Skip to content

Employers continue to incorporate the use of biometric information for several employee management purposes, such as in systems managing time keeping and security access that use fingerprints, handprints, or facial scans.  Recently, Illinois state courts have encountered a substantial increase in the amount of privacy class action complaints under the Illinois Biometric Information Privacy Act (“BIPA”), which requires employers to provide written notice and obtain consent from employees (as well as customers) prior to collecting and storing any biometric data.  Under the BIPA, the employer must also maintain a written policy identifying the “specific purpose and length of term for which a biometric identifier or biometric information is being collected, stored, and used.”  740 ILC 14/15(b)(2).

Although the BIPA was enacted almost 10 years ago, individuals did not start filing lawsuits until 2015.  Since September 2017, there have been over twenty-five new filings in Illinois state courts including class actions against prominent international hotel and restaurant chains.  These lawsuits tend to target employers utilizing finger print recognition machines as part of their time keeping systems.  Where the employer uses a third-party supplier for its time-tracking system, the claims have also included allegations that the employer improperly shared the biometric information with the supplier without obtaining the proper consent.  In these cases, the claims generally allege that the employer failed to provide proper notice.

Though there is no definitive reason for the increase in filings over the past months, the claims may be related to the increased use of biometric information in the workplace since the initial case filings in 2015.  While Texas and Washington also have laws governing employer use of biometric information, Illinois is the only state that currently provides a private right of action, including class actions.  Additionally, potential damages associated with BIPA violations, particularly for class actions, can be extensive, including liquidated damages of $1,000 per negligent violation (or the amount of actual damages, whichever is greater), liquidated damages of $5,000 per intentional or reckless violation (or the actual damages, whichever is greater) and attorney’s fees.

What Can Employers Do?

  • Prior to collecting or storing biometric data, employers in Illinois should: (1) create a written policy regarding the retention and destruction of biometric data; (2) obtain written acknowledgment and release from the employees; and (3) store the biometric information securely, similar to other confidential information, such as personal health information or personally identifiable information.
  • Employers who use a third party to assist with the collection or storage of biometric data should include the third party in the acknowledgement and release, which employees execute.
  • Employers also should be aware that most states, including Illinois, have legislation governing how employers respond to data breaches and the required notifications to employees. If a data breach occurs, employers are advised to immediately contact counsel to devise and implement a response plan.
  • In the event of litigation, employers should remove BIPA cases to federal courts when possible, particularly where the allegations focus on notice and consent issues, as employers can argue that plaintiffs cannot establish the necessary harm to establish standing as required by the Supreme Court case Spokeo, Inc. v. Robins, 136 S. Ct. 1540 (2016) (requiring more than a “bare procedural violation” to establish harm). Because employees likely will have difficulty establishing actual harm where the biometric data was stored in a confidential and secure manner, employers may be successful in getting such claims dismissed.

As the laws regulating biometric data continues to evolve, employers should monitor this issue closely and consult with counsel as further developments occur to ensure compliance with any relevant regulations.

Maryland has now joined New York and several other states that have recently passed legislation expanding state equal pay laws and/or broadening the right of employees to discuss their wages with each other (often called “wage transparency”). The Equal Pay for Equal Work Act of 2016 (“Act”), signed by Governor Hogan on May 19, 2016 and set to take effect October 1, 2016, amends Maryland’s existing Equal Pay law (Md. Code, Labor and Employment, §3-301, et seq.), which applies to employers of any size, in several significant aspects.

First, as to the equal pay provisions, the Act:

  • Extends the protections of the law to differentials based on gender identity as well as sex.
  • Bars discrimination not only by paying less for work at the same establishment of comparable character or on the same operation, but also by ‘providing less favorable employment opportunities.”
  • Defines “providing less favorable employment opportunities” to include assigning or directing an employee into a less favorable career track; failing to provide information about promotions or advancement in the full range of career track offered by the employer; or otherwise limiting or depriving an employee of employment opportunities that would otherwise be available but for the employee’s sex or gender identity
  • Expands the definition of “same establishment” to include any workplace of the same employer located in the same county.
  • Adds a new exception for a system that measures performance based on quality or quantity of production.
  • Explicitly allows an employee to demonstrate that an employer’s reliance on one of the now seven exceptions is a pretext for discrimination.

