Understanding Biometric Privacy Laws: Why Employers Should Proceed with Caution

Quick look: The world of technology is fast-moving, sometimes without considerable thought for the consequences. Earlier this year, the FTC released a statement warning about the misuse of biometric information and violations of consumer privacy. Employers should be aware of how they may be affected, and how a PEO partner can help them minimize risks.  

Technology is being developed faster than ever, which means missteps along the way are inevitable. The rise of machine learning, in particular, has taken the world by storm. Most recently with the surge of AI-powered language technology, such as ChatGPT, as well as the conveniences provided by biometric information. 

Biometric information is data depicting certain traits or characteristics relating to an identified person’s body. On the surface, it delivers a certain ease and efficiency, allowing consumers to log into their personal accounts and devices through facial or fingerprint recognition. In addition, there are similar technologies claiming use to determine characteristics such as age, race, gender, and even personality traits.

Processing of this personal data causes concern for misrepresented use due to potential inaccuracies of information. As a result, the Federal Trade Commission (FTC) issued a warning in May of this year raising concerns about biometric information, regarding data security, consumer privacy, and potential bias and discrimination. It is investigating the validity of this type of technology and if and how it is in violation of the FTC Act. 

Companies implementing such advanced technology may feel ahead of the curve but are also susceptible to lawsuits and should be aware of the ramifications. Whether they’re deploying it for consumer use or in-house for their employers, business leaders should take careful measures before moving forward.

How employers can be impacted 

Though tech companies are often the most vulnerable to lawsuits, any businesses employing the use of biometric technology for its employees and/or consumers can be at risk. The FTC Act requires companies to get permission from individuals before collecting any type of biometric data, including fingerprints and iris scans. It also requires proof of safeguarding of such information. 

Meanwhile, states like Illinois and California have also introduced state bills to add further protections and private right of action for individuals. For the latter, if enacted, employers would be prohibited from collecting a person’s biometric information unless legally authorized in writing for the specified purposes. Therefore, it’s recommended for companies to limit use of biometric data whenever possible, both for consumers and employees. 

However, if used, to ensure they’re following best practices when it comes to privacy regulations, employers should audit instances of where biometric technology is processed and confirm it complies with federal and state law. Otherwise they could face:

• FTC civil penalties of up to $50,120 per violation (or higher as maximums are adjusted for inflation every January)
• Statutory, actual, and punitive damages as instituted by state law
• Attorney’s fees and litigation costs
• Any other relief as determined by the court

Therefore, it’s up to companies to establish protocols to keep consumer information properly protected and private. These must also be updated and communicated as laws change. Also, it’s their responsibility to monitor new rulings and confirm lawful use of any biometric information technology as it pertains to their own employees. 

For consumers, data breaches are all too common, releasing their information into the world. This is largely due to insufficient security protocols and creates mistrust and puts businesses at risk for lawsuits. For employees, the rise of remote working leads to less control over equipment and communication protection. And companies should be wary of the ramifications they face of having individual private information exposed as well.

How a PEO partner can help with risk management and compliance

The risk versus reward of technology can be challenging to navigate. And since it occurs so quickly, it feels like a rush to get onboard for fear of being left behind. It’s a delicate balance of staying current enough to be competitive with taking the necessary precautions before proceeding. 

However, when it comes to personal data, employers need to know the long-term consequences it can present. Understanding the legalese around consent of use, data breach protocols, and litigation protection is complex and varies from state to state. When in violation of the law, it can result in hefty fines, lawsuits, and other repercussions, making small- and medium-sized businesses (SMBs) extra vulnerable.

The value of working with a professional employer organization (PEO) like ExtensisHR is there’s a team in place to monitor changes in the law and keep companies compliant. Having risk and compliance experts on hand assures SMB leaders they are protecting their companies, employees, and consumers in real-time.

Additionally, working with a PEO partner provides a sounding board for potential technology usage to weigh the pros and cons of use before taking action. Though it may be tempting to dive headfirst into whatever technology is the fastest and most convenient, it’s equally important to understand the drawbacks in order to make the best possible decision. 

Under the umbrella of ExtensisHR’s comprehensive services, risk management and workplace safety is one of the most important. The dangers of misused technology puts companies at high risk and can add to the concerns regarding ever-changing legal and regulatory requirements. To address these, ExtensisHR creates a customized action plan to implement safety protocols and educate the workforce about best practices.

Keeping a company protected and continuously expanding is a full-time endeavor. By delegating HR responsibilities to ExtensisHR, it frees up time for SMB leaders to focus solely on their growth goals. In addition to risk and compliance services, our team provides HR and benefit services, and time-saving technology and reporting tools as part of a personalized HR solution. 

As technology continues to evolve, keeping an eye on how these changes affect your business is crucial. As a PEO partner, we ensure you stay compliant at the federal, state, and local level. To learn more about how our HR experts can support you, contact ExtensisHR today.