In response to concerns about employee attendance and building security, some employers have chosen to implement biometric attendance systems in the workplace. These systems allow an employer to monitor employees’ work hours by measuring biological characteristics like fingerprints, handprints or facial features and associating this measurement with an identified individual. As biometric systems record personal information about identifiable individuals, their use by employers is subject to the requirements of privacy legislation.

The interplay between biometric attendance systems and employee privacy has been addressed by the Office of the Information and Privacy Commissioner of Alberta (OIPC) on two occasions: Investigation Report P2008-IR-005 and Investigation Report F2008-IR-001. In both cases, the employer implemented a biometric attendance system in order to more accurately record attendance and reduce instances of “buddy punching”, a practice where one employee punches the time card of another employee who is late or absent. The systems did not store images of an employee’s thumb or hand print, but instead converted measurements of an employee’s hand or thumb into a unique numerical identifier.

The Commissioner concluded in both cases that the collection of personal employee information was reasonable. Despite this finding, both employers were found to have breached their obligation under privacy legislation to properly notify employees of the information being collected and the manner in which collected information would be used.

The OIPC Investigation Reports are instructive, as they raise a number of important takeaway points for employers who are considering a move from the traditional timecard to a more high tech option:

  1. Employers who implement such systems in the workplace must take care to ensure that employees understand what information is being collected, how it is being collected and how the employer will use the information. This may include the preparation of a written privacy policy which is then made available to employees.
  2. In both investigation reports, the Commissioner noted that the numerical identifiers generated by the biometric system could not be reverse engineered in order to reconstruct an image of the employee’s hand or thumbprint. It was also noted that the collected information was transmitted and stored in encrypted form. In light of concerns about unauthorized access to or misuse of personal information, the level of security provided by an attendance system will be important if the legality of the system is challenged.
  3. The Commissioner also noted in both reports that other methods of tracking attendance had been found to be ineffective. Employers who wish to use biometric systems in the workplace should therefore be able to articulate how the proposed system is needed to remedy a specific problem, such as buddy-punching, in light of any available methods which are less invasive.

Topics:  Attendance, Biometric Information, Employee Rights, Employer Liability Issues, Facial Recognition Technology, Fingerprints, Full-Time Employees, Personally Identifiable Information, Privacy Policy, Right to Privacy, Security

Published In: Labor & Employment Updates, Privacy Updates, Science, Computers & Technology Updates

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Bennett Jones LLP | Attorney Advertising

Don't miss a thing! Build a custom news brief:

Read fresh new writing on compliance, cybersecurity, Dodd-Frank, whistleblowers, social media, hiring & firing, patent reform, the NLRB, Obamacare, the SEC…

…or whatever matters the most to you. Follow authors, firms, and topics on JD Supra.

Create your news brief now - it's free and easy »