When it Comes to Biometrics, Privacy is the Best Policy

By Sarah Greene

November 14, 2017

It’s almost 2018 and the future is here, and no we don’t have flying cars or hoverboards that ACTUALLY hover. But even in the last ten years, we’ve seen some amazing technological advances become a part of our everyday lives. One example of that is the ever increasing use of biometric data.

Biometric data is unique biological material, most commonly used today for fingerprints and facial recognition to do things like unlock our smart phones or log-in to our bank accounts. This technology is being used more and more in staffing too! Biometric data can help staffing firms to verify identity and even to keep track of time reporting.

However, for some companies trying to keep up with the times, staying current could land them in hot water.  In the last few months, dozens of class action suits have been filed across the state of Illinois in regards to a 2008 biometric privacy law.

The 2008 Illinois Biometric Information Privacy Act, or BIPA for short, aims to protect individual’s biometric data. The law states that before using a biometric method companies must:

  1. Inform users that they are using it and why they’re using it.
  2. Get written consent from the user.
  3. Limit its dissemination or sale without the subject’s consent.
  4. Exercise reasonable care over its storage.
  5. Develop and follow a data retention policy requiring destruction of the data within a specified time period.

If the court finds any of these have been violated the offenders should expect minimum fees from $1,000 to $5,000 in damages, depending on the offense.

There is a chance the law will be interpreted in favor of the corporations facing the suits, seeing as the technology described in BIPA is ten years outdated. However, this issue of privacy isn’t going away.

Companies using this technology, especially in Illinois, should seriously consider adopting a BIPA-compliant policy.

Only two other states have a law similar, Texas and Washington. However, those laws are much more relaxed. Individuals do not have the right to sue companies directly; legal action can only come from the state’s Attorney General.

Despite the lack of legislation across the country, BIPA precautions should be taken by companies across the country and the world.  As technology evolves we need to keep evolving our rules and policies too.

Sources:

https://www.bloomberg.com/news/articles/2017-07-20/tech-companies-are-pushing-back-against-biometric-privacy-laws

https://www.employmentclassactionreport.com/bipa/next-employment-class-action-lawsuit-will-blindside/