How Will Workplace GPS Tracking and Biometric Data Collection Trends Affect HR?

The rapid expansion of workplace technology—from employer use of GPS tracking and biometric data to big data in general and HR analytics—will create more compliance challenges for HR professionals this year, employment law attorneys told SHRM Online.

Businesses need to be aware of state-law issues with employee monitoring and privacy as laws develop in this area, said Matthew Deffebach, an attorney with Haynes and Boone in Houston.

HR professionals will likely play an increased role in cybersecurity, said Joseph Lazzarotti, an attorney with Jackson Lewis in Morristown, N.J. "Many organizations are realizing that cybersecurity cannot be left solely to the IT department."

A comprehensive program requires more than passwords, firewalls and encryption. The human element is critical, he said, noting that strong programs must reflect an understanding of the business and the different roles employees play. Programs should include:

• Clear policies.
  
• Effective training
  
• Implementation strategies.
  
• Tactics for handling sensitive employee information.
  

Because of the continued risk posed to confidential and personal information, HR professionals are becoming more involved in organizations' cybersecurity planning and implementation to help mitigate that risk, Lazzarotti said.

GPS Tracking

Employers increasingly have the capability to monitor employees' whereabouts through GPS tracking on vehicles and mobile devices. But there could be legal ramifications for doing so.

For example, Lazzarotti said, when organizations use GPS to track locations of company equipment, in part for securing the data on that equipment, it raises potential privacy issues for employees.

The federal Driver Privacy Act of 2015 addresses privacy concerns for data collected on event data recorders (EDRs)—which are installed in vehicles to record accident information. Under federal law, data recorded or transmitted by an EDR can't be accessed by anyone other than the vehicle's owner or lessee.

"Thus, organizations that want to use EDRs to monitor employee-owned vehicles need to obtain consent, among other things," Lazzarotti noted.

State laws may also limit GPS tracking. For example, California's penal code generally prohibits individuals from electronically tracking other people. But again, consent is key, because the law doesn't apply when the registered owner, lessor or lessee of a vehicle has consented to the use of the tracking device in the applicable vehicle.

Illinois law also requires a vehicle owner's consent to use GPS tracking, unless a law enforcement agency is legally performing the tracking.

Connecticut employers can use GPS in company-owned vehicles without providing notice to workers, but employers in the state must post a notice when using electronic monitoring systems on the company's premises.

Biometric Data Collection

Biometric information—including fingerprints and facial recognition technology—may be used for time-keeping, for secure entry into buildings and to log into systems. Using such data can be convenient for employees and more secure for employers by doing away with scan cards that can be lost or stolen. But using biometric data may also have legal ramifications.

[SHRM members-only HR Q&A: May employers track employees' attendance by using biometric timekeeping systems?]

Employers should make sure employees consent to the data collection and understand how the information is being used, Deffebach said. They must understand applicable state laws when it comes to using employee biometric data.

The Illinois Biometric Information Privacy Act of 2008, for example, limits how businesses can use employee data and provides steps employers must take when obtaining such information.

In 2017, states such as Alaska, Connecticut, Massachusetts, New Hampshire and Washington also initiated or passed legislation to enhance protections for biometric information.

The Illinois law spawned multiple class-action lawsuits over the last few years concerning the collection, safeguarding and retention of biometric information, Lazzarotti said. "Claims against employers increased dramatically during 2017, and that trend is expected to continue."

HR's Role

HR needs to be in the loop when it comes to technology and security issues in the workplace. "Very often, HR professionals are not aware of what is going on at all their locations concerning such things as perimeter security," Lazzarotti said. "The organization's loss prevention team may have installed biometric scanners for all employees' access, without even thinking to alert HR."

But HR must understand the "who, what, where, why and how" concerning the technology being used, he said. For example, HR should determine what information is collected and whether it is being stored by the employer or a third-party vendor. HR also may want to evaluate the different technologies on the market and help select the vendor.  

Importantly, handbook policies must be dusted off and updated to reflect the latest and greatest technology in use, Deffebach said. Employers need to ensure workers know what information is being collected and how it is being used, and they need to comply with state notice and consent laws. "Employers can't simply rely on the old, 'We can read your e-mails' notice," he said.

Was this article useful? SHRM offers thousands of tools, templates and other exclusive member benefits, including compliance updates, sample policies, HR expert advice, education discounts, a growing online member community and much more. Join/Renew Now and let SHRM help you work smarter.