Beware of Hidden Pitfalls: Biometric Privacy Guidance for California Employers
By now, most Golden State employers are well versed in the California Consumer Privacy Act of 2018 (“CCPA”), as well as its soon-to-be successor, the California Privacy Rights Act of 2020 (“CPRA”), which goes into effect at the start of 2023.
At the same time, more and more employers operating in California (and in other parts of the nation) are integrating biometrics into their operations in a variety of ways, including for timekeeping and access control purposes, among others.
Many of these employers need not worry about satisfying the onerous requirements of the CCPA because they do not meet any of the law’s three applicability thresholds: (1) $25,000,000 in gross revenue; (2) buying, receiving, sharing, or selling the personal information of more than 50,000 consumers, households, or devices; or (3) deriving 50 percent or more of revenue from the sale of personal information.
And those employers that do fall under the scope of California’s consumer privacy law are largely exempted from compliance in connection with the personal information of employees (and job applicants) under the CCPA’s employee information exemption.
Combined, many California employers operate under the assumption that there are no applicable legal requirements that must be satisfied when using biometrics in their day-to-day operations. Organizations that take this approach do so at their peril, as California Labor Code § 1051 imposes clear, unambiguous requirements and limitations on employers that utilize certain biometric data in the workplace. More than that, this California law—which often flies under the radar of many employers and even their biometric privacy counsel—can result in criminal penalties for noncompliance.
To read the full post, please visit our Biometric Privacy Insider blog.