Second, on the apparent theory that if employees gather more information on wages, employers will be more likely to decrease or eliminate wage disparities, the Act adds an entirely new provision that bars employers from prohibiting any employees from inquiring about, discussing, or disclosing the employee’s wages or those of another employee, or requesting that the employer provide a reason for why the employee’s wages are a condition of employment. It also bars any agreement to waive the employee’s right to disclose or discuss the employee’s wages. In particular, an employer may not take any adverse employment action against an employee for:

  • Inquiring about another employee’s wages;
  • Disclosing the employee’s own wages;
  • Discussing another employee’s wages if those wages have been disclosed voluntarily;
  • Asking the employer to provide a reason of the employee’s wages; or
  • Aiding or encouraging another employee’s exercise of rights under this law.

However, an employer may in a written policy provided to each employee establish reasonable workplace limitations on the time, place and manner for inquiries relating to employee wages, so long as it is consistent with standards adopted by the Commissioner of Labor and Industry and all other state and federal laws. (For example, under the National Labor Relations Act, rules limiting discussions to non-working time have been held valid). For example, a limitation may include prohibiting discussion or disclosure of another employee’s wages without that employee’s prior permission, except where the employee has access to that information as part of the employee’s essential job functions and uses it to respond to a complaint or charge, or in furtherance of an investigation, proceeding, hearing or action under the Act. Violation of such a policy may be a defense for adverse action.

The Act expressly does not, however, require an employee to disclose his or her wages; diminish employees’ rights to negotiate the terms and conditions of their employment, or the rights provided under any other provision of law or collective bargaining agreement; create an obligation on any employer or employee to disclose wages; permit disclosure without written consent of an employer’s proprietary information, trade secret information, or information otherwise subject to a legal privilege or protected by law; or permit disclosure of wage information to a competitor.

These provisions enlarging employee sharing of wage information are similar to rules that have long existed under the National Labor Relations Act for employees other than managers and supervisor, and recently promulgated by Executive Order 13665 (April 8, 2014) as to employees of federal contractors. These rights are now expanded to all Maryland employees.

The Act further expands the remedies for violation of the equal pay provisions to include injunctive relief and creates a cause of action under the disclosure provisions for injunctive relief and both actual damages and an additional equal amount as liquidated damages. Existing law allowing recovery of attorney’s fees and costs apply to both types of claims. Finally, similar to the provisions of federal Title VII law, the Act now extends the statute of limitations to three years after discovery of the act which a lawsuit is based, rather than just three years after the act itself.

Maryland employers should review any rules they have regarding employee discussions about their wages for compliance with the Act’s protections for such discussions.

Gregg Settembrino
Gregg Settembrino

Recently I attended the American Bar Association’s (“ABA”) 2016 mid-year National Symposium on Technology in Labor and Employment Law (“Conference”) in Washington, D.C.  The Conference highlighted a number of technology related issues that should be of interest to employers, such as the use artificial intelligence in the workplace, cybersecurity, and new trends in the National Labor Relations Board’s technology-based decisions and rulemaking.

One segment of the Conference that I found particularly interesting was “Technology in the Workplace: What’s Out There, What’s Coming, and Why You (Really) Need to Care,” presented by Kate Bischoff and Heather Bussing. It was a discussion regarding risks employers face when monitoring, tracking, and recording employees.  Indeed, today’s technology allows employers to communicate with employees wherever they are and at any time of the day.  Tracking and monitoring devices include cellular phones, wearables such as smartwatches and fitness trackers, radio frequency identification (“RFID”) tags, and work badges implanted with minute microphones and transmitters.  Monitoring employees, whether during work hours or non-work hours, can expose employers to legal risks even if the monitoring is intended to improve business operations, improve employee wellness, or enhance workplace safety conditions.

