Biometrics in the Workplace. The Promise and Peril of It s Use

Similar documents
Emerging Biometric Data Risks

Expert Q&A on Biometrics in the Workplace: Recent Developments and Trends

Biometric Information Privacy Act Litigation Explosion

Biometrics: New Laws and Potential Litigation Implications

LEGISLATION. The "BIOMETRIC AND SOCIAL SECURITY NUMBER RELIGIOUS EXEMPTION ACT"

PRIVACY IMPLICATIONS OF BIOMETRIC DATA. Kevin Nevias CISSP, CEH, CHFI, CISA, CISM, CRISC, CGEIT, CCNA, G /20/16

PRESENTATION TITLE. Lorem ipsum dolor sit amet, consectetur adipiscing elit.

Case: 1:16-cv Document #: 1 Filed: 03/04/16 Page 1 of 16 PageID #:1 UNITED STATES DISTRICT COURT NORTHERN DISTRICT OF ILLINOIS

International Biometrics & Identification Association

2017 IL App (2d) No Opinion filed December 21, 2017 IN THE APPELLATE COURT OF ILLINOIS SECOND DISTRICT

THE GENERAL ASSEMBLY OF PENNSYLVANIA HOUSE BILL

Data Breach Charts. November 2017

THE KEYLESS SOCIETY. Reading Practice

Case: 1:17-cv Document #: 1 Filed: 08/18/17 Page 1 of 13 PageID #:1

SUMMARY INTRODUCTION. xiii

4/2/14. Who are you?? Introduction. Person Identification. How are people identified? People are identified by three basic means:

State Data Breach Laws

FOIA Exemptions 6 & 7C Personal Privacy Exemptions

Checklist for Conforming Laws Related to Remote Online Notarization ( RON )

I. FACIAL RECOGNITION TECHNOLOGY: THE ABILITY TO PERSONALLY IDENTIFY SOMEONE FROM A PHOTOGRAPH

Using the New York State Freedom of Information Law

WASHINGTON COUNTY GUIDELINES AND PROCEDURES FOR MINNESOTA GOVERNMENT DATA PRACTICES ACT

Policy Framework for the Regional Biometric Data Exchange Solution

Hong Kong General Chamber of Commerce Roundtable Luncheon 13 April 2016 Collection and Use of Biometric Data

Case 3:15-cv JD Document 294 Filed 02/26/18 Page 1 of 10 UNITED STATES DISTRICT COURT NORTHERN DISTRICT OF CALIFORNIA

1/10/12. Introduction. Who are you?? Person Identification. Identification Problems. How are people identified?

Recommended Practice 1701 l

for fingerprint submitting agencies and contractors Prepared by the National Crime Prevention and Privacy Compact Council

MEEKER COUNTY GUIDELINES AND PROCEDURES FOR MINNESOTA GOVERNMENT DATA PRACTICES ACT

Policy Framework for the Regional Biometric Data Exchange Solution

FOIA Exemptions 6 & 7C Personal Privacy Exemptions

Frequently Asked Questions for Participating Members and Organizations

IDEMIA Identity & Security. Providing identity assurance to. secure & simplify lives N.A.

Biometrics & Accessibility

Case: 1:16-cv Document #: 1-1 Filed: 03/04/16 Page 1 of 1 PageID #:17 CIVIL COVER SHEET

The Privacy Act. Disclaimers. Paul Klingenberg 6/14/2017 PRIVACY ACT AND SYSTEMS OF RECORDS 1

LATEST IN BIOMETRIC TECHNOLOGY IN THE SERVICE OF TRAVEL SECURITY. Presented By: Cristian Morosan - University of Houston

The problems with a paper based voting

CHAPTER 15 PAWN SHOPS

This tutorial also provides a glimpse of various security issues related to biometric systems, and the comparison of various biometric systems.

