BIOMETRIC INFORMATION PRIVACY POLICY

Biometric Data Defined
As used in this policy, biometric data includes “biometric identifiers” and “biometric information” as defined in the Illinois Biometric Information Privacy Act, 740 ILCS § 14/10, et seq. 

“Biometric identifier” means a retina or iris scan, fingerprint, voiceprint, or scan of hand or face geometry. 

“Biometric information” means any information, regardless of how it is captured, converted, stored, or shared, based on an individual’s biometric identifier used to identify an individual.

“Written release” means a release executed by an employee as a condition of employment.

Purpose for Collection of Biometric Data
This policy is for customer reference only and may not be comprehensive of all customer obligations under state and federal laws related to biometric information privacy. Customers shall develop their own policies related to biometric information privacy, in accordance with federal, state, and local law and utilize legal advisors as necessary.

EasyWorkforce’s Time and Attendance software collect, retain, and use biometric data for the sole purpose of identifying employees and recording time entries when utilizing the EasyWorkforce’s biometric timeclocks or biometric readers. Biometric timeclocks are computer-based systems that scan an employee’s finger or face for purposes of identification. The computer system extracts unique data points and creates a unique mathematical representation used to verify the employee’s identity, for example, when the employee clocks in or out from the workplace.

Disclosure
EasyWorkforce will not sell, lease, trade, or otherwise profit from a customer’s employee biometric data. EasyWorkforce will not disclose or disseminate any biometric data to anyone unless: a. Disclosure is required by state or federal law or municipal ordinance; or b. Disclosure is required pursuant to a valid warrant or subpoena issued by a court of competent jurisdiction.

Retention
EasyWorkforce retains all data of a customer including their employee biometric data during the time the customer is active with EasyWorkforce. Once the customer ceases to use EasyWorkforce’s software by cancelling the license, EasyWorkforce in its periodic removal of customer database, permanently removes all the customer data including the biometric data. Alternatively, a customer can request removal of their company data at any time, upon which EasyWorkforce will oblige within a reasonable timeframe.

Data Storage
The biometric data is stored as a unique mathematical representation of system extracted unique biometric data points of the individual. EasyWorkforce does not store actual images. EasyWorkforce shall use a reasonable standard of care to store, transmit and protect from disclosure any electronic biometric data collected. Such storage, transmission, and protection from disclosure shall be performed in a manner that is the same as or more protective than the manner in which EasyWorkforce stores, transmits and protects from disclosure other confidential and sensitive information.

Customer Responsibilities
EasyWorkforce customers shall be responsible for compliance with all state and federal laws regarding biometric information privacy, as applicable, including but not limited to creating a biometric privacy policy and obtaining consent for collection of biometric data. If required by applicable law, customers shall be responsible for:
a. informing employees in writing that a biometric identifier or biometric information is being collected or stored;
b. informing employees in writing of the specific purpose and length of term for which a biometric identifier or biometric information is being collected, stored, and used; and
c. obtaining a written release executed by employees if required.

Suggested References:
Illinois Biometric Information Privacy Act (“BIPA”), 740 ILCS § 14/10, et seq.
Washington Biometric Identifiers Act, RCW 19.375.020
Texas Capture or Use of Biometric Identifier Act (“CUBI”), Tex. Bus. & Com. Code Ann. § 503.001