The rapid advancement of technology has made monitoring, tracking, and recording employees easier and the data more accurate.  Despite such technological advancements, however, the law is still catching up.  Some states, however, already have monitoring laws in place.  Delaware, for example, has passed legislation requiring employers to notify employees if the employer uses technology to monitor their activities.  Delaware’s law covers electronic monitoring of phone conversations, email, and internet use.  The law, however, is silent on an employer’s use of global positioning systems (“GPS”) or other tracking devices.  Also, under California law, a monitored employee can sue their employer for invasion of privacy if the employee has a legally protected privacy interest and a reasonable expectation of privacy.

In addition to using location tracking devices to monitor employees, today’s technology can allow employers that issue wellness trackers to employees as part of an employee wellness program to view and use employee biometric data.  These devices collect such data as the number of steps a person has taken, heart rate, quality of sleep, steps climbed, and other personal metrics.  Nevertheless, employer access to such data is largely forbidden under the Genetic Information Nondiscrimination Act (“GINA”).  Moreover, the Health Information Portability and Accountability Act (“HIPAA”) limits access to and the sharing of health information acquired by employers.

While the line between productive employee monitoring and unlawful surveillance is not entirely clear, a few things are absolutely certain.  Technology in the workplace is here, it can be used to monitor almost anything, and it is not going away.

To mitigate some of the risks that come with monitoring, tracking, and recording employees, employers should:

  • Exercise caution and common sense when adopting novel methods of watching, tracking, and listening to employees regardless of underlying business, health, and safety reasons.
  • Only allow the employees to view their own specific biometric data if employers issue smart watches or wellness trackers, and collect such biometric information, as part of an employee wellness program.
  • Track and monitor new developments in the law at both the federal and state level and revise employer policies accordingly.

Technology media and telecommunications (“TMT”) industry employers should begin taking steps to mitigate a new litigation risk—reverse discrimination claims. This past year there were a number of news stories regarding the lack of diversity in the technology industry (see, for example, articles in Inc., The Cut, Fusion, The New York Times, and Wired). Numerous advocacy groups pressured TMT employers to focus on increasing workplace diversity in order to eliminate this disparity. As TMT employers continue to defend themselves against these allegations, the recently filed Complaint in Anderson v. Yahoo!, 5:16-cv-00527 (N.D. Cal. 2016), alleges that Yahoo!’s robust attempts to encourage gender diversity constituted unlawful sex discrimination against male employees.

The Complaint alleges that Yahoo! “intentionally hired and promoted women because of their gender, while terminating, demoting or laying off male employees because of their gender” and that male employees who received an “occasionally misses” employee score were subject to immediate termination, while similarly rated female employees were not. The Complaint also finds fault with the fact that a disproportionate number of Yahoo!’s recent hires are female.

The Complaint attempts to put TMT employers in a no-win situation. As we have previously discussed, maintaining a workforce lacking in diversity presents serious litigation risks. However, the Anderson Complaint alleges that taking steps to remedy the problem by exhibiting an explicit preference for certain classes of employees may run afoul of the same statutes.

To mitigate litigation risks associated with both discrimination and reverse-discrimination claims employers should:

  • Never take any action “because of” a protected characteristic.
  • Promote diversity through recruitment rather than terminations. In fiscal year 2015 the EEOC received more than nine times as many race and sex discrimination complaints alleging wrongful termination as complaints alleging failure to hire.
  • Before initiating a reduction in force conduct due diligence regarding each employee who will be impacted. This can provide an opportunity to negotiate release agreements with particularly high-risk employees.
  • Ensure that all similarly situated employees are subject to the same rules and practices.


Our colleague Frank C. Morris, Jr., a Member of the Firm in the Litigation and Employee Benefits practices, in the firm’s Washington, DC, office, was quoted in “Retaliation, ADA Charges Rise” by Allen Smith.  The article discusses the uptick in retaliation charges which have been filed and includes tips for employers on how to reduce the likelihood that they will get hit with those types of charges.

Following is an excerpt:

ADA cases today are more often about what took place in the interactive process for identifying a reasonable accommodation than about whether a disability is covered by the law. So, employers should have protocols in place on how to respond to accommodation requests and should document those efforts. This is “incredibly important” if there is litigation, Morris said.

