Clock in, clock out
From January 2017 to June 2017, Ms. Herron worked as an hourly employee at a Family Dollar store in Chicago Heights. Throughout her employment, Family Dollar required her to submit her finger scans to participate in the payroll/timekeeping/employment system.
Bottom line: No fingerprints, no check.
Her fingers were scanned four times per workday: clock in, clock out for lunch or break, clock in after lunch or break, and clock out. Family Dollar did not tell her why or for how long it was collecting, storing, and using her data.
Ms. Herron did not consent in writing to the collection, storage, use, sale, lease, dissemination, disclosure, redisclosure, or trade of her biometrics, and does not know what Family Dollar did with the information.
Illinois enacted BIPA in 2008 to address the “very serious need [for] protections for the citizens of Illinois when it [comes to their] biometric information.” The text of the statute, itself, notes that an “overwhelming majority of members of the public are weary of the use of biometrics when such information is tied to finances and other personal information.”
BIPA ensures that individuals can control their own biometric data and prohibits private companies, including employers, from collecting it unless the enterprise:
- informs the person in writing of what data is being collected or stored. This would include fingerprints stored when using TouchID to log into bank account app on a phone;
- informs the person in writing of the specific purpose and length of time the for which the data will be collected, stored and used; and
- obtains the person’s written consent. For example, a user might be asked to sign his or her name before sharing a fingerprint.
The other side
Here is the argument that employers offer:
The use of biometric-enabled devices is normal and common. Biometric time clocks offer employers an accurate and reliable way to track employees’ hours, while increasing accountability. Biometric locks are often ideal for employers protecting sensitive information or valuable property, as biometric authentication reduces the risk of information (i.e., passwords or combinations) or physical tokens (keys or RFID badges) being inadvertently passed on to unauthorized users.
The basic assumption of this policy is that employees will try to steal things.
Then there is the Covid-19 rationale which suggests that in the “COVID-19 era, biometric kiosks even offer employers a streamlined method of ensuring employees do not have an elevated body temperature. The benefits of biometric systems are undeniable.”
The basic assumption of this policy is that employees are diseased.
Shopping at Family Dollar
If you have shopped at Family Dollar or Dollar Tree, you might have noticed several things. The prices are low, the quantities are small, everyone seems to know each other and there are folks scratching for change to buy Ramen noodles. The cashier may be the first cousin of the shopper. EBT accepted.
READ MORE UNPAID WAGES LEGAL NEWS
A wider context
Biometrics are being used in a growing number of areas, including employment, law enforcement and health care, as well as for physical access to buildings and consumer identification. Perhaps the most powerful argument for privacy protection laws like BIPA is that biometric information, unlike a phone number, address or electronic mail account, cannot be changed. Electronic records can also, at least in theory, last forever.
A number of states, including California, New York and Texas have also enacted biometric privacy protection laws. The EU’s General Data Protection Regulation impacts the collection, storage, sale and the personal right to delete information from internet users by private entities.