Adam S. Forman, Member of the Firm in the Employment, Labor & Workforce Management practice, in the firm’s Detroit and Chicago offices, was quoted in Law360, in “5 Tips for Crafting a Compliant Workplace Biometric Policy,” by Vin Gurrieri. (Read the full version – subscription required.)

Following is an excerpt:

With businesses steadily increasing their use of technology that incorporates workers’ biometric information in recent years, companies are now facing myriad compliance challenges that can land them in court, even in states that haven’t directly addressed how such data should be collected and used.

Several states that have enacted laws in recent years addressing the collection and use of biometrics in the workplace, with the strictest of those laws being Illinois’ Biometric Information Privacy Act, or BIPA, leading to an uptick in lawsuits challenging businesses’ collection and use of workers’ biometric data.

As more states consider adopting statutes of their own to regulate biometric data use, employers that use workers’ biometric data increasingly need to take concrete steps to ensure they shield themselves from legal risk, even if there isn’t currently a law in place in the states where they operate, attorneys say. …

Adam Forman, a member at Epstein Becker Green who specializes in issued involving the use of technology in the workplace, said that even if a state doesn’t require it, it’s still “prudent” for businesses to lay out the details of their biometric programs and the reasons behind it to employees in a clear way.

“Even if there is a breach of an employers’ biometric data and it doesn’t occur in a state [with a law addressing biometrics] I still think there could be a common-law remedy,” Forman said, adding that the onus is on employers to “exercise the same duty of care” with biometric information as they do with other forms of personally identifiable information.

Those recommendations dovetail with the requirements present in Illinois’ law, which generally requires businesses that collect biometric information to have a written policy that spells out its program, notify individuals in writing before any biometric information about them is collected, disclose how the information will be stored and used, and obtain a written consent from the person whose information will be collected.

Additional parameters set by Illinois’ law include a prohibition on businesses selling biometric information to third parties and generally safeguard the information using a “reasonable standard of care.”

“Looking at BIPA as a guidepost to craft your own policy [and] make sure you’ve got the right safeguards I think will help you should an unfortunate [data] breach occur and you have to explain you were in fact engaging in due care,” Forman said, adding that a detailed policy “put[s] you as an employer in a better position” both in retaining workers and in staving off common-law claims.

Industries

Jump to Page

Privacy Preference Center

When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information does not usually directly identify you, but it can give you a more personalized web experience. Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer.

Strictly Necessary Cookies

These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.

Performance Cookies

These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.