FOIP Bulletin. Definitions. In this issue Introduction 1 1 Definitions. Number 14 June 2003

CPSC 467b: Cryptography and Computer Security

SECOND REGULAR SESSION [P E R F E C T E D] SENATE BILL NO TH GENERAL ASSEMBLY INTRODUCED BY SENATOR MUNZLINGER.

UTAH IDENTITY THEFT RANKING BY STATE: Rank 31, 57.8 Complaints Per 100,000 Population, 1529 Complaints (2007) Updated December 30, 2008

[To be published in THE GAZETTE OF INDIA, EXTRAORDINARY, Part II, Section 3, Sub-section (i) of dated the , 2011]

Rivera et al v. Google, Inc. Doc. 60

Biometrics from a legal perspective dr. Ronald Leenes

I. PARTIES AUTHORITIES

EasyChat TERMS OF USE AGREEMENT

GENERAL ASSEMBLY OF NORTH CAROLINA SESSION 2009 HOUSE BILL 1403 RATIFIED BILL

EXEMPT (Reprinted with amendments adopted on June 5, 2017) FOURTH REPRINT A.B Referred to Committee on Judiciary

CASELLE, INC. Software as a Service Agreement

Canadian Anti-Doping Program Privacy and Personal Information Policy. processed by the CCES in the course of administrating and implementing the CADP.

NEXUS. Member s Guide. BSF5095 (E) Rev.14

To schedule an Application Processing Appointment

Frequently Asked Questions for Participating Members and Organizations

Biometrics Technology for Human Recognition

Arizona 2. DRAFT Verified Voting Foundation March 12, 2007 Page 1 of 9

TERMS OF USE Last Modified: May/23/2018

STATE DATA SECURITY BREACH NOTIFICATION LAWS

STATE DATA SECURITY BREACH NOTIFICATION LAWS

BILL, Explanatory. (These notes form no part of the Bill but are intended only to indicate its general purport)

Research Article. ISSN (Print)

Security Video Surveillance Policy

THE LAW ON PROTECTION OF UNDISCLOSED INFORMATION

HEALTH INFORMATION ACT

DATA PROTECTION (JERSEY) LAW 2018

AIRPORT SECURITY IDENTIFICATION BADGE APPLICATION

Illinois Freedom of Information Act

TERMS OF SERVICE FOR SUPPORT NETWORK COMMUNITY HEART AND STROKE REGISTRY SITE Last Updated: December 2016

MUST BE PRINTED IN COLOR

HIPAA BUSINESS ASSOCIATE AGREEMENT. ( BUSINESS ASSOCIATE ) and is effective as of ( Effective Date ). RECITALS

OVERVIEW OF EEOC CHARGE PROCESSING

25101 PROCEDURE VIDEO IDENTIFICATION

IN THE UNITED STATES DISTRICT COURT FOR THE NORTHERN DISTRICT OF ILLINOIS EASTERN DIVISION ) ) ) ) ) ) ) ) ) MEMORANDUM OPINION AND ORDER

Defendant(s). / ORDER REGARDING RULE EXAMINATION 1 Pursuant to Florida Rule of Civil Procedure ( Examination of Persons ),

NC General Statutes - Chapter 36F 1

IN THE UNITED STATES DISTRICT COURT FOR THE NORTHERN DISTRICT OF WEST VIRGINIA

1/12/12. Introduction-cont Pattern classification. Behavioral vs Physical Traits. Announcements

WEBSITE USER AGREEMENT

SCHWARTZ & BALLEN LLP 1990 M STREET, N.W. SUITE 500 WASHINGTON, DC

ELECTRONIC TRANSACTIONS ACT

Kane County Local Rule

BIOMETRICS - WHY NOW?

GENERAL AVIATION ACCESS APPLICATION

Case Study. MegaMatcher Accelerator

Identity Documents Act

AeroScout App End User License Agreement

Introduction-cont Pattern classification

Interstate Commission for Adult Offender Supervision

Terms of Service. Last Updated: April 11, 2018

CHAPTER 337. (Senate Bill 211)

Why Biometrics? Why Biometrics? Biometric Technologies: Security and Privacy 2/25/2014. Dr. Rigoberto Chinchilla School of Technology

PRIVACY POLICY. 1. OVERVIEW MEGT is committed to protecting privacy and will manage personal information in an open and transparent way.

