Fingerprint scanning carries ‘serious and irreversible privacy risks,’ complainants said
Fast food restaurant Wendy’s is facing a class-action suit in the US over its method of collecting sensitive data such as scanning employees’ fingerprints.
Wendy’s purportedly uses fingerprint scanning whenever employees clock in and clock out of work or use point-of-sale systems, but plaintiffs – including former Wendy’s employees – alleged a lack of transparency at the company.
The complaint filed in an Illinois county court on Sept. 11 claimed Wendy’s and its technology solutions provider, Discovery NCR, have failed to inform staff of their data management practices concerning employees’ biometric information.
The two companies, which have allegedly been collecting personal information without explicit written consent from the staff, have also failed to clarify how long they intend to keep the data and how they plan to permanently destroy it once employees leave, the complainants said.
These failures, they alleged, constitute violations of the Biometric Information Privacy Act (BIPA) of Illinois. BIPA requires organisations to inform data subjects in writing about the specific purpose and duration of their collection, use, and storage of personal data.
“Unlike key fobs or identification cards – which can be changed or replaced if stolen or compromised – fingerprints are unique, permanent biometric identifiers associated with the employee,” the plaintiffs said. Employees are thus vulnerable to “serious and irreversible privacy risks”.