If there is an agreement on an accommodation, put it in writing and have the employee sign the document, he recommended.

Remember that under the ADA, the accommodation obligation is ongoing. “Just because you’d done everything right in 2015 doesn’t mean you don’t need to do everything right in 2016,” he said. Things change, and the employer should be ready to start the accommodation conversation on fresh footing if the employee requests a new accommodation.

Employers in the technology industry should take note of last week’s decision by the U.S. Court of Appeals for the Sixth Circuit in EEOC v. New Breed Logistics (PDF).  The court declined to reconsider a panel holding that, in the context of a retaliation claim, “a demand that a supervisor cease his/her harassing conduct constitutes protected activity under Title VII.”

Three former employees of New Breed Logistics, a supply-chain logistics company, asserted that they had engaged in protected activity by telling their supervisor to stop making advances and sexual comments.  The district court agreed, holding that protected conduct “can be as simple as telling a supervisor to stop.” The Sixth Circuit (PDF) affirmed, relying on the EEOC’s interpretation of Title VII’s opposition clause and finding that an oral complaint to a harassing supervisor – even if no other manager or supervisor ever learns of the complaint – constitutes protected activity.

The employer moved for a rehearing en banc, arguing that the Sixth Circuit’s decision created a split with the Fifth Circuit, which in 2004 had held that a single express rejection to a harassing supervisor did not constitute protected activity.  The employer also argued that an employer should not have to face a retaliation claim if the only person to have received the complaint was the alleged harasser.  In denying the motion for rehearing, however, the Sixth Circuit found that these issues were fully considered in the court’s original decision.

The Sixth Circuit’s decision highlights the need for an employer to train its workforce on its complaint procedures.  Although employees may engage in protected activity by orally rejecting a harassing supervisor’s advances – at least in the Sixth Circuit and in the eyes of the EEOC – they should be made aware of all avenues of complaint so that the employer has an opportunity to learn of and address the complaint.  Importantly, supervisors must be trained on how to handle any such complaints and to report them to human resources.

My colleague Laura A. Stutz  at Epstein Becker Green has a Retail Labor and Employment Law blog post that will be of interest to employers doing business in New York City: “New York City Investigation of Hiring Practices.”

Following is an excerpt:

New York City’s Commission on Human Rights is now authorized to investigate employers in the Big Apple to search for discriminatory practices during the hiring process. This authority stems from a law signed into effect by Mayor de Blasio that established an employment discrimination testing and investigation program.  The program is designed to determine if employers are using illegal bias during the employment application process.

Read the full original post here.

On Monday, June 29, 2015, Mayor Bill de Blasio signed into law the bill passed by the New York City Council “banning-the-box.” The law goes into effect on Tuesday, October 27, 2015. As discussed in our earlier advisory, the ban-the-box movement removes from an employment application the “box” that requests criminal conviction history. New York City’s law also imposes additional requirements upon the employer when making an adverse employment decision on the basis of criminal conviction history.

We recently blogged about recent gender discrimination lawsuits filed against technology industry employers. Following in the wake of these lawsuits have been news stories regarding the lack of diversity in the technology industry. The scale of the statistical disparity, (for example, 90% of Twitter’s technical employees are male), creates major litigation risks for companies seeking to remedy this disparity. Technology companies eager to accept social responsibility for correcting these discrepancies must be careful not to inadvertently invite legal liability for them as well.

Although there seems to be a consensus that lack of diversity is a problem in the technology industry that should be addressed, there is a great deal of disagreement over how to address the problem. Some groups, such as Jesse Jackson Sr.’s Rainbow PUSH Coalition have focused on publicizing employee population statistics in an effort to bring the issue out in the open. However, employers are still experimenting with possible strategies to address the problem.

Class action lawsuits designed to punish employers with large monetary penalties without providing solutions to the disparities threaten this process of experimentation. In a recently filed class action lawsuit against Twitter,[1] a former employee is seeking to represent a class of all current and former female employees who were allegedly denied promotions as a result of gender discrimination. Rather than pointing to a particular discriminatory act or individual, the Complaint cites the employer’s use of “subjective requirements” and “unconscious prejudices and gender-based stereotypes” as the reason why few female employees receive promotions.

