Q&A WITH DAVID LIMEKILLER
Biometrics becoming valuable tool to employers
Q: How are biometrics used in the workplace?
A: Biometrics has a long history of use in the workplace, particularly fingerprints, which are commonly used to conduct background checks in the fields of law enforcement and medicine. However, as biometric technology continues to improve, it has become a valuable tool to employers and is increasingly becoming the norm in the workplace. Common uses by employers include: timekeeping, such as using fingerprints or hand scans to punch in and out on biometric time clocks; electronic security and building access by employing retina scans, facial recognition or fingerprinting technology to control access to specific areas of an employer’s facilities; and accessing workplace equipment through facial recognition or fingerprinting technology to control access to computer systems, smartphones and other devices.
Q: What is Oklahoma law regarding biometrics? A: Currently, no single federal statute establishes specific guidelines regarding an employer’s obligations pertaining to the collection, use, or retention of biometric information. Oklahoma is among the states that have not enacted any statutes or regulations regarding biometrics in the workplace. However, an employer is still subject to common law claims such as right to privacy or negligence relating to how an employee’s biometric data is collected, protected, used, displayed or retained.
Q: What should an employer policy for any biometric system include?
A: Clearly inform your employees why the biometric system is needed. Obtain written consent from employees to use the biometric data and specify the permitted uses. Other laws apply to biometric data, so develop alternative policies to accommodate employees who refuse to participate for religious reasons or are unable to participate because of disability or injury. Do not sell, license or transfer any biometric data to any third party without the employee’s prior written consent. Protect the biometric data to at least the same degree you protect your trade secrets and other confidential information. If possible, use encryption. Develop a written policy on retaining and destroying biometric data and communicate the policy to employees before they give consent. Ensure there are no disclosures of biometric data to any third parties without employee consent or as required by law. Any disclosure of biometric data to law enforcement shall be through a warrant or subpoena. Create a plan to respond to a data breach. Have counsel review all contracts with any third parties who will have access to the biometric data to ensure that the biometric data will not be disclosed or misused. And work with counsel to monitor developments in the law.
PAULA BURKES,