partner who understands these laws. Provide notice to your employees regarding what data you are collecting and how you intend to use it. Obtain consent from your employees to use this data, and keep all personal information and data in a secure place.
LightWork Time’s Biometric Time Clocks install easily and can be configured and customized to the needs of your business. Time clocks use fingerprints, which are unique to everyone, to track employee time more securely and accurately. Time clocks that use fingerprints to identify employees map out specific, numbered key points on a finger rather than storing images of the finger, as one might believe. To learn more about LightWork Software’s Time & Attendance solution and biometric time clocks, visit https://www.lightworksoftware.com/timeandattendance.