Employers who use biometric technology in the workplace should be aware of the developing trend towards legislation targeting the misuse of biometric information. Biometric technology, which is used to identify individuals by the measurement and analysis of their unique physical characteristics, including fingerprints and facial features, can be used for a variety of activities ranging from timekeeping to controlling and monitoring access to information and worksites. However, the increasing legislation around the collection and use of this information is creating a legal minefield for unwary employers.

As of February 2022, nine states, Washington, California, Colorado, Texas, Arkansas, Illinois, Virginia, Maryland, and New York, and the city of Portland, Oregon, had enacted laws controlling the use and storage of biometric information by private entities. Similar legislation is being considered in 22 additional states. These biometric information privacy laws regulate a range of activities concerning the collection, storage, use, and selling of biometric information, and many mandate disclosure and consent for the collection of such information. Currently, Illinois is the only state that allows individuals to file a lawsuit on their own behalf for the violation of its biometric information privacy law, but many states are adopting similar legislation. For example, a private cause of action, the ability for an individual to file a lawsuit on their own behalf, has been included in the recent Maryland Biometric Identifiers Privacy Act bill (H.B. 259), the West Virginia BIPA (H.B. 2064), and Florida’s H.B. 9.

The cost of biometric information privacy law violations can be astronomical for businesses. For example, a recent Northern District of Illinois case involving claims of unlawful collection of fingerprint data against Kronos Inc., a multinational workforce management company, settled for $15.3 million. In addition to the growing number of specific biometric data laws, some states recognize invasion of privacy claims based on the misuse of biometric information under existing law. Although the laws of different states and localities vary, there is a clear trend towards empowering individuals to sue businesses, including their employers, for the mishandling of their biometric data.

In light of these developments, and the speed with which the legal landscape surrounding bioinformation technology is changing, employers should take proactive steps to avoid potential violations of existing or eminent laws, and keep an eye toward legal developments in the states and localities where they do business. Employers who are concerned with their bioinformation technology policies should feel free to contact Stokes Wagner attorneys for advice tailored to their specific needs.

For a printable PDF of this article, Click here.

THIS DOCUMENT PROVIDES A GENERAL SUMMARY AND IS FOR INFORMATIONAL/EDUCATIONAL PURPOSES ONLY. IT IS NOT INTENDED TO BE COMPREHENSIVE, NOR DOES IT CONSTITUTE LEGAL ADVICE. PLEASE CONSULT WITH COUNSEL BEFORE TAKING OR REFRAINING FROM TAKING ANY ACTION.