Biometrics Information Security Policy
Purpose
This Biometric Information and Security Policy (the “Policy”) defines the Company’s policy and procedures for collection, use, safeguarding, storage, retention, and destruction of biometric data collected by the Company.
The Company uses biometric data for employee timekeeping purposes. The Company collects, stores, and uses employee biometric data for the purposes of giving employees secure access to the Company’s timekeeping systems and to document employees’ clock in and clock out times.
Definition of Biometric Data
Biometric data means personal information stored by the Company about an individuals’ physical characteristics that can be used to identify that person. Biometric data specifically includes fingerprints.
Policy
The Company’s policy is to protect and store biometric data in accordance with the applicable standards and laws, including the Illinois Biometric Information Privacy Act. An individual’s biometric data will not be collected or otherwise obtained by the Company without prior written consent of the individual. The Company will inform the employee of the reason his or her biometric information is being collected and the length of time the data will be stored. A consent form is attached to this Policy.
The Company will not sell, lease, trade, or otherwise profit from an individual’s biometric data. Biometric data will not be disclosed by the Company unless (i) consent is obtained, (ii) required by law; or (iii) required by valid subpoena or warrant.
Biometric data will be stored during the term of an employee’s employment with the Company. The biometric data will be stored using a reasonable standard of care and in a manner that is the same or exceeds the standards used to protect other confidential and sensitive information held by the Company.
The Company will permanently destroy biometric data within 36 months of an employee’s termination of employment.