Privacy Issues in the Community College Workplace

J. B IOMETRICS “Biometrics” is an automated method used to recognize an employee’s unique physiological or behavioral characteristics. 482 Biometrics is a general term that is used to describe a process or a characteristic. 483 Biometrics is often used to improve security and productivity in the workplace. “Physiological biometrics” include fingerprint scanners or sensors, and iris recognition technology. 484 “Behavioral biometrics” include voice, keystroke, gait and signature recognition capabilities. 485 Biometrics is used to track productivity and to grant employees access to secured workspaces or locations. information poses both privacy and security risks for employers. Generally, this data is electronically stored. Employers must weigh the risk of privacy violations that will result if an employee’s personal data is lost, stolen or misplaced against the convenience that using biometrics may afford to employers. For example, because fingerprints are unique to each person, the risk of identity theft is great if a hacker were to obtain fingerprint information along with other employee data. Because of the risks involved with the use of this technology, employers should use biometrics only when they have legitimate business needs that justify its use. For example, employers may use biometrics to restrict access to highly secured buildings, such as prisons. However, we advise that all employers seek legal counsel and technical advice before implementing this type of technology. Biometrics pose privacy considerations for employers because it requires that employers collect employee physiological or behavioral data. The collection and storage of this highly confidential K. E MPLOYER ’ S A FFIRMATIVE D UTY T O R EPORT E MPLOYEES ’ U NLAWFUL A CTIVITY O N T HE I NTERNET In a case of first impression, an appellate court in New Jersey has found that, under certain circumstances, an employer may be subject to a common law negligence claim for failing to report an employee’s use of workplace computers to access child pornography. In Doe v. XYC Corp 486 , a mother brought an action for negligence on behalf of her minor daughter against her husband’s employer for failing to report the husband’s use of a workplace computer to access pornography and send nude photos of the daughter to a child porn site. The trial court granted the employer summary judgment on the grounds that it had no duty. The appellate court reversed finding that the employer’s computer use policy, which included monitoring employee’s computer use and resulted in the detection of employee’s access to child porn sites, created a duty to report the “employee’s activities to the proper authorities to take effective internal action to stop these activities whether by termination or some less drastic remedy.” This case does not reflect California law, and it is unclear if it reflects current trends in the law. The decision is instructive, however, in that it raises questions concerning whether an employer has an obligation to report an employee engaging in illegal conduct on the Internet to the authorities once that misconduct is discovered via monitoring.

Privacy Issues in the Community College Workplace ©2021 (c) Liebert Cassidy Whitmore 155