BCLPatWork.com

U.S. COVID-19: Biometrics and Business Re-Opening

U.S. COVID-19: Biometrics and Business Re-Opening

May 14, 2020
Download PDFDownload PDF
Print
Share

Now that wearing gloves has become the new normal because of the COVID-19 pandemic, biometric privacy litigation, which in recent years has centered on employers’ use of finger-scan timekeeping technology, may ultimately shift in focus to the measures that businesses implement as employees return to the workplace and customers begin to frequent their favorite establishments.  Body temperature checks, used to screen employees and visitors for a fever, are one such measure being considered as a first line of defense for public health.

To mount a defense against, or avoid altogether, biometric privacy class action litigation, businesses open to the public and employers must have a comprehensive understanding of the thermometer or thermal imaging technology selected—and the data it captures—before rolling out temperature screenings on a widespread basis.  Among the technologies available are:

  • Non-contact infrared thermometers that use lasers to measure temperature from a distance;
  • Thermal imaging cameras that detect elevated skin temperatures compared against a sample of average temperature values;
  • Monitoring systems that use thermal and color visual imaging to detect fevers in high-volume pedestrian areas; and
  • “Wearables” that can use radiometric thermometry measuring electromagnetic wave emissions.

While temperature screening has been endorsed by the Centers for Disease Control and Prevention, the Equal Employment Opportunity Commission, and various state and local governments, biometric privacy laws have not been suspended or amended.  The Illinois Biometric Information Privacy Act (“BIPA”) regulates the possession, collection, capture, purchase, receipt, and sale of “biometric identifiers” and “biometric information”—defined to include retina or iris scans, fingerprints, scans of hand or face geometry, and “any information [based on those biometrics], regardless of how it is captured, converted, stored, or shared.” Both Texas and Washington have biometric statutes covering similar information, and the California Consumer Privacy Act (“CCPA”) and New York’s Stop Hacks and Improve Electronic Data Security Act (“SHIELD Act”) now cover biometrics.

Business owners, operators, and employers should thoroughly assess whether their temperature screening methodologies implicate any of these laws. Whether biometric-specific statutes are triggered can depend on: what the device scans and how; the extent to which temperature information is associated with a specific individual; and whether temperature data is saved or immediately overwritten.

At this time, there is no legal authority to state that collecting body temperatures, on their own, constitutes a collection of “biometric information.” However, out of abundance of caution, to ensure full compliance with the BIPA and similar biometric privacy laws, businesses may want to consider taking the following steps:

  • Making publicly available a policy/notice that describes what information is (or is not) being collected;
  • Informing visitors, employees, and anyone else entering the premises about the reason for using the technology;
  • Establishing retention and destruction guidelines for any data collected; and
  • Obtaining consent (ideally, in writing) prior to any temperature screening. State laws may need to be consulted regarding the sufficiency of electronic signatures or non-signature consent processes.

Related Practice Areas

  • Employment & Labor

This material is not comprehensive, is for informational purposes only, and is not legal advice. Your use or receipt of this material does not create an attorney-client relationship between us. If you require legal advice, you should consult an attorney regarding your particular circumstances. The choice of a lawyer is an important decision and should not be based solely upon advertisements. This material may be “Attorney Advertising” under the ethics and professional rules of certain jurisdictions. For advertising purposes, St. Louis, Missouri, is designated BCLP’s principal office and Kathrine Dixon (kathrine.dixon@bclplaw.com) as the responsible attorney.