March Congruity Q&A: Biometric Timekeeping Procedures


What procedures should we have in place for our biometric fingerprint scanning timekeeping device?


Biometric systems for authentication, security purposes, and timekeeping are increasingly being used by employers. However, the use of biometric data in the workplace is still fairly new and the laws are still catching up. While there is no comprehensive federal statute in place that specifically addresses the use or disclosure of an employee’s biometric data, there are federal statutes in place that address related privacy and data security protections.

For example:

  • Health Insurance Portability and Accountability Act (HIPAA) addresses requirements for protecting individually identifiable health information (IIHI) and protected health information (PHI) (although PHI does not include employment records held by an employer). 
  • Genetic Information Nondiscrimination Act (GINA) prohibits employers from requesting, requiring, or buying an employee’s genetic information or that of an employee’s family member.
  • Fair Credit Reporting Act (FCRA) imposes certain requirements and restrictions on employers conducting background checks.
In the absence of federal laws directly addressing biometric data in the workplace, states are beginning to create statutory protections for employees with respect to its use. For example:

  • ​Illinois passed the Biometric Information Privacy Act, which applies to all private employers and sets forth how private entities may collect, store, and use biometric identifiers such as retina scans, fingerprints, or voiceprints.
  • New York expressly prohibits employers from requiring employees to be fingerprinted as a condition of employment.
  • Texas’ Business and Commerce Code, which applies to all private employers, includes a section regulating the capture and use of biometric identifiers.
  • ​Washington passed similar legislation to Illinois and Texas restricting the use of biometric information.
As the laws on this topic are relatively new and continually evolving, we encourage you to consult with Congruity's team of professionals at: 844.247.4100 prior to implementing biometric scanning as your only timekeeping method. At the very least, you will need written consent from your employees and must have secure methods in place for storage and disposal of the collected information.

Leave a Comment