Human resources professionals could certainly be excused for feeling frustrated with the fact that every technological advance improving business operations comes with new legal landmines to manage. For example, increased connectivity has greatly enhanced productivity opportunities. But at the same time, it has created new challenges with data management and integrity, off-the-clock work risks, and even management of “work from home” entitlement beliefs. Similarly, increased automation and other changes in manufacturing techniques that increase productivity could also mean challenges with collective bargaining agreements and labor relations.
And so it is with an increasingly popular way of managing timekeeping: “biometric” time clocks that record employee punch in and out times through the use of physically unique identifiers, such as hand, fingerprint or even retina scans. Through these devices, which require biometric information from a user when making a timekeeping entry, employers have an easy way to ensure employees are only punching in and out on behalf of themselves. Biometric timekeeping can severely limit, if not outright eliminate, opportunities for employee abuse and misconduct that can occur through timeclock manipulation. A biometric system thus substantially increases an employer’s confidence that an employee’s timekeeping records accurately portray an employee’s time worked, rather than being subject to challenges that someone improperly or inaccurately entered timekeeping data on behalf of another employee.
The balance of the employment law landscape of course demands that an equal set of consequences must come with such benefits. For example, in 2008, Illinois passed the Biometric Information Privacy Act. The Illinois law requires companies that collect and store biometric data to obtain written consent to do so and maintain policies and notices communicating the purpose for collecting biometric data and the protocol for destroying it once the reasons for collection and storage terminate. The law seemingly has as its principal purpose protection against identity theft concerns in the financial arena. As a result, Illinois employers utilizing biometric time clocks may have unwittingly neglected to take the steps necessary to achieve technical compliance with the law (such as by not obtaining consent to collection of biometric information or establishing proper protocols for purging biometric data following termination), even if there is no apparent risk of an actual privacy breach.
In the last few months, approximately two dozen opportunistic-looking class action lawsuits have been filed in Illinois based on such technical non-compliance, and while there is some reason to think these types of technical “gotcha” claims will not yield the penalties sought, most employers would certainly prefer to avoid class action litigation altogether rather than defend against even highly defensible claims. It is also not difficult to imagine other states joining Illinois in passing laws specifically addressing employer use of biometric timekeeping practices and attempts to use more general privacy doctrines to pursue legal claims, such that viewing biometric timekeeping compliance as a strictly Illinois issue would probably be unwise.
It can take time for the compliance landscape to unfold in the wake of new technology, and prudent employers do their best to stay ahead of emerging compliance waves, not get caught in their backwash. With biometric timekeeping, this should once again hold true. Employers using such technologies should be aware of this emerging compliance area and, whether in Illinois or elsewhere, it would behoove them to seek counsel for review of any existing policy materials or obtain assistance with preparing policies, notices and consent forms to include as part of their manuals and orientation materials (such as from your friendly neighborhood Foley labor and employment attorney)! It would also be wise to have any policy materials and user agreements provided by biometric time clock vendors reviewed for legal compliance and best practices.
And so it is with an increasingly popular way of managing timekeeping: “biometric” time clocks that record employee punch in and out times through the use of physically unique identifiers, such as hand, fingerprint or even retina scans. Through these devices, which require biometric information from a user when making a timekeeping entry, employers have an easy way to ensure employees are only punching in and out on behalf of themselves. Biometric timekeeping can severely limit, if not outright eliminate, opportunities for employee abuse and misconduct that can occur through timeclock manipulation. A biometric system thus substantially increases an employer’s confidence that an employee’s timekeeping records accurately portray an employee’s time worked, rather than being subject to challenges that someone improperly or inaccurately entered timekeeping data on behalf of another employee.
The balance of the employment law landscape of course demands that an equal set of consequences must come with such benefits. For example, in 2008, Illinois passed the Biometric Information Privacy Act. The Illinois law requires companies that collect and store biometric data to obtain written consent to do so and maintain policies and notices communicating the purpose for collecting biometric data and the protocol for destroying it once the reasons for collection and storage terminate. The law seemingly has as its principal purpose protection against identity theft concerns in the financial arena. As a result, Illinois employers utilizing biometric time clocks may have unwittingly neglected to take the steps necessary to achieve technical compliance with the law (such as by not obtaining consent to collection of biometric information or establishing proper protocols for purging biometric data following termination), even if there is no apparent risk of an actual privacy breach.
