Wendy’s Reportedly Sued Over Collection of Employees’ Fingerprints | Cyber Security
According to ZDNet, former Wendy’s employees Martinique Owens and Amelia Garcia submitted the lawsuit to a Cook County court on 11 September.
A copy of the complaint received by ZDNet alleges that Wendy’s violated the Illinois Biometric Information Privacy Act (BIPA) in its use of biometric clocks to scan employees’ fingerprints when they arrive at work, use a location’s point-of-sale (POS) systems and leave for the day.
Per the complaint, Owens and Garcia assert that Wendy’s does not obtain written consent from its employees to collect and manage their fingerprints. They also argue that the fast food restaurant chain does not identify a purpose for the collection of the fingerprints in writing and does not provide guidelines for permanently destroying the data of employees who leave the company.
“While there are tremendous benefits to using biometric time clocks in the workplace, there are also serious risks. Unlike key fobs or identification cards–which can be changed or replaced if stolen or compromised–fingerprints are unique, permanent biometric identifiers associated with the employee,” the plaintiffs note in their complaint. “This exposes employees to serious and irreversible privacy risks.”
As specified in the lawsuit, Owens and Garcia want to know whether Wendy’s “sold, leased, traded, or otherwise profited from Plaintiffs’ and the Class’s biometric identifiers or biometric information.” They also are intent on learning whether the fast food restaurant chain or its biometric clock and POS system provider Discovery NCR Corporation used the collected fingerprint data to ever track employees.
Reports of this complaint follows more than two years after Wendy’s investigated a payment card security incident at some of its restaurant locations. A U.S. district court preliminarily approved a class action settlement pertaining to that incident in August 2018.