Employee-privacy advocates are not in favor of biometrics in the workplace. But many employers do not share the concern. Biometrics are being used in workplaces across the country for purposes ranging from security to timekeeping and attendance.
What are Biometrics?
You may not know it, but you have probably seen biometrics in use numerous times. Catch any modern spy movie and there is sure to be a scene where the main character accesses the inevitable Restricted Area using the fingerprint of a dead man via a “borrowed” digit. Or maybe the triple-secret bank vault can be opened only via a a retina scan of the bank’s Very Important President. You get the idea.
Biometrics run the gamut from simple to NASA-level technology. Biometrics on the most basic level could include simple ID badges with the employee’s mug-shot style photograph. Signatures are even included in biometrics that are used as a security measure. Today, employers utilize password-management systems that require employees to regularly change their personal passwords in order to access the company’s network.
The term “biometrics” refers to a method of authenticating the identity of an individual using enduring physical or behavioural characteristics. Any system that utilizes biometrics relies on the use of biometric identifiers. Also known as “BIs,” biometric identifiers are select pieces of information that relay an encrypted picture of some unique feature of the person’s biological makeup. Common BIs include fingerprints, retinal scans and voice scans.
Other identifiers that have been suggested and used include: hands, feet, faces, ears, teeth, veins, voices, signatures, typing styles (keystroke), gaits and odors.
How Effective Are Biometrics?
In the employment context, biometrics are used as an authentication tool. The BI is compared to the authenticated BI, which is stored in a database. Used this way, biometrics offer a nearly infallible security system. Unlike traditional security measures, like passwords or security badges, biometrics cannot be shared, lost, forgotten, stolen, or recreated.
But there are security risks for the user. For example, the authenticating, or original, data must be kept as secure as possible, which usually means not being sent wirelessly. And, if it is sent across a network, encryption should be at a maximum. As a compromise, systems often provide for a larger margin of error. And, unlike passwords and security questions, biometrics cannot be changed or revoked when the employment relationship ends.
What Else Could Go Wrong?
Well, lots, actually. Unauthorized access to highly sensitive personal information raises very legitimate concerns about identity theft–a problem that already has employers on high alert for potential liability. And, without any regulatory system in place, what about the potential privacy implications? Surely, employees will want to know what other information can be obtained should the wrong person have access to the database.