How to Comply with Illinois BIPA When Using Fingerprint Time Clocks in Chicago Workplaces

How to Comply with Illinois BIPA When Using Fingerprint Time Clocks in Chicago Workplaces

Illinois’ Biometric Information Privacy Act (BIPA) allows statutory damages of $1,000 per negligent violation or $5,000 per reckless/intentional violation—plus attorneys’ fees—making fingerprint time clocks in Chicago a high-risk compliance area. Chicago employers often deploy biometric timekeeping for wage-and-hour accuracy, but BIPA imposes strict notice, consent, retention, and security duties. This article explains how to implement fingerprint time clocks in Chicago workplaces while reducing BIPA exposure.

Why fingerprint time clocks create unique BIPA exposure in Chicago

Fingerprint-based time clocks are common in Chicago workplaces because they reduce “buddy punching,” automate timekeeping, and support accurate payroll. In Illinois, however, those operational benefits come with a legal tradeoff: the collection, capture, or use of fingerprints (and similar identifiers) is regulated by the Illinois Biometric Information Privacy Act, 740 ILCS 14 (BIPA).

BIPA is plaintiff-friendly and frequently litigated in Cook County. It provides a private right of action and statutory damages of $1,000 per negligent violation or $5,000 per reckless or intentional violation, as well as potential injunctive relief and attorneys’ fees. Because a time clock can scan a fingerprint repeatedly (daily, per shift, for years), alleged noncompliance can scale quickly in class actions.

For Chicago employers, the practical question is not whether to modernize timekeeping—it is how to deploy biometric time clocks in a way that satisfies BIPA’s requirements and minimizes litigation risk.

What BIPA regulates: “biometric identifiers” and “biometric information”

BIPA applies when a private entity collects, captures, purchases, receives through trade, or otherwise obtains a person’s biometric identifier or biometric information.

Common time-clock data that triggers BIPA

Fingerprint time clocks typically implicate BIPA because “fingerprint” is expressly included as a biometric identifier. Many systems do not store a raw image of the fingerprint; they store a “template” or mathematical representation. That distinction does not eliminate BIPA risk. If the system uses the fingerprint to create or use a template for identification, employers should treat the process as BIPA-covered collection/capture and handle it accordingly.

Who is covered?

Employees are commonly the affected individuals in time-clock deployments, but BIPA claims can also arise from contractors, temporary workers, union employees, interns, and in some settings visitors who use biometric access controls.

The four BIPA pillars for fingerprint time clocks

While BIPA has multiple sections, Chicago employers implementing fingerprint time clocks should focus on four core compliance duties: (1) written policy and retention schedule, (2) notice, (3) written release/consent, and (4) restrictions on disclosure and data security.

1) Publish a written biometric policy and retention schedule (Section 15(a))

BIPA requires a private entity in possession of biometric identifiers/information to develop a written policy, make it available to the public, and establish a retention schedule and guidelines for permanently destroying biometric data when the initial purpose has been satisfied or within three years of the individual’s last interaction with the entity, whichever occurs first.

Practical steps for Chicago workplaces:

  • Write a standalone Biometric Information Policy that addresses timekeeping use cases specifically (enrollment, authentication, vendor involvement, storage, deletion).
  • Define “last interaction” for employees (often separation from employment, or last day worked if a worker becomes inactive).
  • Set a deletion workflow tied to HR offboarding so biometric templates are deleted promptly and logged.
  • Make it publicly available, typically by posting on the company’s external website or other method that is genuinely accessible (not just an internal portal), and keep archived versions.

Example: A West Loop restaurant group uses a fingerprint time clock for hourly staff. Its policy states that biometric templates are collected solely for timekeeping, stored by a named vendor in encrypted form, and deleted within 30 days of termination or within three years of the employee’s last clock-in—whichever occurs first—unless a longer period is required by law for an active dispute, then deleted upon resolution.

2) Provide specific written notice before collection (Section 15(b))

Before collecting or capturing a fingerprint, BIPA requires that the employer inform the individual in writing that biometric data is being collected or stored, and inform them in writing of the specific purpose and length of time the data will be collected, stored, and used.

