Employers in New Jersey use increasingly high-tech methods to monitor their employees throughout the work day. Some of these methods raise concerns about employee privacy, especially systems that collect biometric data. “Biometrics” refers to the automated use of physical characteristics to identify individuals. For example, many smartphones give users the options of unlocking their devices with fingerprint or facial recognition software. Some employers use this kind of technology to control access to worksites or track employees’ time. This means that each time an employee passes a checkpoint or enters the employer’s premises, the employer captures an image of their face, fingerprint, or other unique identifying feature. Employees have an interest in knowing how employers are using this information, and how securely they are storing it. Currently, no law in New Jersey regulates the collection, storage, and use of biometric data. A bill pending in the New Jersey Assembly would address this issue and provide a path forward for New Jersey employment lawyers and their clients.
Under New Jersey law, employers may not intrude into areas where employees have a reasonable expectation of privacy. Unreasonable searches of private areas in the workplace, such as an employee’s locker, may violate an employee’s legal rights. Surveillance of phone or computer use is allowed by law, as long as it is reasonably related to the employer’s business. Video monitoring of common areas is not unusual, particularly in retail or warehouse settings. Intrusive surveillance that serves no legitimate business purpose could be unlawful. In extreme cases, such as video monitoring of a restroom or changing area, it could even be criminal.
Biometric surveillance is, in one sense, an extension of video surveillance. Since it results in the collection of data that could be used to identify specific individuals, it is also analogous to the collection of Social Security numbers and other information best kept private. Few states currently have laws addressing the collection of biometric data. Illinois enacted the first such law, the Biometric Information Privacy Act (BIPA), in 2008. Other states have passed similar laws since then. BIPA remains the only law that allows private causes of action for violations.
BIPA applies to the collection of biometric data by any private entity, not just employers. Privacy issues arising from biometric data are fairly common in employment situations. Any private entity that collects biometric data, which includes any “retina or iris scan, fingerprint, voiceprint, or scan of hand or face geometry,” must obtain the subject’s written consent. It must disclose the purpose of collecting biometric data, and the length of time the data will be stored. It must safeguard the data, and cannot sell or otherwise share it with third parties.
Assembly Bill 3625/4211, currently pending in the New Jersey Assembly, imposes various restrictions on the collection and use of biometric data. Section 4 covers “private entities,” including non-public employers. It contains provisions similar to those found in Illinois’ BIPA, such as requiring written consent and prohibiting the sale of biometric information. A negligent violation may result in liquidated damages of $1,000 or actual damages, whichever is greater. A reckless or intentional violation could lead to $5,000 or actual damages. An Assembly committee approved the bill in January 2021, and it awaits further action.
The employment lawyers at the Resnick Law Group are available to answer your questions and discuss your options if you have a civil rights claim or other dispute with your employer in New Jersey or New York. Please contact us online, at 973-781-1204, or at 646-867-7997 today to schedule a confidential consultation to see how we can help you.