Massachusetts Executive Office of Public Safety and Security. Statewide Applicant Fingerprint Identification Services (SAFIS) Program

Attorneys for Plaintiff GUILLERMO ROBLES UNITED STATES DISTRICT COURT CENTRAL DISTRICT OF CALIFORNIA-WESTERN DIVISION

Template Commission pursuant to Section 11 BDSG

A Legal Overview of the Data Protection Act By: Mrs D. Madhub Data Protection Commissioner

Public Records Request

STATE DATA SECURITY BREACH NOTIFICATION LAWS

Transcription:

Biometrics in the Workplace The Promise and Peril of It s Use

Panelists John Alvin Henderson Administrative Judge EEOC - Baltimore Sunita Bali Perkins Coie, San Francisco, CA Anthony Zaller Zaller Law Group, El Segundo, CA

Overview What are Biometrics? Title VII and Biometrics Religious Accommodations Biometrics and Medical Records (ADAAA claims) Biometrics State Privacy Laws Illinois California Texas

Biometrics Defined Generally defined as the measurement or analysis of unique physical or behavioral characteristics (such as fingerprints and voice patterns) especially as a means of verifying personal identity.

Examples of Biometrics Fingerprint/palm biometrics: Apple Iphone Government PIV cards Palm reader Facial recognition software Apple Iphone Iris recognition software TSA precheck

Utility of using Biometrics in the Workplace Assures that the actual employee is present at the worksite (no timecard fraud) Site security (lessens chance of unauthorized access to work site) Concerns often prompted by: Costs of policing employees through other means Concerns about safety through unauthorized access/former employees Intellectual property theft/corporate espionage Insurance/other liability risks of not using biometrics

Biometrics and Title VII Title VII religious accommodation EEOC v. Consol Energy, Inc. - Case from West Virginia involving a coal miner, working for Consol Energy. The charging party, Beverly Butcher, was a general laborer for the coal company for 35 years. Company decided to use a new biometric device to make sure that the people who were at the facility were their employees, and that they were showing up to work when they said they were. The biometric device was a hand scanner workers checking in or out at the end of the day would scan his or her right hand through the scanner the shape of the hand was linked to the worker s unique personal number.

EEOC v. Consol Energy Mark of the Beast Butcher was an evangelical Christian and an ordained minister; he believed that the requirement that employees scan their hands in to clock in and out signified the mark of the beast, a reference to a passage from the Book of Revelations, in which the antichrist marked his followers with a sign indicating that they were allied with him. And he causeth all, both small and great, rich and poor, free and bond, to receive a mark in their right hand, or in their foreheads: And that no man might buy or sell, save he that had the mark, or the name of the beast, or the number of his name. (Revelations, 13:16-17) Several cases previous to this, but not litigated with the EEOC, related to bar codes containing the mark of the beast, and religious objections related to that.

EEOC v. Consol Energy Biometrics and Title VII Butcher complains to his supervisors that he does not want to sign in using the device. He writes a letter seeking an exemption from the biometrics policy. Supervisors review the letter, and decide that Butcher s interpretation of the bible is wrong, so they deny him the accommodation. Also, there are other employees who, due to hand injuries, cannot sign in using their hands. They are granted an exemption and can enter their employee identification number on a keypad. Butcher resigns in protest, and ultimately goes to the EEOC. EEOC files lawsuit on Butcher s behalf receives a verdict of $600,000. Consol appealed to the Fourth Circuit the court again found for the EEOC, stating that the question of whether Butcher s beliefs were valid is immaterial. They were sincerely held, and the employer had a reasonable accommodation which was readily available and which would not create an undue hardship.

