Legal Issues: Biometric Time Clocks and Data Protection in United States

In the United States, the collection and use of biometric data is not regulated by any comprehensive federal law. However, several states, including California, Illinois, Texas, Washington, and New York, have relevant laws. Examples include the California Consumer Privacy Act (CCPA) and the New York’s Stop Hacks and Improve Electronic Data Security (SHIELD) Act, which became effective in 2020.

Midex Time and Attendance solutions provide time clocks and software which allow companies to be compliant with biometric data laws. Prior to the use of the time and attendance solution, each employee must enroll themselves into a time clock; this participation, along with an explanation of the process and purpose of collection of data, becomes part of the informed consent. Second, the collected biometric information (facial, palm, or fingerprint recognition data) is only used for a specific purpose of time and attendance tracking. Finally, there are built-in protection mechanisms within the hardware and software to protect personal information.