Employers across California, and the nation for that matter, are taking steps to modernize time-clocks utilized in the workplace. Employers are replacing pen and paper time-sheets or standard “punch” time-clocks with modern, biometric timekeeping systems as a means of combatting the age-old problem of time-clock fraud. These new and improved time-keeping systems help to improve the accuracy of an employer’s time-keeping system, alleviate security concerns, and improve the efficiency of an employer’s payroll system as a whole.
Biometric time-keeping systems utilize some of the latest technology to record employees’ clock-in and clock-out times. For example, some systems use facial scanning software, others scan employees’ eyes, while other biometric timekeeping systems utilize palm-scanning or fingerprint technology. In short, the newest technological innovations that would impress George Jetson are now commonly available and utilized by employers in a variety of workplaces, ranging from advanced clinical labs to warehouses.
Unquestionably, biometric timekeeping systems can modernize the workplace and improve an employer’s payroll practices at relatively affordable prices. However, as always, California employers need to consider the variety of legal issues presented by this new technology and take actions that are consistent with existing laws. Below, we highlight two major concerns implicated by employers’ use of biometric timekeeping systems: Labor Code §1051 and California’s newly enacted Consumer Privacy Act.
California Labor Code §1051
Labor Code §1051 is an obscure Labor Code provision unknown to many employers. However, employers should nonetheless know of §1051 and its relationship to biometric timekeeping systems to ensure compliance with the law.
Labor Code §1051 provides in relevant part:
[A]ny person or agent or officer thereof, who requires, as a condition precedent to securing or retaining employment, that an employee or applicant for employment be photographed or fingerprinted by any person who desires his or her photograph or fingerprints for the purpose of furnishing the same or information concerning the same or concerning the employee or applicant for employment to any other employer or third person, and these photographs and fingerprints could be used to the detriment of the employee or applicant for employment is guilty of a misdemeanor.
In short, this provision means that an employer “cannot require applicants or employees to provide fingerprints or photographs as a condition of employment if they will be provided to a third party and used to the applicant’s or employee’s detriment.”[1] As emphasized above, violation of Labor Code §1051 subjects an employer and/or its agent to criminal liability!
The plain language of Labor Code §1051 indicates that it is troublesome for employers who utilize biometric timekeeping systems.
First, most employers who utilize biometric timekeeping systems require employees to use the systems as a condition of retaining employment. In other words, employers may terminate employees who refuse to use them. Second, many biometric timekeeping systems utilize fingerprinting software or facial recognition software (which may qualify as a photograph for purposes of Labor Code §1051). Third, biometric timekeeping systems often transfer information captured by the particular timekeeping device to a third party. This third party is often the vendor providing timekeeping service, who utilizes the information obtained by the device to verify the identity of the individual employee. Fourth, employers may use the information obtained by the biometric timekeeping system “to the detriment” of the employee. For example, an employer may, by comparing an employee’s fingerprints captured on a biometric timekeeping device, determine that the employee fraudulently clocked out of work. Upon discovering this information, the employer may punish the employee, which is an act “to the detriment” of an employee.
In short, the language of Labor Code §1051 indicates that it would apply to an employer’s use of a biometric timekeeping system, specifically those that use fingerprinting and/or facial recognition software. Obviously, this is worrisome to employers. However, a 2014 Opinion Letter written by the California Attorney General (“AG”) may alleviate employers’ concerns.
In the Opinion Letter, the California AG applied Labor Code §1051 to a common employment practice in the truck driving industry. Trucking employers commonly install video cameras in trucks to continuously record the actions of a truck or bus driver. The cameras are generally operated by a third party under contract with the employer. The cameras record in a continuous loop, overwriting previous footage unless the vehicle undergoes an unusual force (i.e. hard braking, swerving, or collision, referred to as “triggering events”). Upon the occurrence of a triggering event, the cameras automatically save footage immediately before, during, and after the triggering event. The system operator then “marks” the video for ease of review and provides it to the driver’s employer, who may utilize the video for disciplinary action. The system operator, besides sharing the video recordings with the employer, keeps the videos confidential. When employers use the videos to discipline employees, they generally provide the video to the employee or the employee’s bargaining representative.[2]
The AG noted that “[s]ome have suggested that this practice violates section 1051 because employers are requiring their drivers to submit to having their images recorded by third parties for potential use in disciplinary action.” The AG, however, disagreed.[3]
First, the AG examined the history of Labor Code §1051. The AG found that Labor Code §1051 arose from former “anti-black-listing” laws. Black-listing consisted of the practice of keeping records of employees (i.e. fingerprints or photographs) and furnishing those records to other employers to prevent the employee from securing future employment. Employers historically used black-listing to target union organizers. The AG found that the trucking industry’s use of video-recording, as described above, did not implicate these anti-black-listing concerns.[4]
Second, the AG found that above-described practice did not violate the plain terms of Labor Code §1051. The AG opined:
In this case, the photographer is not the employer itself, but the employer’s agent – the system operator – who is under contract with the employer regarding both the recording of the images and the subsequent use of the images. Here, both the employer and the system operator desire the images for the purpose of returning the image to the employee’s own employer. The statute, by contrast, prohibits the taking of fingerprints and photographs “for the purpose of furnishing the same…to any other employer or third person.” Accordingly, even assuming that a photograph and videotape are equivalent for purposes of section 1051, we conclude there is no violation under the plain terms of the statute under the circumstances that have been conveyed to us.[5]
Based on this analysis, the AG concluded that “continuous videotaping surveillance of truck drivers during their on-the-job driving does not constitute a misdemeanor under Labor Code section 1051 where the video file is inspected by a third party and used as a basis for discipline by the driver’s employer, provided that the third party is an agent of the driver’s employer who is videotaping and inspecting the file for the sole benefit of the driver’s employer, and that file is furnished only to the driver’s employer.”[6]
California employers, in light of the AG’s opinion, can likely take a deep sigh of relief that they will not incur criminal liability for using biometric timekeeping systems so long as they adhere to the following recommendations – the employer should ensure that: (1) it has a contract with the vendor providing the biometric timekeeping service; (2) that the vendor’s use of the biometric information collected is limited verifying the identity of employees using the system; and, (3) that the information collected is furnished solely to the employer.
