By Dan Whitehead
Sep. 9, 2021
You arrive for work, walk up to the door and look into the scanner. Infra-red light maps the unique patterns of your retina and, in the literal blink of an eye, your presence is verified, logged, and the door unlocks. This scenario used to be limited to high-security government installations and blockbuster spy movies, but the use of biometrics such as fingerprints and retinal scans to access everyday workplaces is fast becoming the norm.
In a 2019 study, more than a quarter of small North American businesses were using thumbprint scanners as a way of confirming identity, a number that leaps to over 40% for companies with more than 1,000 employees. Even retinal scanners, with their lingering science-fiction reputation, are being used by more than 10% of companies.
Biometrics is a rapidly evolving technology, and if you are considering investing in a biometric time clock system for your business, there are some pros and cons to weigh before making a decision.
Biometrics offers considerable advantages over analog time clock systems such as punch cards or keycards, and it can improve accuracy, efficiency, and security across your locations.
The biggest advantage from a company perspective is that biometric time clocks only work for the employee in question. This makes the common fraudulent practice of “buddy punching,” in which shift workers clock in and out for each other, all but impossible. Whether using fingerprints, palm prints, or retinal scans, biometrics requires the relevant person to be physically present. The only way to clock in for an absent colleague using this system would be to have their eyeballs or fingers, and there aren’t many work buddies willing to go that far to shave a few hours of their working day!
This also means an increase in security and safety. You can be sure that the person gaining access to your premises under a biometric system is who they say they are. It isn’t foolproof—employees can still hold the door open and allow others access—but the chances of anyone using a lost or stolen keycode or card to enter your workplace is gone.
Biometric time clocks can also increase efficiency in several areas. Employees don’t need to remember passcodes or keep track of a physical key card, which means your company doesn’t need to spend time and resources providing and managing those measures. The shift change process can also be sped up, as employees can clock in and out more quickly without typing in codes or fumbling in wallets for cards, reducing time-wasting bottlenecks.
Connecting biometric time clock systems to time and attendance software has advantages for employees, too. Being able to prove beyond doubt that they were on-site at specific times means that claims for unpaid overtime are much easier to prove. That, in turn, gives your managers the tools to ensure that payroll is correct, reducing the risk of wage and hour lawsuits.
Biometrics is still an evolving technology, and it may still produce practical and legal hurdles for businesses to handle. If you introduce a biometric time clock now, you will need to consider a new range of accessibility issues as well as taking on additional data admin work with the possibility of further changes in the future.
Where employees with disabilities are concerned, companies should be especially alert to their practical access needs. If an eye-level retinal scanner is used to access the workplace, how will that impact wheelchair users? If access is via a palm or fingerprint reader, how will employees with limited or no visibility know where to place their hands? The Americans with Disabilities Act requires companies to make all reasonable accommodations for people with disabilities to access premises, even just for job interviews. While there have been exploratory studies raising concern on this issue, there has yet to be a test case involving biometrics. You don’t want your company to be the one setting that precedent.
Data privacy is already something companies need to be on top of, and the use of biometrics will only increase that burden. Although there is no federal law governing the use and storage of biometric data, several states have enacted their own, and it is only a matter of time before others follow suit. Texas and Washington have laws governing general biometric data use, while New York has labor legislation that covers it specifically for workplaces. Passed in 2008, the Illinois Biometric Information Privacy Act (BIPA) is the leading template for this kind of legislation, so it is useful to be familiar with what it requires from employers.
Under BIPA, companies must have a publicly available written policy that lays out how biometric data will be used, stored, and deleted. Employees must be sent written confirmation that their biometrics are being collected and how long they will be stored. Employees must also give written consent for this to happen and give separate consent for this data to be shared with third parties. Employee biometric data must be safeguarded and should not be used for profit-making.
