Pending NJ Assembly Bill Could Restrict Use of Biometric Data by Employers and Others
May 17, 2021 | Written by: Share|
It is not uncommon for employers in New Jersey to use various methods to monitor their employees throughout the workday. However, some employers are using increasingly high-tech methods to do so, some of which are raising concerns about employee privacy, especially those methods that collect what is known as biometric data.
Biometric data, or biometric identifiers, allow a person to be uniquely identified through an unchangeable physical characteristic or behavior. The most well-known biometric identifier is a fingerprint, but new technologies can now identify people based on their facial features or how they walk. These features are as distinctive as fingerprints but differ because they can be collected at a distance by cameras and recording technology. Some employers use this kind of technology to control access to their worksites and/or to track their employees’ time. This means that each time an employee passes a checkpoint or enters the employer’s premises, the employer captures an image of the employee’s face, fingerprint, or other unique identifying features.
Currently, New Jersey does not have a law that regulates the collection, storage, and use of this biometric data. Since employees have an interest in knowing how employers are using this biometric data and how securely they are storing it, there is a bill pending in the New Jersey Assembly that would address these issues.
Under current New Jersey law, employers may not intrude into areas where employees have a reasonable expectation of privacy. Unreasonable searches of private areas in the workplace, such as an employee’s locker or a restroom, may violate an employee’s legal rights. However, the surveillance of an employee’s phone or computer use is allowed by law if it is reasonably related to the employer’s business. Likewise, video monitoring of common areas is not unusual. However, intrusive surveillance that serves no legitimate business purpose could be deemed unlawful or even be considered criminal.
Biometric surveillance is, in one sense, an extension of video surveillance. Since it results in the collection of data that could be used to identify specific individuals, it is analogous to the collection of Social Security numbers and other information that needs to be kept private. Illinois has enacted the first law to safeguard the collection and use of such data, called the Biometric Information Privacy Act (BIPA). Pursuant to BIPA, any private entities, including employers, that collect biometric data must obtain the subject’s written consent, disclose the purpose of collecting biometric data, provide the length of time that the data will be stored, safeguard the data, and refrain from selling or otherwise sharing the data with third parties.
Assembly Bill 3625/4211, currently pending in the New Jersey Assembly, likewise imposes various restrictions on the collection and use of biometric data to ensure public safety and privacy protection and to prevent the abuse of such cutting-edge technology. Section 4 covers “private entities,” including non-public employers. It contains provisions requiring written consent and prohibiting the sale of biometric information. A negligent violation may result in liquidated damages of $1,000 or actual damages, whichever is greater. A reckless or intentional violation could lead to a fine of $5,000 or actual damages. An Assembly committee approved the bill in January 2021, and it awaits further action.
Though the fate of this bill remains unknown, biometric information and the privacy of such information is becoming a hot topic within New Jersey and elsewhere. Businesses in New Jersey that currently use this technology should implement policies to protect this biometric information and should keep an eye on this pending bill to ensure that they are compliant with its mandates, in case it gets passed.