Dive Brief:

• Plaintiffs in a class action suit allege that their employer violated Illinois' Biometric Information Privacy Act (BIPA), according to Lexology. Workers at Roundy's Supermarkets, Inc., the national supermarket chain, claim the company's practice of obtaining and retaining employees' fingerprints for timekeeping purposes fails to meet the preconditions of the state's BIPA requirements.
• Lexology says Illinois' BIPA requires employers to: notify workers that their biometric data is being collected and stored; inform workers in writing why and how long the data is being collected; and receive workers' written permission to release biometric data.
• Each plaintiff in BIPA cases may recover the greater amount of damages or $1,000 for negligent violations of the law, says Lexology. For intentional violations of the law, the collectible damages rise to $5,000. Each plaintiff is entitled to reasonable legal costs and fees.

Dive Insight:

Biometrics is an emerging area of the law, notes Lexology. Texas has a similar law to BIPA, but without a private right of action clause. Other states, including New Hampshire, Alaska, Washington and Montana, are at various stages of considering laws protecting biometric information. 

HRIS is filled with personally identifiable data, including biometrics. Cyber thieves are targeting this information more so now than ever, exploiting weak points and cracking open massive HR databases. That's a red flag for employers to be extra cautious about protecting employee data.

Additionally, the federal Genetic Information Non-Discrimination Act (GINA) prohibits using genetic information to discriminate against workers. Late last year, the Equal Employment Opportunity Commission fined the BNV Home Care Agency, Inc., $125,000 for allegedly requesting genetic information illegally.

Employers must ensure they're abiding by state and local laws governing the use and storage of biometric data and aware of emerging laws in areas in which they operate.