{"id":5339,"date":"2017-10-14T01:24:51","date_gmt":"2017-10-14T05:24:51","guid":{"rendered":"http:\/\/ncjolt.org\/?p=5339"},"modified":"2020-06-04T20:52:52","modified_gmt":"2020-06-04T20:52:52","slug":"brave-new-world-use-biometric-identifiers-rfid-chips-workplace-causes-stir","status":"publish","type":"post","link":"https:\/\/journals.law.unc.edu\/ncjolt\/blogs\/brave-new-world-use-biometric-identifiers-rfid-chips-workplace-causes-stir\/","title":{"rendered":"A Brave New World: Use of Biometric Identifiers and RFID Chips in the Workplace Causes a Stir"},"content":{"rendered":"

Most people are familiar with the phrase \u201cpunching the clock<\/a>\u201d as a way of saying that they have checked into work and are now on duty for their job. However, only the few that have actually used a time clock or have seen them<\/a> in old movies are familiar with where the phrase actually originates.
\nDeveloped in the late 1800\u2019s, time clocks<\/a> were used by factory owners to keep track of their employees\u2019 hours. Upon arriving or leaving work, the employee would insert a thick paper card\u2013hence, the name time card\u2013into the time clock, which would stamp the card. The employer could later review the time card to check the employee\u2019s hours.
\nModern-day technology, however, has made this process much simpler, and few, if any, employers actually use physical time cards to keep track of their employees\u2019 hours. Some of these newer methods, however, are coming under scrutiny for their potential to invade employees\u2019 privacy.
\nOn Monday, October 2nd, Casey Lundsteen filed a suit<\/a> in an Illinois federal court, proposing a class action against Superior Air-Ground Ambulance Service, Inc. (Superior) for its alleged misuse of the biometric data<\/a> of its employees. Lundsteen claimed that the company forces its employees to use biometric fingerprint scanners<\/a> to clock in and out of work and that the company neither asks for its employees\u2019 consent nor properly manages the aggregated data as required by Illinois\u2019 Biometric Information Privacy Act<\/a> (BIPA).<\/p>\n

Although BIPA requires that employers give their employees written guidelines about how their collected information would be managed once taken, Lundsteen alleges that Superior did not provided its employees with any such guidelines. He also alleges that Superior violated BIPA\u2019s consent policy by not giving their employees a choice in whether or not the biometric data was collected.<\/p><\/blockquote>\n

In enacting BIPA, the Illinois legislature found that strong protection measures for keeping
\nbiometric data were needed because such data was \u201cbiologically unique to the individual; therefore, once compromised, the individual has no recourse, is at heightened risk for identity theft, and is likely to withdraw from biometric-facilitated transactions.\u201d The legislature further found that the act was justified because an \u201coverwhelming majority of the public\u201d were wary of the use of biometrics when tied to financial and personal information.
\nIn 2009, Illinois was the first<\/a> state to enact privacy laws regarding employer\u2019s collection of biometric data. Since BIPA\u2019s enactment, two other states<\/a>, Texas and Washington, have joined Illinois in regulating the commercial uses of biometric identifiers. Washington\u2019s law<\/a>, however, offers significantly less protections than BIPA. Its limitations on the disclosure and retention of the data only applies to employers who chose to \u201cenroll\u201d their biometric identifiers; thus, an employer who does not enroll its biometric identifiers are not subject to the law.
\nThe benefits to employers of using biometric identifiers are numerous. For example, it helps eliminate \u201cbuddy punching<\/a>,\u201d in which other employees clock in or out for their coworkers, and it also allows employers to keep better track of their employees\u2019 hours in case of suits alleging improper compensation.
\nFurther, biometric identifiers, at least in the workplace, may be less of a privacy concern<\/a> than they initially seem like to wary employees. Most fingerprint scanners, like the one alleged in this case, do not actually keep a copy of the employee\u2019s fingerprint but instead use its dimensions to create an algorithm that acts as a code for each individual employee. These algorithms are hard, if not impossible, to reverse-engineer, so it is unlikely someone can steal the employees\u2019 identities by gaining access to this data.
\nThese biometric identifiers may actually pose less of a privacy concern than other recently-implemented employment identification measures. In August, a Wisconsin company threw their employees a \u201cChip Party<\/a>\u201d where many of its employees were embedded with radio frequency identification (RFID) chips<\/a> that allows them to do a variety things<\/a> including opening doors and logging into their computers with nothing more than the chip.
\nWhile some herald<\/a> this at the coming of a new age of convenience, others are concerned about the future implications<\/a> of chipping employees. Although companies often claim that these chips are secure, there is a concern that these chips may be hackable and that later they may be used to do things that the employees did not consent to, such as tracking the length of employees\u2019 bathroom and lunch breaks.
\nRegardless of whether or not biometric identifiers and RFID chips represent the substantial invasion of privacy that many fear, other states should adopt resolutions like BIPA in order to supply employers with clear-cut guidelines and alleviate employees\u2019 fears of misuse in this brave new world.<\/p>\n","protected":false},"excerpt":{"rendered":"

Most people are familiar with the phrase \u201cpunching the clock\u201d as a way of saying that they have checked into work and are now on duty for their job. However, only the few that have actually used a time clock or have seen them in old movies are familiar with where the phrase actually originates. …<\/a><\/p>\n","protected":false},"author":1,"featured_media":5340,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[51],"tags":[],"_links":{"self":[{"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/posts\/5339"}],"collection":[{"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/comments?post=5339"}],"version-history":[{"count":1,"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/posts\/5339\/revisions"}],"predecessor-version":[{"id":7025,"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/posts\/5339\/revisions\/7025"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/media\/5340"}],"wp:attachment":[{"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/media?parent=5339"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/categories?post=5339"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/tags?post=5339"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}