In the last few months, approximately two dozen opportunistic-looking class action lawsuits have been filed in Illinois based on such technical non-compliance, and while there is some reason to think these types of technical “gotcha” claims will not yield the penalties sought, most employers would certainly prefer to avoid class action litigation altogether rather than defend against even highly defensible claims. It is also not difficult to imagine other states joining Illinois in passing laws specifically addressing employer use of biometric timekeeping practices and attempts to use more general privacy doctrines to pursue legal claims, such that viewing biometric timekeeping compliance as a strictly Illinois issue would probably be unwise.
It can take time for the compliance landscape to unfold in the wake of new technology, and prudent employers do their best to stay ahead of emerging compliance waves, not get caught in their backwash. With biometric timekeeping, this should once again hold true. Employers using such technologies should be aware of this emerging compliance area and, whether in Illinois or elsewhere, it would behoove them to seek counsel for review of any existing policy materials or obtain assistance with preparing policies, notices and consent forms to include as part of their manuals and orientation materials (such as from your friendly neighborhood Foley labor and employment attorney)! It would also be wise to have any policy materials and user agreements provided by biometric time clock vendors reviewed for legal compliance and best practices.
Disclaimer
This blog is made available by Foley & Lardner LLP (“Foley” or “the Firm”) for informational purposes only. It is not meant to convey the Firm’s legal position on behalf of any client, nor is it intended to convey specific legal advice. Any opinions expressed in this article do not necessarily reflect the views of Foley & Lardner LLP, its partners, or its clients. Accordingly, do not act upon this information without seeking counsel from a licensed attorney. This blog is not intended to create, and receipt of it does not constitute, an attorney-client relationship. Communicating with Foley through this website by email, blog post, or otherwise, does not create an attorney-client relationship for any legal matter. Therefore, any communication or material you transmit to Foley through this blog, whether by email, blog post or any other manner, will not be treated as confidential or proprietary. The information on this blog is published “AS IS” and is not guaranteed to be complete, accurate, and or up-to-date. Foley makes no representations or warranties of any kind, express or implied, as to the operation or content of the site. Foley expressly disclaims all other guarantees, warranties, conditions and representations of any kind, either express or implied, whether arising under any statute, law, commercial use or otherwise, including implied warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event shall Foley or any of its partners, officers, employees, agents or affiliates be liable, directly or indirectly, under any theory of law (contract, tort, negligence or otherwise), to you or anyone else, for any claims, losses or damages, direct, indirect special, incidental, punitive or consequential, resulting from or occasioned by the creation, use of or reliance on this site (including information and other content) or any third party websites or the information, resources or material accessed through any such websites. In some jurisdictions, the contents of this blog may be considered Attorney Advertising. If applicable, please note that prior results do not guarantee a similar outcome. Photographs are for dramatization purposes only and may include models. Likenesses do not necessarily imply current client, partnership or employee status.
Author(s)
Related Insights
05 December 2024
Consumer Class Defense Counsel
Sixth Circuit: Reliance Can Bar Class Certification Even if Not Express Element of Consumer Statutory Claim
Courts routinely refuse to certify consumer class actions under Federal Rule of Civil Procedure 23(b)(3) based on the need for an individualized showing of the reliance element of a fraud or deceptive trade practices claim.
05 December 2024
Consumer Class Defense Counsel
Office of the Comptroller of the Currency Updates “Unfair or Deceptive Acts or Practices and Unfair, Deceptive, or Abusive Acts or Practices” Booklet
Financial institutions that are regulated and supervised by the Office of the Comptroller of the Currency (OCC) should know that the OCC has recently updated its booklet on Unfair or Deceptive Acts or Practices (UDAP) and Unfair, Deceptive, or Abusive Acts or Practices.
04 December 2024
Manufacturing Industry Advisor
What Every Multinational Company Should Know About … Nearshoring into Mexico: Key Considerations in Weighing the Pros and Cons
Mexico is a key player in both the United States-Mexico-Canada Agreement (USMCA) and Latin American regions.