A distressing feature of the Complaint is how it incorporates the employer’s attempts to address diversity issues against the employer. It uses the employer’s “internal diversity studies, focusing on barriers to women’s advancement… bias mitigation training” and treatment of gender disparity “as a company-wide issue by partnering with many organizations to continue improving its diversity standing and move the needle” as evidence that discrimination should be adjudicated on a class wide basis. The Complaint also uses employee population statistics published at the urging of civil rights groups as evidence of discriminatory bias.

The Complaint appears to be laying the groundwork for a legal theory that has thus far not been successful. The theory, as discussed in the complaint and in early cases, looks to social scientific research regarding the phenomenon of “implicit bias” meaning “a person’s automatic preference for one [classification] over another.”[2] Courts have been presented with evidence in early cases concerning experiments claiming to support that conclusion that as many as 70% of Americans display an implicit bias in favor of whites over blacks.[3] “Implicit” bias claims provide plaintiff’s lawyers with a mechanism to attribute to discrimination statistical disparities among protected classes in an employee population. Combined with evidence of wide gender and racial disparities this has the potential for massive damages in class action lawsuits.

One of the best examples of how seeking to improve diversity can have unintended legal consequences is the Implicit Association Test (“IAT”). The IAT is designed to measure implicit bias by measuring the time it takes to associate good and bad traits with a particular classification. The most common iteration of the test shows that a substantial portion of test-takers implicitly associate faces of Caucasians with good things, and faces of African Americans with bad things. Many implicit bias training procedures involve having participants take the IAT.[4]

Thus far, plaintiffs have had difficulty having results of the IAT admitted as evidence in litigation. Generally, plaintiffs have  tried to argue: (1) the IAT demonstrates that most people exhibit implicit bias; (2) decision makers are statistically likely to exhibit implicit bias so decision makers at defendant exhibit implicit bias; (3) people who exhibit implicit bias will unconsciously discriminate based upon that bias; ergo (4) statistical disparities based on race or gender within defendant’s employee population are the result of implicit bias. Although there are many parts of this argument susceptible to attack, thus far the most successful defense has been to attack point (2) by arguing that even if implicit bias is rampant in the general population, there is no evidence that a particular decision maker exhibits implicit bias.[5] Plaintiffs can negate this argument by entering individual decision maker’s IAT results into evidence.

The best way to stop a decision maker’s IAT results from being admitted as evidence is for that decision maker not to take the IAT. Documents memorializing IAT results may be produced during discovery and if results are not memorialized they could still be discovered through deposition testimony. Fortunately, courts have declined to order employees to take the IAT as part of discovery.[6]

The IAT is a popular tool in implicit bias training, because it is free and quick to administer and the results usually indicate that many of the test-takers exhibit implicit biases against protected classes. However, it provides plaintiffs with evidence of discrimination which would otherwise be unavailable.[7]

Employers should work to create a more diverse workforce, but they should take care to do it appropriately. The stakes are high, plaintiff’s lawyers are seeking to pin the monetary cost of centuries of discrimination on individual employers and have shown a willingness to use attempts to solve problems and improve the situation as evidence against employers. Human resources initiatives aimed at increasing diversity or alleviating bias should be thoroughly audited to ensure they won’t appear as Plaintiff’s Exhibit A in the near future. The stakes, monetary responsibility for the end result of hundreds of years of discrimination, are too high to take unnecessary risks.



[1] Huang v. Twitter, Inc., CGC-15-544813

[2] Pippen v. Iowa, 854 N.W. 2d 1 (Iowa 2014)

[3] Id.

[4] In Jaffe v. Morgan Stanley & Co., 2008 U.S. Dist. LEXIS 12208 (N.D. Cal. Feb. 7, 2008)  the court approved a settlement agreement where Defendant agreed “to provide diversity related training to field sales branch management which incorporates elements of the Implicit Association Test or similar tool agreed upon by the parties.”

