You don’t always have to give your boss the finger Maybe it’s your first day on the job. Perhaps your manager just made an announcement. You’ve been asked to scan your fingerprint every time you clock in and out. Is that even allowed? From Hooters to Hyatt Hotels, employers tantalized by the promise of a futuristic, streamlined way to track workers’ attendance are starting to use time clock machines that fingerprint employees. Vendors like and say that because the machines are tied to your biometric information — unique characteristics such as your face, fingerprints, how you talk, and even how you walk — they provide a higher level of workplace security and limit employees’ ability to commit “time theft” by punching in for one another. Kronos Allied Time But the benefits for your boss may come at a cost to you — both your privacy and possibly your health. , your personal health could be at risk when using frequently touched screens and fingerprint scanners. The says that coronavirus can remain on surfaces for hours, so screens and scanners should be regularly disinfected with cleaning spray or wipes. And you should wash your hands for 20 seconds or use alcohol-based hand sanitizer immediately after using one. With the global outbreak of COVID-19 Centers for Disease Control In addition to these health concerns, critics argue that biometric devices pose massive personal security issues, exposing workers to potential identity theft and subjecting them to possible surveillance from corporations and law enforcement. In an in a case before a federal court of appeals, a group of privacy advocates, including the ACLU and the EFF, wrote that “the immutability of biometric information” puts people “at risk of irreparable harm in the form of identity theft and/or tracking.” amicus brief “You can get a new phone, you can change your password, you can even change your Social Security number; you can’t change your face,” said Kade Crockford, the Technology for Liberty program director at ACLU of Massachusetts. Companies facing legal action over their use of the machines range from fast food joints like and , to hotel chains like and , to airlines like . McDonald’s Wendy’s Marriott Hyatt United and Southwest In some cases, the companies have countered in the lawsuits that their employees’ union agreement allows the use of the machines: “Southwest and United contend that the plaintiffs’ unions have consented — either expressly or through the collective bargaining agreements’ management-rights clauses — and that any required notice has been provided to the unions,” the court’s opinion states. Other companies have not responded to requests for comment or have said they cannot comment on active litigation. Privacy and labor laws have lagged behind the shifts in the American workplace. But in some places, you have the right to refuse and even sue. Biometric Privacy Laws As the collection and use of biometrics has exploded, lawmakers in three states have responded by passing laws restricting its deployment. Illinois , enacted in 2008, was the first major biometric privacy law passed by a state. Enacted after a company, Pay-By-Touch, went bankrupt and attempted to sell off customers’ fingerprint data, the law restricts companies’ ability to use and distribute biometric data. But consumers aren’t the only ones protected. Illinois’s Biometric Information Privacy Act (BIPA) If you’re working in Illinois, your employer is required to inform you that your biometric data is being collected, why it’s being collected, and how long it is being stored — all in writing. It also has to get your written permission. If your employer doesn’t comply, you’re entitled to a private right of action. have been sued in Illinois for their use of fingerprint-scanning time clocks without the consent of their employees. Dozens of companies Texas and Washington Texas and Washington have similar laws to Illinois’s on the books, but with a few key differences. Both states leave the right to litigation to the attorney general. In Texas, the , or CUBI, relates only to biometric data used for a “commercial purpose,” a pretty vague term. While your employer still has to ask for your consent, the bar is a little lower — it doesn’t need your permission. If you leave your job, your employer is supposed to delete your biometric information. Capture or Use of Biometric Identifier law written Washington’s has an exemption for security purposes. This means that your employer’s use of biometrics may not be covered by the law if your employer argues that it improves the security of your workplace. (The promise of improved security is one of the pitches of the biometric time clocks make to businesses.) biometric identifiers law vendors Religious Exemptions Some object to biometric data collection out of religious concerns. In West Virginia, the EEOC took Consolidation Coal Company after it forced a longtime employee to retire because his religious beliefs prevented him from scanning his hand to track his work attendance. to court As an Evangelical Christian, he said he believed that scanning his hand would place the “Mark of the Beast” on him, as described in the Bible’s Book of Revelation. The EEOC won the case against the mining company, and the man was awarded $150,000 in damages. Labor Department Opinions In New York, it’s illegal for your boss to use biometric fingerprinting, thanks to a labor department of a banning the fingerprinting of most employees. This hasn’t stopped employers from trying. (SwipeClock, a finger-scanning time clock vendor, that “the very employees” who are probably committing time theft “are the ones that would not voluntarily use biometric time clocks” and that New Yorkers can simply “implement hand geometry, and iris or retina scanning” to get around the law.) interpretation state law assures potential buyers Unions Collective bargaining can help employees who might be confronted with new tech in the workplace. “One of the things that’s usually in union contracts is language about any changes that the management would make that impact the working conditions,” said  Crockford. “One way that people can organize to ensure that their employers are not forcing this kind of technologies on them is to unionize.” New York’s Metropolitan Transit Authority began installing fingerprint time clock machines in earnest last summer, after an found an unexpected $119 million jump in overtime over the previous year. The Association of Commuter Rail Employees filed a with the New York State Department of Labor regarding the machines. independent investigation complaint In a to the MTA board, Carolyn Pokorny, the MTA inspector general, wrote that the full implementation of the machines faced “challenges such as union agreements and access by remote mobile field staff” but noted that the time clocks weren’t the only solutions the MTA has in mind. It also has been testing mobile phone and “voice authorization” check-ins for employees. November letter An MTA spokesperson told The Markup that “the vast majority of our 74,000 employees are registered and actively using our modern timekeeping system, with the exception of a small number of employees affected by collective bargaining issues and clocks being installed at remote field locations.” When asked for clarification about how many “a small number” was, the spokesperson responded, “A few thousand.” Credits Originally published as " " with the Attribution-NonCommercial-NoDerivatives 4.0 International (CC BY-NC-ND 4.0) license. My Boss Wants Me to Use My Fingerprint to Clock In. Is That Legal?

Transit

Will Google's and Apple's Contact Tracing Preserve Privacy?

Are Your Photos Exposing You?

Every dollar you donate helps support The Markup’s work.

Are Time Clock Machines With Fingerprints Legit?

About Author

Comments

TOPICS

THIS ARTICLE WAS FEATURED IN

Related Stories

A Conversation with Kashmir Hill: Envisioning a Chaotic Future

8 Benefits of Computer Vision in the Security Industry

80% Devices in 2023 Are Already Passkey-Ready: Apple, Microsoft, and Google Pushing It Even Higher

AI Biometric Authentication is Changing

Biometric Authentication revolutionizes The Future of Mobile Banking

Biometric Authentication - Working, Methods, and Use Cases

A Conversation with Kashmir Hill: Envisioning a Chaotic Future

8 Benefits of Computer Vision in the Security Industry

80% Devices in 2023 Are Already Passkey-Ready: Apple, Microsoft, and Google Pushing It Even Higher

AI Biometric Authentication is Changing

Biometric Authentication revolutionizes The Future of Mobile Banking

Biometric Authentication - Working, Methods, and Use Cases

Light-Mode

Classic

Newspaper

Minty

Dark-Mode

Neon Noir

Minty

HN StartUps