On September 11th, Wendy’s was on the receiving end of a class action lawsuit based on their use of biometric clocks to monitor when employees clock in and out, use point-of-sale systems, and cash registers. The plaintiffs claim that Wendy’s actions break the Illinois Biometric Information Privacy Act (BIPA) by not informing its employees of the specifics in writing. Following the BIPA guidelines, employers must provide the direct purpose and length of time the fingerprints are being collected, stored, and used. Wendy’s also did not ask for consent from employees to allow for them to do these things. In the lawsuit, Discovery NCR Corporation was named as the software company that provides Wendy’s with their biometric clocks. This comes as no surprise because the BIPA law was put into place in 2008 because of a major suit with a company similar to Discovery NCR. “While there are tremendous benefits to using biometric time clocks in the workplace, there are also serious risks. Unlike key fobs or identification cards–which can be changed or replaced if stolen or compromised–fingerprints are unique, permanent biometric identifiers associated with the employee,” the plaintiffs said in the complaint. “This exposes employees to serious and irreversible privacy risks.” Both sides have denied requests for comments due to the ensuing lawsuit.
Written by: Nataliia Zdrok, Threat Intelligence Analyst at Binary Defense Russia’s invasion of Ukraine increased