[5] See e.g., Pippen v. Iowa, Iowa Dist. Ct., No. 107038 (2012); Jones v. Nat’l Council of Young Men’s Christian Associations of the United States, 2014 U.S. Dist. LEXIS 43866 (N.D. Ill. Mar. 31, 2014).

[6] Palgut v. City of Colo. Springs, 2008 U.S. Dist. LEXIS 123115 (D. Colo. July 3, 2008) (denying plaintiff’s Rule 35 motion to compel defendant’s employees to complete the IAT).

[7] Readers whose decisions may be scrutinized for implicit bias may not want to take the IAT, which is administered through Harvard University and takes fewer than 10 minutes to complete.

With the ever-increasing amount of information available on social media, employers should remember to exercise caution when utilizing social media as a part of their Human Resources/ Recruitment related activities.  As we have discussed in a prior blog post, “Should Employers and Facebook Be Friends?” we live in a digital-age, and how people choose to define themselves is often readily showcased on social networking sites.  Whether – and how – employers choose to interact with the online presence of their workforce will continue to develop as the relevant legal standards try to catch up.

A recent federal court filing in the Northern District of California against LinkedIn Corp. provides yet another example of the growing interaction between online personas and real-world employment law implications.  There, in Sweet, et al v. LinkedIn Corp., the plaintiffs sought to expand the application of the Fair Credit Reporting Act (“FCRA”) by alleging that LinkedIn’s practice of providing “reference reports” to members that subscribe to LinkedIn’s program for a fee, brought LinkedIn within the coverage of the FCRA as a Credit Reporting Agency (“CRA”).  Briefly, the FCRA (and relevant state statutes like it) imposes specific requirements on an employer when working with “any person which, for monetary fees, dues, or on a cooperative nonprofit basis, regularly engages in whole or in part in the practice of assembling or evaluating consumer credit information or other information on consumers for the purpose of furnishing consumer reports to third parties, and which uses any means or facility of interstate commerce for the purpose of preparing or furnishing consumer reports.” In other words, there are rules – such as providing requisite disclosures and obtaining prior authorization – that apply when an employer engages a CRA to perform background checks, reference checks and related inquiries.

In the lawsuit, the plaintiffs alleged that LinkedIn was a CRA – and that these various rules should apply – because LinkedIn collected and distributed consumer information to third parties and the resulting reference reports “bear on a consumer’s character, general reputation, mode of living, or personal characteristics, and/or other factors listed in 15 U.S.C. § 1681a(d).”  Further, according to the complaint, LinkedIn violated the FCRA because it should have provided FCRA compliant disclosure and followed the reporting obligations applicable to CRAs.

LinkedIn, which is touted as the “world’s largest professional network,” does not portray itself as a CRA and moved to dismiss the complaint.  LinkedIn argued that the plaintiffs’ interpretation of the statute was too broad and, moreover, was inconsistent with the facts.  A federal judge agreed and dismissed the complaint (although the plaintiffs have the opportunity to file another complaint).  The Court ruled that these reference searches could not be considered “consumer reports” under the law – and LinkedIn was not acting as a CRA – because, in part, the plaintiffs had voluntarily provided their information to LinkedIn with the intention of it being published online.  (The FCRA excludes from the definition of a consumer report a report that contains “information solely as to transactions or experiences between the consumer and the person making the report.”) The Court also noted that the allegations suggested that LinkedIn “gathers the information about the employment histories of the subjects of the Reference Searches not to make consumer reports but to ‘carry out consumers’ information-sharing objectives.’”

The LinkedIn case should still serve as a reminder of several important and interrelated trends.  First, as it concerns the FCRA, the statute is broadly worded to cover “any written, oral or other communication of any information by a consumer reporting agency . . .” and the equally expansive definition of a CRA can apply in numerous situations that extend beyond the traditional notion of a consumer reporting agency.  If applicable, the requirements of the FCRA must be followed.  Second, employers need to continue to be mindful of the fact that their online activity can have real-world employment law implications.  Third, as the law governing traditional employment law continues to evolve in response to online developments, the challenges to that activity will evolve as well.

As these trends continue to develop, it is important to confer with legal representation to ensure compliance.