b'Using Biometric Identifiers at WorkWho, What, Why . . . Who does it apply to: Any employer that captures a biometricthe industry-standard level of protection (which should at least identifier of an individual for a commercial purpose. include password security training, social engineering training to avoid loss of credentials, and updating all servers regularly to What is the issue: Employers are increasingly using biometricavoid weakness to hackers). identifiersforavarietyofpurposes,includingsecurityand timekeeping.Somecompanies,suchasbanks,usevoiceWhat happens if I violate the law:The penalties are potentially recognition software as an additional measure of security for itsstiff$25,000 for each violation, i.e., each employee whose customers, and biometric time clocks are becoming popular withinformation has been captured or used without permission and employers in all industries as a way to curb time clock fraud andknowledge. increase timekeeping efficiency.When do I dispose of old identifiers: An employer must destroy What is a biometric identifier: Under Texas law, a biometricbiometric identifier files within one year after the purpose for use identifier means a retina or iris scan, fingerprint, voiceprint,ends, such as termination of the employment relationship. or record of hand or face geometry.So, just to be clear, until courts interpret the language, assume even employee photosCommon Situations: for identification badges include face geometry, and the safePhotoContest:HenrysITAmericaisexperimentingwith bet is to treat them as such. newvideotechnologyforitscustomersthatallowsfacial recognition of video surveillance systems using employee photo WhatisthelawinTexas: Anemployermaynotcaptureaidentification badges.Henry starts using the software with his biometric identifier of an individual for a commercial purposeown employees to see how it works.Sure enough, the software (includinginternalrecordkeeping)unlesstheemployer:(1)is able to use employee badges to pick them up in the halls.Has informs the individual before capturing the biometric identifier;Henry erred?Yes.Even the basic photo for an identification and (2) receives the individuals consent to capture the biometricbadge is biometric information and in todays technologically-identifier. advanced world it can be used to identify employees.What kind of consent do I need: Interestingly, Texas does notBadges:Wedontneednostinkinbadges:Badger require written consent, but its an easy way to prove consentManufacturings CEO is fascinated by tech and envisions the after the fact.An employee angry for some reason is unlikelyday when individuals will be able to check out at the store with to remember giving oral consent.Put notice and the consent ina wave of the hand.The CEO offers employees the opportunity the same document and keeping a copy for all employees for upto be implanted in the fleshy part of the hand between the thumb to three years. and index finger with an RFID chip that allows the employees to open doors, work vending machines, and access the parking Is there a security requirement: The statute simply recites thatlot.When employees leave, the company simply deactivates employersmusttakereasonableeffortstosecurethedata. their RFID.Mistake?Yes. Unfortunately, in order to prevent Withoutanycourtcasesinterpretingwhatisreasonable, ex-employees from inappropriately accessing the system, they employers should take above-adequate measures to protectmust maintain their data to block their use.Now the company the data and consult with their IT professionals to determinecant delete the data after a year.97'