Workplace Privacy: The Risks of Biometric Authentication
Personal identification technologies at the workplace have advanced in recent years, and have helped to provide increased security, speed, and convenience. But some biometric security controls come with some unique risk to employees and companies. New biometric authentication tech can allow hackers to access a system and steal employee biometric data.
As a result, thousands of impacted individuals have had their biometric data leaked. Following such data theft events, victims have hired privacy attorneys to assist in filing class action data theft lawsuits.
What are the Benefits of Biometric Authentication?
- Stronger security: ironically, setting up a biometric authentication system is meant to limit the ability of hackers to gain unauthorized access to a company.
- Time savings: biometric authentication is supposed to be more efficient and accurate. A time clock sign-in experience should be almost instantaneous.
- Non-transferrable data: unique biometrics like fingerprints and voice recognition are not easy to replicate with current technology.
The Risks of using Biometric Authentication
- False negative activity: Any biometric system may fail to recognize an authentic individual and can block access, leading to an unnecessary disruption.
- Privacy and security risks: Any company that chooses to collect and store biometric information for authentication must be careful not to violate individuals’ privacy rights. Laws exist to limit how a company can use such data (California Consumer Privacy Act/California Privacy Rights Act and Illinois with the Biometric Information Privacy Act).
- Data Misuse: If data gets leaked, there is the risk that individuals’ personal information can be sold to criminals who may engage in identity theft and other types of fraud.
Tips to Protect Biometric Data
The following may help to minimize the risks associated with the workplace use of biometric data:
- Set up a system that requires multi-factor authentication
- Use software that encrypts stored data
- Only store necessary data, and destroy data that is no longer needed
- Implement the proper and lawful consent, and security protocols when collecting biometric data
- Understand the privacy policies of the organizations that you work for, and ensure that their data privacy practices are secure before sharing your biometric information.
The Lyon Firm has experience handling a variety of data privacy litigation and is currently involved in invasion of privacy, data theft and data breach class actions. Contact Joe Lyon for a free case review.