Science fiction becomes reality in fits and starts, and part of it is already here in the form of biometric data. In place of passwords and badges, some companies are starting to use employee fingerprints, voiceprints, retinal scans, and hand or face scans to grant access to certain data and facilities. The security benefits to the company are significant, since it’s hard to replicate biometric markers. Equally significant, however, are the privacy risks to the employees. If someone steals your password, you can just change it. If someone steals your fingerprints, you’re in a lot more trouble. Employees need to know what their rights are as biometric data collection becomes more common.
Employers Must Notify You
Employers can sometimes roll out new technology with incredible speed and put protocols into place later. When it comes to biometric data, though, that’s not allowed. The Biometric Information Privacy Act (BIPA) protects all Illinois employees. One of its stipulations is that employers must notify you before they can start collecting and using biometric information.
Employers Must Explain Why They’re Using Biometric Data
Companies can’t collect biometric information without cause. They have to explain why they’re using this information, and why other kinds of verification aren’t sufficient.
Employers Must Explain Collection & Storage Strategies
BIPA states that you have the right to know exactly how your employer is collecting biometric information, precisely how long they’re storing it, and how they intend to use it. Surrendering biometric information to your employer is not a blank check.
Employers Must Obtain Your Legal Authorization
No one can start using your biometric information without your explicit, legal authorization. Introducing fingerprint scanners on Monday morning and telling employees they’re mandatory is not allowed. Every person — individually — has to give their legal permission.
Employers Must Guard Your Data
If you worry about the security of your biometric data, you’re more than justified. Data breaches are all too common, and many companies simply don’t have adequate protections in place. BIPA creates a legal obligation for employers to secure biometric data to a reasonably stringent standard, which could include encryption, off-site storage or other measures.
Having your biometric data compromised is a unique risk, and assessing the true safety of its storage can be difficult. If you’ve given biometric information to your employer, a thorough legal assessment could prevent difficulties down the road.