Would you feel comfortable giving your fingerprints to your employer, so they can be used to clock you in and out in place of a timecard? If the thought makes you uneasy, you’re not alone. Illinois law has already begun regulating the taking, retention, and use of such “biometric data.” The complaint for this class action alleges that a hotel chain did not follow these regulations.
The action proposes a class and a subclass. The class includes all individuals whose biometrics were captured, obtained, stored, or used by IHG within the state of Illinois any time within the applicable limitations period. The subclass includes all individuals whose biometrics were captured, obtained, stored, or used by Kimpton within the state of Illinois any time within the applicable limitations period.
A “biometric identifier” is any personal feature that is unique to individuals, such as DNA or a fingerprint. “Biometric information” includes any information based on such identifiers, such as copies of fingerprints, iris scans, palm scans, or DNA information, that is captured, stored, or otherwise used to identify individuals. The storage of biometric information can be a worrisome topic, the complaint claims: If someone steals your social security number, for example, you can cancel it and apply for a new one, but what do you do when someone steals your fingerprints?
According to the complaint, Illinois law requires that companies that wish to use individuals’ biometric information must do three things.
In addition, they must develop a written policy that is available to the public that establishes a retention schedule and guidelines for destroying biometric information, within three years of the last interaction with the individual or when the purpose for gathering the information has been satisfied.
Plaintiff Eric Zepeda worked at Kimpton Hotels, a subsidiary of Intercontinental Hotels Group, Inc. According to the complaint, at the beginning of his tenure, the hotel used standard means of timekeeping, such as scanning ID cards, but in or about 2014 switched to using fingerprints. The complaint claims that, prior to taking Zepeda’s fingerprint data,
The complaint also contends that if the hotel uses out-of-state, third-party vendors to operate their biometric program, each transmission of information constitutes a violation of law, since the hotel did not obtain Zepeda’s consent to share the information with a third party.