A proposed class action lawsuit out of Illinois claims Corner Bakery Cafe overstepped state privacy law with its practice of collecting employees’ fingerprints to track their work hours.
Filed by a former cashier, the case claims Corner Bakery Cafe requires workers to scan their fingerprints each time they clock in and out of the restaurant’s timekeeping system. The plaintiff notes, however, that the Illinois Biometric Information Privacy Act (BIPA) sets forth strict requirements to which employers must adhere before collecting, storing, using, or disclosing workers’ biometric identifiers such as fingerprints. Under the BIPA, employers who require workers to use their fingerprints to “punch the clock” must first:
Obtain the employees’ written consent authorizing the collection of their fingerprints;
Inform employees that their biometric information will be collected, as well as indicate the purpose and length of time for which their fingerprints will be retained; and
Publish a publicly available retention schedule and guidelines for how and when the information will be destroyed.
According to the lawsuit, Corner Bakery Cafe collected employees’ fingerprints despite failing to fulfill each of the above requirements. Moreover, the plaintiff contends that the defendant shared her biometric data with its third-party timekeeping vendor without first securing her consent for the data to be disclosed.
The lawsuit, which was removed from state to federal court in Illinois, seeks to cover any of the defendant’s employees who scanned their fingerprints in the restaurant chain’s timekeeping system at any time since August 30, 2014.