Regulating Biometric Data in the Workplace

August 31st, 2017 | By Jules Halpern Associates | Confidential Information, Illinois Law, Personal Identifying Information, Privacy, Privacy Rights

Throughout the United States, employers’ use of biometric data is increasing. Biometrics are the measurements of a person’s physical being. Biometric data may include an individual’s facial recognition, retinol scans, hand geometry, and fingerprints. As use of biometrics increases, more states are adopting regulations on the collection, use, and preservation of such data.

What is Biometric Data?

Employers utilize biometrics to record employee hours, to restrict access to specific areas, computer systems, devices or data, to promote employee health through wellness programs, and for safety. In 2008, Illinois was the first state to implement a law regulating the collection, use and retention of biometric data, became known as Biometric Information Privacy Act (“BIPA”).

BIPA requires employers to obtain consent prior to collecting an individual’s biometrics. The law allows private citizens to commence an action against employers that collect their information without notice and consent. Shortly after BIPA was enacted, Texas endorsed a similar law. The Illinois and Texas laws are unique because many states laws focus on barring the collection of biometric data from minors in an educational setting.

Why Regulation is Needed?

The Federal Trade Commission in 2012 issued a report “Facing Facts: Best Practices for Common Uses of Facial Recognition Technologies” to address companies’ use of facial recognition technology and to protect the privacy of individual information. In 2014, the Chinese government employed hackers to break into computer systems at the Office of Personal Management. These hackers stole sensitive personal data which included the fingerprints of 5.6 million people.

In addition to stealing fingerprints, face-shape data can be hacked as well. The issue with biometrics is that they cannot be changed. For example, if a law enforcement database contains images of an individual’s 10 fingerprints, replacing them is not an option. The hacking of an individual’s biometrics is unlike a stolen password because there is no way to change it. The loss is serious and permanent.

Recent Settlement

In Sekura v. L.A. Tan, a class of tanning salon customers in Schaumburg, Illinois sued the franchise under BIPA for its failure to obtain written consent prior to using their biometric data and not advising the customers how such data would be stored and eventually destroyed. There was no allegation that the company lost or did anything improper with the information; rather, the suit focused on the company’s failure to treat the data carefully, as required under the law.

This case was the first to settle under BIPA for $1.5 million. While there are currently only one (1) dozen lawsuits commenced under BIPA, it is predicted that more suits are on the horizon if employers fail to handle biometric data properly.

State Laws on Biometric Data

Until recently, Illinois and Texas were the only states with laws addressing biometrics. However, a new wave of high-exposure litigation under BIPA has had an impact on other states’ decisions to introduce legislation on the matter. Earlier this year, Washington became the third state to enact a biometric data law. Bills are pending in Alaska, Connecticut, Massachusetts, and New Hampshire.

In 2015, New York legislators proposed bills that would regulate biometric information notice and consent requirements and limit retention and sale of such information. The bills even provided statutory damages for the individuals harmed. However, the bill never made it out of the committee.

New Jersey’s Identity Theft Prevention Act protects individuals from identity theft. The Act requires business to notify individuals when their data has been compromised and requires these companies to destroy personal information when it is no longer needed. However, unlike the biometric laws, this law does not require consent prior to collecting a person’s biometrics.


With the use of biometrics and regulation of such use on the rise, employers currently using or considering utilizing biometric data are encouraged to ensure their use complies with the growing regulation in this area.

Jules Halpern Associates LLC

Workplace and Education Law Advisors

Jules Halpern Associates LLC
JULES HALPERN ASSOCIATES LLC is a boutique law firm committed to serving our clients in all facets of their workplace issues. We provide personalized, practical advice that resonates with our clients’ business objectives.
1225 Franklin Ave, Suite 200 Garden City NY 11530 516-466-3200
45 Rockefeller Plaza, Suite 2000 New York NY 10111 212-786-7380
Jules Z. Halpern


Long Island Office
1225 Franklin Ave | Suite 325
Garden City, New York 11530
tel: 516.466.3200 | fax: 212.658.9313

New York City Office
45 Rockefeller Plaza | Suite 2000
New York, New York 10111
tel: 212.786.7380 | fax: 212.658.9313

Real Workplace Issues Newsletter

Please enter your e-mail address below to sign up for our topical e-newsletter, Real Workplace Issues.

Follow Us

  • linkedin
  • Facebook
  • Halpern Associates on Twitter

Copyright © 2019 All rights reserved Jules Halpern Associates LLC | Attorney Advertising