Confidential Requirements - Biometrics and the ADAAA/GINA ADAAA requires that, with regard to any medical records maintained by the employer, that they be collected and maintained in separate forms and in separate medical files and [are] treated as a confidential medical record. 42 U.S.C. Section 12112(d)(3). Exceptions for supervisors reviewing the medical records related to work restrictions and accommodations, first aid personnel, and the government. ADA also requires that confidential medical information not be disclosed except under limited circumstances. GINA also requires that any employer or union in possession of an employee s genetic information treat the information as a confidential medical record of the employee; that the information be maintained on separate forms and in separate medical files, and that the information not be disclosed to third parties except under certain narrow circumstances. 42 U.S.C. Section 206.

Confidential Requirements - Biometrics and the ADAAA/GINA Biometric data can be considered confidential medical information AND genetic information, within the ambit of the ADAAA and GINA. Employers who do not segregate the data and control its dissemination may be at increased risk of litigation.

Biometrics and State Privacy Laws Washington, Illinois, and Texas all have statutes regulating companies use of biometric data. Illinois has received a significant amount of attention because it s statute provides for a private right of actions for violations of its biometrics law (BIPA), whereas Texas and Washington state do not. Key features of Illinois BIPA (enacted in 2008) Requires company to obtain informed consent prior to data collection Permits a limited right of disclosure Mandates for data protection and destruction Prohibits profiling based on biometrics Negligent violations 1k, intentional, 5k Private right of action

Illinois BIPA What does informed consent mean? Statute requires that collecting entity obtain consent before it may collect, capture, purchase, receive through trade, or otherwise obtain biometric information. Notification must be in writing Must describe the biometric information being collected or stored Must describe the length of time that the information will be collected or stored Must obtain a written authorization prior to collecting info

BIPA - Informed Consent in Texas and Washington Washington requires notice and consent in certain circumstances related to biometric markers requirement that the company first: Provide notice; Obtain consent; or Create a mechanism to prevent the subsequent use of a biometric identifier for a commercial purpose Statute directs that notice and consent requirement is context-dependent Texas BIPA states that notice must be given through a procedure reasonably designed to be readily available to affected individuals.

What is a Biometric Marker in the Context of BIPAs? In Washington: Data generated by automatic measurements of an individual s biological characteristics, such as fingerprints, voiceprints, eye, retinas, irises, or other unique biological patterns or characteristics that is used to identify a specific individual. Excludes: physical or digital photographs Video or audio recordings or data generated from those recordings Data used for health care treatment, payment, or operations under HIPPA Illinois and Texas are similar in their definitions, however they expressly include a scan of hand or face geometry

Illinois BIPA Definition and Exclusions Defines a biometric marker as retinas or iris scan, fingerprint, voiceprint, or scan of hand or face geometry Excludes: Writing samples Written signatures Photographs Human biological samples used for valid scientific tests or screenings Demographic data Tattoo descriptions Physical descriptions (height, weight, eye color, etc.) Information gathered from a patient in a health care setting

BIPAs and Disclosure of Biometric Markers All three states prohibit the disclosure or dissemination of biometric identifiers, except in certain specific instances. If the individual has consented If disclosure required under other laws If in response to court process If the transaction is necessary to complete a financial transaction which the person has authorized

Biometric Marker Data Destruction Illinois: Businesses must destroy biometric information when the initial purposes of collecting or obtaining such identifiers or information has been satisfied or within 3 years of the individuals' last interaction with the private entity, whichever occurs first. Washington: Biometrics should not be kept any longer than is reasonably necessary Texas: Data must be destroyed within a reasonable time, but no later than the first anniversary of the date the purpose for collecting the identifier expires.

Illinois BIPA and Private Litigation Employers sued for using biometric markers (fingerprints) for time clocks and for failing to properly segregate the records: Roundy s, InterContinental Hotels Group, Zayo Group Take-Two Interactive Shutterfly and L.A. Tan Facial Recognition Software Facebook, Google, Apple,

2024 © lawsdocbox.com Privacy Policy | Terms of Service | Feedback