As of 2018, more than 50 companies were facing lawsuits filed under BIPA with penalties that can quickly stack up—$1,000 per violation caused by negligence, such as inadequate data security, and $5,000 for every deliberate infraction, such as selling the data to third parties. There have been some high-profile results. Early in 2021, Walmart was hit with a $10 million settlement following a BIPA class-action suit involving 21,677 employees who used a palm scanner when handling cash register drawers without being asked for consent.
In another 2018 case, Smith Senior Living settled a lawsuit brought by an employee who was not made aware that her fingerprint data used to clock in and out of shifts was being stored in a database by Kronos Inc., the external supplier of the biometric systems. Any biometric time clock that shares data with an external platform—such as time and attendance software—means you should get explicit consent from employees to avoid legal exposure.
Since biometric data is uniquely personal, it stands to reason that people will see the collection and use of that data in more personal terms. As an employer introducing biometric time clocks, the onus will be on you to build trust and put systems in place that reassure your staff you can be trusted with this information.
Legal challenges such as the one Walmart faced are likely the thin end of the wedge when it comes to concern from the general public over the use of biometrics. A 2018 survey found that 69% of respondents felt there were strong arguments against biometrics, with worries about the data itself being the most common.
A case was brought against Honeywell in 2015 for encouraging employees to sign up for a wellness program that included biometric screening in order to qualify for health insurance. The tests included cholesterol, waist size, and smoking history. Those who opted not to take part risked thousands of dollars in penalties and lost contributions. The Equal Employment Opportunity Commission (EEOC) filed the suit saying it violated the Americans with Disabilities Act and the Genetic Information Nondiscrimination Act by forcing employees with disabilities to reveal medical information for purposes not required by their work.
Although the Honeywell case was not related to biometric time clocks, it is inevitable that some employees will see any introduction of biometrics into the workplace as a prelude to punitive personal scrutiny. These are paranoid times, especially where matters of health and privacy are concerned, and some may even assume that their data will be misused regardless. It’s up to you to convince them this isn’t the case.
Although the use of biometric time clocks is growing, with the pandemic driving takeup of contact-free retinal scanners in particular, that doesn’t mean it’s the right call for every business to adopt this technology. Biometric time clocks are especially useful for businesses that rely on hourly shift workers. Keeping track of lots of staff coming and going, without causing bottlenecks as people clock in and out, is a boon to companies operating on that model. Producing accurate data for payroll and efficient staff management is another bonus.
This is also a system that can be implemented gradually, used for access to specific locations that need additional layers of security or accountability. Or it may not be right for your business at all, right now. Biometrics in the workplace, whether for time clock purposes or other reasons, requires the introduction of new data security systems and the additional admin load of handling employee consent and the deletion of data when staff leave. Add in the still-evolving legislative landscape where biometric data is concerned, and adopting a “wait and see” approach is a valid strategy.
Whatever you choose, this is a technology that managers need to be familiar with as it appears in more everyday workplaces and will no doubt play a much larger role in the future. For those who do invest in biometric time clocks now, be assured that Workforce’s time and attendance software will integrate with your new system for a complete and secure solution.
We build robust scheduling & attendance software for businesses with 500+ frontline workers. With custom BI reporting and demand-driven scheduling, we help our customers reduce labor spend and increase profitability across their business. It's as simple as that.
Hi, My name is Meg and this is my introduction to Workforce.com
Find out how Workforce.com powered vaccine sites with demand driven scheduling and attendance.
Technology4 Ways to Maximize HR and WFM Data
Technology and cloud-based applications and platforms enable companies to gather more data, but can the...
TechnologyHow to prevent workforce management system outages: mitigation through redundancy
Summary Workforce management data breaches and outages are a very real threat Businesses should build r...
data breach, network security, payroll system, system outage, workforce management
TechnologyKronos (UKG) data breach leaves businesses in the dark for “several weeks”
Summary Workforce management company Kronos (UKG) suffers ransomware data breach Kronos Private Cloud a...
data breach, Kronos, ransomware, security, UKG