Employers in New Jersey use increasingly high-tech methods to monitor their employees throughout the work day. Some of these methods raise concerns about employee privacy, especially systems that collect biometric data. “Biometrics” refers to the automated use of physical characteristics to identify individuals. For example, many smartphones give users the options of unlocking their devices with fingerprint or facial recognition software. Some employers use this kind of technology to control access to worksites or track employees’ time. This means that each time an employee passes a checkpoint or enters the employer’s premises, the employer captures an image of their face, fingerprint, or other unique identifying feature. Employees have an interest in knowing how employers are using this information, and how securely they are storing it. Currently, no law in New Jersey regulates the collection, storage, and use of biometric data. A bill pending in the New Jersey Assembly would address this issue and provide a path forward for New Jersey employment lawyers and their clients.
Under New Jersey law, employers may not intrude into areas where employees have a reasonable expectation of privacy. Unreasonable searches of private areas in the workplace, such as an employee’s locker, may violate an employee’s legal rights. Surveillance of phone or computer use is allowed by law, as long as it is reasonably related to the employer’s business. Video monitoring of common areas is not unusual, particularly in retail or warehouse settings. Intrusive surveillance that serves no legitimate business purpose could be unlawful. In extreme cases, such as video monitoring of a restroom or changing area, it could even be criminal.
Biometric surveillance is, in one sense, an extension of video surveillance. Since it results in the collection of data that could be used to identify specific individuals, it is also analogous to the collection of Social Security numbers and other information best kept private. Few states currently have laws addressing the collection of biometric data. Illinois enacted the first such law, the Biometric Information Privacy Act (BIPA), in 2008. Other states have passed similar laws since then. BIPA remains the only law that allows private causes of action for violations.