If you use employee fingerprint time clocks and payroll systems, you need to know how to protect employee privacy. Learn more here.
In 2020, a USA Today analysis found that absenteeism had reached record levels. With a 45% increase over the past 20 years, many employers realized they needed to develop strategies to manage workplace attendance.
Cue, fingerprint time clocks.
These ensure the accuracy of employee attendee records. The technology can also protect against hacking, streamline payroll, and save on administrative costs relating to absenteeism.
However, with a surge of data misuse lawsuits being brought to trial, employers need to understand how to use this technology effectively while protecting employee privacy.
In this article, we’ll provide examples of some regulations you need to be aware of and offer some suggestions on how to protect employee privacy when using fingerprint time clocks. Please note that laws can change frequently and are open to interpretation. Always seek legal counsel before implementing any new policies to make sure you have the most up-to-date regulations for your state.
There’s lots to cover, so let’s dive in…
How Do Employee Fingerprints Time Clocks Work?
When an employee first joins your company you can use a fingerprint time clock to scan their fingerprint and store it as a digital image. Then, the software will begin to map over the image and create a template.
The original image can be deleted for safety reasons, and only the template is stored. When a user next clocks in, the scanner will match the fingerprint to the biometric template on file.
The templates created are unique from other clocking methods like fobs, password logins, or cards. Namely, because they can’t be transferred or used by anyone other than the employee to whom they are registered.
However, the scanner’s information is also biometric information, and there are a few laws that specifically relate to the data protection of this type of information.
The Legislation You Need to Understand
The law surrounding biometric information differs depending on which state you live in. However, the most frequently cited laws operate in the following jurisdictions:
Illinois – Biometric Information Privacy Act
This law means businesses must comply with stringent regulations surrounding collecting and storing biometric data. The main requirements stipulate that:
- Consent must be obtained from employees to collect their biometric data
- The data must be destroyed when appropriate promptly
- The data must be stored securely to prevent data leaks.
Now let’s take a look at Texas’s state laws:
Texas – Capture Or Use Of Biometric Identifier Code 503.001
Under this code, employers must:
- Gain consent from employees to collect data.
- The data cannot be sold or used for commercial purposes or otherwise unless the law allows it.
- The data must be destroyed in a reasonable period once an employee has left their post.
Lastly, reasonable care must be taken to protect the data.
California – California Consumer Privacy Act
Employers under this law must:
- Provide notice of biometric data collection
- Implement reasonable security measures to protect data
Lastly, they must facilitate consumer rights requests, such as deleting and providing data on demand.
New York – Labor (LAB) CHAPTER 31, ARTICLE 7
In New York, fingerprinting employees is prohibited as a condition of employment under LAB 31.7.
Further to this law, the Stop Hacks and Improve Electronic Data Security Act (SHIELD Act) means companies collecting consensual data must take data protection measures.
- Employee training
- Assessing vendor contracts
- Carrying out risk assessments
- Ensuring timely data disposal
It also requires businesses to designate an employee to oversee cybersecurity operations.
Washington – Revised Code of Washington 19.375.020
This law prohibits employers from storing biometric data without consent. It further enforces that employers:
- May not sell or disclose data without permission.
- May not retain data longer than is necessary
- Must protect data in storage.
However, this legislation only applies to the commercial use of data and not biometric data used by companies for security purposes.
Getting compliance right with the plethora of state laws can be difficult for employers. To ensure compliance, we suggest the following:
Always ensure you have employee consent. While different degrees of consent are required by different state bodies, it’s usually best to obtain written consent so that all parties are clear about their obligations.
Furthermore, a notification should go out to relevant parties whenever data is obtained, used, or disclosed. The notification should specify the info used, what it will be used for, who it’s shared with, and how long it will be stored.
This is equally true if you have a data breach. A data breach should be reported to employees and the relevant authorities.
Laws concerning data storage are constantly changing and adapting. Therefore, you need a system to keep up-to-date on the relevant legislation. Conducting regular audits is a way to ensure you are compliant with all the applicable laws.
During an audit, it may be a good idea to consult a third party, whether a lawyer or an HR professional, to ensure employees and policies cover any liability on your part.
To this end, you should set out clear policies for employees on how data should be managed. It’s good to consult employees about these policies and ensure that a team member is designated for providing standards are met.
Are You Ready to Start Using Fingerprint Time Clocks?
With more and more companies turning to biometric technology, the law is constantly changing to protect employees’ privacy. Companies need to protect their employees and safeguard against legal and civil liability.
Thus, we hope this article has given you some idea about the steps you need to take to protect your business.
For more information on the best types of fingerprint time clocks and ways to protect employees’ privacy, visit TimeTrak for cloud-based time and attendance solutions.