California employers who operate under the assumption that there are no applicable legal requirements that must be satisfied when using biometrics in their day-to-day operations are mistaken and California Labor Code § 1051 demonstrates otherwise. The California Consumer Privacy Act of 2018 (CCPA) and its soon-to-be successor, the California Privacy Rights Act of 2020 (CPRA), can result in criminal penalties for noncompliance. Labor Code § 1051 bars employers that require employees or job applicants to furnish their fingerprints from disclosing that fingerprint biometric data to any third party. Employers in the state should first ensure that their biometrics service providers and vendors are completely precluded from accessing any fingerprint data collected by the employer through the service provider/vendor’s technology and maintain robust policies and protocols to prevent inadvertent disclosures of employee fingerprint data to any third parties. Employers also must maintain robust security measures to safeguard employee fingerprint data.