California Consumer Privacy Act
Employers collecting biometric data through timekeeping systems should also consider the implications of the recently enacted California Consumer Privacy Act (“CCPA”). Although the CCPA is not currently the law, it takes effect in the near future: July 1, 2020.[7]
The CCPA is designed to protect “consumers,” which is broadly defined by the Act as “a natural person who is a California resident….”[8]
As a preliminary matter, the CCPA is only applicable to a “business,” as that term is defined by the CCPA. To qualify as a business under the CCPA, an entity must: (1) be organized or operated for profit; (2) collect consumer personal information or determine, on behalf of a business that collects personal information, the means of processing such information; (3) do business in California; and (4) have gross revenues in excess of $25,000,000.00, or annually buy, receive for commercial purposes, sell, or share for commercial purposes the personal information of at least 50,000 consumers, households, or devices; or, derive 50% of its annual revenues from selling consumers’ personal information.[9]
“Commercial purposes” is defined as activity that is designed to “advance a person’s commercial or economic interest….”[10] Moreover, “personal information” is defined as any “information that identifies, relates to, describes, is capable of being associated with, or could be reasonably linked with…a particular consumer….”[11] The definition of personal information specifically includes biometric information.[12]
The CCPA gives consumers a plethora of rights related to the collection of their personal information and imposes on covered entities a plethora of obligations. For example, the CCPA gives to a consumer:
•· The “right to request a business that collects a consumer’s personal information disclose…the categories and specific pieces of personal information that the business has collected.”[13]
•· The “right to request that a business delete any personal information about the consumer which the business has collected from the consumer.”[14]
•· The “right to request that a business that sells the consumer’s personal information, or that discloses it for a business purpose, disclose to that consumer” a variety of information concerning the information collected, the categories of information sold, the parties to whom the business sold the information, etc.[15]
•· The “right…to direct a business that sells personal information about the consumer to third parties not to sell the consumer’s personal information.”[16]
Without analyzing each and every right granted to consumers and obligations imposed on businesses by the CCPA, employers who utilize biometric timekeeping systems should know that collecting employees’ biometric information may subject the employer to the CCPA and the substantial compliance obligations imposed thereby.
However, much to the delight of California employers, a current California Assembly Bill (AB 25 (Chau)) proposes to amend the definition of “consumer” in the CCPA to exclude persons whose personal information is collected by an employer and used only for employment related purposes. The proposed amendment would modify the definition of consumer to provide:
“Consumer” does not include a natural person whose personal information has been collected by a business in the course of a person acting as a job applicant to, an employee of, a contractor of, or an agent on behalf of, the business, to the extent the person’s personal information is collected and used solely within the context of the person’s role as a job applicant to, an employee of, a contractor of, or an agent on behalf of, the business.[17]
This amendment would give solace to many employers who are fretting over future costly and timely obligations imposed pursuant to the CCPA. Employers should follow the progress of AB 25 to determine they will receive a reprieve from some of the performance obligations contained in the CCPA.
Conclusion
Biometric timekeeping systems confer substantial benefits onto employers, allowing for a more efficient and accurate timekeeping system. But, as identified above, there are legal issues raised by the use of biometric timekeeping systems. Employers who have questions about their current or future use of biometric timekeeping system should contact our offices to ensure their use of biometric timekeeping systems is in compliance with California law.
[1] Cal. Labor Law Digest (2019), Ch. 9 Personnel Records and Privacy.
[2] 97 Ops. Cal. Atty. Gen. 5 (Cal. A.G.)
[3] Ibid.
[4] Ibid.
[5] Ibid., emphasis in original.
[6] Ibid.
[7] Cal. Civ. Code §1798.185(a).
[8] Id. at §1798.140(g).
[9] Id. at §1798.140(c), emphasis added.
[10] Id. at §1798.140(f).
[11] Id.at §1798.140(o)(1).
[12] Id. at §1798.140(o)(1)(E).
[13] Id. at §1798.100(a), (c).
[14] Id. at §1798.105(a).
[15] Id. at 1798.115(a).
[16] Id. at §1798.120(a).