Common notice pitfalls in time-clock rollouts:

  • Using generic onboarding acknowledgments that do not mention biometrics.
  • Stating a purpose (“timekeeping”) but not stating the duration (retention period tied to last interaction/purpose completion).
  • Failing to address vendor processing (e.g., cloud-based time clock provider).

Chicago-specific operational note: Many employers have multiple locations and seasonal staffing. If a worker transfers from a Logan Square location to a Loop location but uses the same vendor platform, ensure the notice still accurately describes purpose and retention, and that enrollment practices are consistent across sites.

3) Obtain a written release (consent) (Section 15(b))

BIPA requires a written release (often satisfied by a signed consent) from the individual or, in an employment context, from the employee as a condition of employment—provided it is properly informed and tied to the required notice.

What good consent looks like in a fingerprint time-clock program:

  • Standalone biometric consent form (not buried in an employee handbook).
  • References the biometric policy and confirms it was provided or made available.
  • States the purpose (timekeeping/payroll administration, fraud prevention) and retention/destruction timeframe.
  • Authorizes collection, storage, and use and acknowledges any vendor involvement.
  • Signed before enrollment (no “sign later” approach).

Union workplaces: If the Chicago workplace is unionized, consult labor counsel on whether implementing or modifying biometric timekeeping triggers bargaining obligations under the CBA or labor law principles. BIPA consent is still required, but the rollout may also require labor-relations planning.

4) Control disclosure and protect biometric data (Sections 15(c), 15(d), and 15(e))

BIPA restricts profiting from biometric data, limits disclosure, and requires reasonable security measures.

Disclosure limitations (15(d)): Do not disclose or disseminate an employee’s fingerprint template unless the employee consents, disclosure completes a financial transaction requested by the employee, it is required by law, or it is pursuant to a valid warrant/subpoena.

Security standard (15(e)): Store, transmit, and protect biometric data using the reasonable standard of care within the industry and at least as protective as the way the company stores other confidential and sensitive information.

Security checklist tailored to time clocks:

  • Confirm whether the system stores templates on-device or in the cloud, and map data flows.
  • Require encryption in transit and at rest for biometric templates.
  • Limit access by role (IT/security admins only) and implement MFA for administrative portals.
  • Maintain logs for enrollment, access, and deletion events.
  • Ensure incident response plans address biometric data and vendor notification timelines.

Vendor contracts: the most overlooked BIPA risk lever

Chicago employers often use third-party timekeeping vendors that provide biometric scanners, software, and cloud hosting. BIPA compliance can be undermined if vendor agreements are silent on retention, deletion, security, or subcontractors.

Key contract terms to negotiate

  • Data ownership and permitted use: Vendor may use biometric data solely to provide services and not for product training, analytics, or unrelated purposes.
  • Retention and deletion: Vendor must delete templates upon employer instruction and automatically upon account termination; confirm deletion from backups where feasible.
  • Subprocessors: Vendor must disclose subprocessors and flow down equivalent obligations.
  • Security controls: Minimum controls (encryption, access controls, vulnerability management) and audit rights or security attestations (e.g., SOC 2).
  • Indemnity and limitation of liability: Consider BIPA-specific indemnities, defense obligations, and realistic caps, given class action exposure.
  • Cooperation: Vendor must support responding to employee requests and litigation holds.

Example: A Chicago manufacturing employer learns its vendor retains biometric templates indefinitely by default. A contract addendum is used to require deletion within 30 days of separation and annual certification of deletion practices.

Implementation roadmap for a compliant Chicago rollout

A defensible program is built like a project, not a memo. Below is a practical sequence many employers use.

Step 1: Decide whether biometrics are necessary

BIPA does not prohibit fingerprint clocks, but risk is real. Evaluate alternatives such as PIN + badge, mobile app with geofencing, or facial recognition (also covered by BIPA) depending on operations. If biometrics are chosen, document the legitimate business purpose (time theft prevention, auditability, payroll accuracy) and why less intrusive options are insufficient.

Step 2: Data mapping and system configuration

Identify: where the template is created, where it is stored, who can access it, whether it is shared across locations, and how deletion works. Configure the system to minimize collection (e.g., store templates, not images; disable unnecessary exports).

Scroll to Top