“Biometrics” refers to technology used to measure physical characteristics of humans, like fingerprints, retina characteristics, DNA, hand measurements, or voice patterns.
Biometric data is typically used for authentication purposes in corporate and public security systems.
Biometric identity theft is prevented by encrypting the original biometric data when it is gathered. A biometric device used in a workplace application generally consists of three components:
• A scanning device to scan a person’s eye or fingerprint
• Software that digitizes the scanned information and compares match points
• A database of the original biometric data for comparison purposes
You’ll be pleased to learn that tongue-prints never really caught on.
How and Why Companies Use Biometric Data
Employers often use biometric data for employee accountability. They may use it to establish more accurate records of hours worked, or to prevent employees having co-workers clock them in or out. Companies can now purchase secure keyless locks based on biometric data from authorized individuals to restrict access to certain areas. Some employers use biometric data for better security, and sometimes use this data to know which employees were present in specific areas at specific times. It’s sort of the personal equivalent to sticking a GPS device on a company vehicle to track it.
For enhancing workplace security, adhering to government or industry policies, or simply making it more difficult for non-employees to gain access to workplaces, employers praise biometric data for answering these needs in a method that’s quick and accurate. Employees, however, sometimes complain that biometric systems are Orwellian and furthermore want to know how secure biometric data collected from them is. They want to know how employers use data they collect, what happens to it if they leave the company, and how the company will handle loss, compromise, theft, or misuse of biometric data.
When Biometric Data Is Mishandled
Remember a year or so ago when some employers tried collecting social media passwords from employees and applicants? Laws were passed in several states to address this as an invasion of personal privacy. The possibility was also raised that compromise of such information could lead to identity theft and expose employers to liability. You can bet that people will be on the lookout for situations where biometric data could be mishandled, lost, or otherwise compromised.
“Psst … wanna know where you can get some retina scans, cheap?”
Biometric technology is not perfect. Systems may crash, or scans may not work – say if an employee has a bandage on the hand that is scanned for access to an area. Moreover, people are already figuring out how to hack and fake biometrics. You might remember how last fall, two days after the release of the iPhone 5, Germany’s Chaos Computer Club hacked the fingerprint sensor to be able to unlock the phone, raising the possibility of a security risk to businesses wanting to use similar systems for access to corporate accounts.
Laws and Proposed Legislation on Biometric Data
Biometric technology has already prompted legislation. In Canada, employers who use biometric data have to ensure privacy of the biometric data collected. The state of Illinois now has a law regulating collection and use of biometric data, and in New York, employers are prohibited from fingerprinting employees unless they’re required to do so by law. In Idaho, legislation has been proposed to make unauthorized biometric data sales illegal and to require permission for the sharing of people’s biometric information. In cases where technology moves faster than privacy laws, watch for more legislation to be proposed and passed in coming years.
Steps Employers Should Take
If your company is considering using biometric data, don’t wait until laws start being passed to take biometric data security seriously. Nationwide labor law firm Fisher & Phillips, LLC recommend taking the following steps:
• Notifying employees in writing of the intent to use biometric data, including reasons, security measures, and where to direct questions
• Checking all applicable and potentially relevant privacy laws before implementing the system
• Imposing strict security policies to ensure biometric data is safeguarded and stored securely
• If your company is unionized, verifying your right under collective bargaining agreements to implement a biometric system
• Preparing for consideration of accommodation of employees who refuse participation based on religious beliefs, disability or other protected statuses.
Data security in the workplace isn’t limited to the numbers you crunch and the databases that contain them. Biometrics opens up another dimension of data security, and it’s critical that your organization is ready if they’re introduced. Tight security depends on your organization having access to leading IT asset management software to ensure that your network and every device on it is accounted for and outfitted with the most current security patches and firewall technology. Samanage offers leading IT asset management software with the powerful features companies need to lay the foundation for comprehensive data security both today and tomorrow.