In House - The FindLaw Corporate Counsel Blog

Biometric Privacy Lawsuits Are on the Rise

Along with the increasing trend of employers using an employee's biometrics to secure data, employers are facing more lawsuits as a result of running afoul of state laws imposing restrictions, and penalties, relating to their employees' rights to biometric privacy.

For example, in Illinois, the Biometric Information Privacy Act (BIPA) not only regulates the disclosure, retention, and protection of biometric data, the act contains a private right of action and statutory damages. BIPA allows employees to sue individually, and for every violation proved, they get $1,000 or $5,000 depending on whether the violation was shown to be negligent or intentional.

Get Consent to Screen

While Illinois may be the only state to have a biometric privacy law with a private right of action, other states, including Texas and Washington have passed similar laws barring the collection, sharing and sale of biometric data absent consent. However, unlike the Illinois law, the law in Texas and Washington relies on each state's attorney general to enforce.

For employers in other states, it may be simple to just ignore these biometric privacy laws that don't apply. But it seems like common sense to build in various consent forms into your employee registration process just so you don't have to go back and do it after a law is passed in a state where your company employs individuals who use biometrics as passwords.

It would seem that getting consent to collect, use, and share, the biometric data, would be easiest to do at the outset when an employee sets up a biometric profile. Further, if your company provides an opt-out, then employees that do consent are less likely to feel like a privacy interest has been violated.

Are Biometrics Better?

Simply put, biometrics make excellent security measures because of the difficulty in circumventing a biometric authentication process. Additionally, if implemented properly, the time it takes employees to login to their computers, workstations, or even gain entry into a secured building or areas, can be cut down significantly. Also, a good chunk of the work that any corporations IT department has to deal with is password resets because people forget these often, especially as most companies require passwords get changed a few times a year.

Related Resources: