Why employers need a biometrics policy and what to include

July 2025 employment law letter

Authors:

Richard Lehr, Lehr Middlebrooks Vreeland & Thompson, P.C.

More employers are using biometrics for timekeeping and security review. The biometric identifiers most frequently used by employers are face scans (“facial recognition”), fingerprints, voiceprints, and video surveillance. Although only five states regulate the use of biometrics—Illinois, New York, Texas, Vermont, and Washington—common-law invasion/breach-of-privacy claims are available to everyone. So, establishing a biometrics policy can help employers avoid a biometric privacy violation claim and other workplace disruption.

Drafting your biometrics policy

Your biometrics policy should include four primary sections:

Consent. You should obtain consent before collecting biometric information. The consent form should explain why you’re collecting the information and how long the information will be retained.

Disclosure. The disclosure provision of the policy should state that you won’t share the employee’s biometric information with anyone other than your biometric identifier vendors unless legally required or you obtain the employee’s consent.

Continue reading your article with a HRLaws membership