The collection, use, storage, and destruction of Biometric Identifiers is a hot topic for employees. There have been many lawsuits and business owners may be surprised to know it is being excluded from many Employment Practices Liability Insurance policies. This can leave a gap in coverage for employers that are collecting biometric data as privacy laws continue to expand and evolve. In Illinois, the Biometric Information Privacy Act (BIBA) prohibits the collection of Biometric Identifiers from employees, customers, vendors, residents, or other third parties without their written authorization. Companies must also have a public policy for the handling and use of such information.
What are Biometric Identifiers?
Biometric Identifiers are physical characteristics that can identify a person, most commonly these are fingerprints, retina or iris scans, voiceprints, and facial geometry. Biometric information is used by employers in a variety of ways, such as to clock in or out of a shift at work, to enter restricted areas, and to log in to secure systems and computers.
What can Business Owners do to reduce their risk?
Business owners should always consult with an attorney about any questions regarding legal obligations and risks. Below are suggested steps employers take to reduce their risk of exposure to Biometric Data laws:
- Determine if and what information is being collected.
- Determine if the information is absolutely necessary – if not, cease the collection and begin a method of destroying any stored data. Be sure to notify employees that their information Is being destroyed and will no longer be collected or stored.
- Elavuate new technologies with an eye on how they collect and use biometric identifiers and determine if it is necessary before implementation.
- Determine reasonable accommodation for persons with disabilities.
- Create a public policy about the collection, use, storage, and destruction methods of collected biometric data.
- Ensure you have the written consent of anyone who has their biometric data collected by your business. This should include how the information is to be collected, stored, used, and how they can request it be destroyed.
- Do not sell, trade, disclose, or otherwise disseminate biometric information unless written consent is obtained, or the disclosure is required (e.g. pursuant of a valid warrant or subpoena).
- Review contracts with vendors to determine what liability you have regarding their collection of biometric data for services they provide your company.
For more information on your Employment Practices Liability policy and to discuss any exclusion please contact Concklin Insurance Agency.