Wearable devices that track and record personal biometric data are hardly new to the technology scene. In addition to the now-commonplace electronic pedometers and heart rate monitors, there are portable and wearable devices that, quite literally, do everything – from administering medical tests, like electrocardiograms, to analyzing the quality of one’s sleep based on user input. Never before, however, have employers had such ready access to this personal information about employees. It is this access – and the employer’s use of the gathered data – that can pose a legal trap for the unwary employer.
Collection of biometric data in the workplace through wearable devices or screenings can occur for a variety of proper reasons. For example, employers may require such data for security verification purposes or as a means of authenticating employee accounts or files. One increasingly prevalent practice is for employers to offer insurance premium discounts, bonuses, or other incentives to employees who undergo a biometric screening to raise health consciousness or to employees who achieve a certain activity level, as measured by a wearable electronic pedometer or fitness tracker. Such programs give employers unprecedented access to a wealth of biometric data about employees (like activity levels, nutritional habits, and certain physical characteristics).
On its face, there is nothing improper about an employee consenting to participate in these types of incentive programs. However, if an employer considers or uses the collected data in any way when making employment decisions, it may unwittingly open itself up to claims of disability or other discrimination. Further, the company’s possession of such information certainly increases its privacy and data security challenges.
Adding to the potential hazards of these initiatives is the dearth of legal authority on the issue of how to collect and manage biometric data. There is no federal law or guidance on the issue; only two states, Illinois and Texas, have enacted statutes that even define specifically what constitutes biometric data; and only a few additional states, Alaska, California, New York and Washington, have proposed legislation on the issue.
So, what’s an employer to do?
Here are some rules of thumb – based in part on the key provisions of the Illinois and Texas laws – that an employer in possession of its employees’ biometric data would be well advised to apply: