The only excuse they have is the fingerprint scanners were installed before the law.
If an IT guy is making a change to accessing payroll that affects 10k employees… it’s corporate lawyer time. I would never touch a payroll system or related (eg time tracking) without labor lawyers at a minimum. This wasn’t a casual IT guy plugging a usb fingerprint sensor into a computer in the break room of a mom and pop sandwich shop. It was across an entire national chain and they were transmitting and storing prints with multiple third parties. They totally had contracts reviewed and lawyers involved already.
By now (maybe not in 2008) everyone should know that if you touch personal data or god forbid medical/biometric at all you should get a privacy lawyer review. It’s 2023 and even Facebook asks for consent. At my previous job we’d schedule a lawyer call before started logging new data or updating schemas in a database. Only takes 15 minutes to explain, and a business day for preliminary research on the lawyers part.
White Castle started requiring consent in 2018 co-timed to when a major employer in the state was sued for the using fingerprints for payroll. So someone must be paying attention to something, just not soon enough.
If an IT guy is making a change to accessing payroll that affects 10k employees… it’s corporate lawyer time. I would never touch a payroll system or related (eg time tracking) without labor lawyers at a minimum. This wasn’t a casual IT guy plugging a usb fingerprint sensor into a computer in the break room of a mom and pop sandwich shop. It was across an entire national chain and they were transmitting and storing prints with multiple third parties. They totally had contracts reviewed and lawyers involved already.
By now (maybe not in 2008) everyone should know that if you touch personal data or god forbid medical/biometric at all you should get a privacy lawyer review. It’s 2023 and even Facebook asks for consent. At my previous job we’d schedule a lawyer call before started logging new data or updating schemas in a database. Only takes 15 minutes to explain, and a business day for preliminary research on the lawyers part.
White Castle started requiring consent in 2018 co-timed to when a major employer in the state was sued for the using fingerprints for payroll. So someone must be paying attention to something, just not soon enough.