Negative Impact on State and Federal Compliance

As technology advances, employers search for new and innovative ways to become more efficient in the matter by which they conduct business. With the introduction of new and sophisticated timekeeping technology employers are facing an uphill battle with potential class-action lawsuits. Employers have sought different ways to prevent timekeeping theft, and more efficient methods of recording time be it for clocking in and out at the beginning and end of a shift, or for lunch breaks. Their interests have been answered by software manufacturers and payroll companies. The problem is that the technicians that develop the software may not be aware that the technology may seem to answer the call on one level, but thrusts employers into the cesspool of litigation because the use of that software undermines certain state laws when used as directed.

The key areas involve biometric timekeeping by thumb, hand, and retina scans, automatic deduct for lunch, lock-out systems for lunch, rounding, electronic surveillance, Artificial Intelligence, and cellphone timekeeping apps., to name the most common.

Biometric time clocks appear to be the most secure and accurate way to record an employee’s working time. This method is associated with hand scans, thumb scans, and even retina scans to record working time. Across the country, there is a growing trend of enacting biometric privacy laws that have created an abundance of class-action lawsuits against employers. These laws and regulations have required employers to inform employees of the tracking method being utilized be it by hand, thumb, or retina scans. The employer is also required to inform the employees of the biometric information being gathered or the biometric identification.

Illinois has been noted as the state that set the benchmark regarding the use of biometrics. The “Illinois Biometric Information Privacy Act” pretty much established the bar for other states to follow and many have. The purpose of this legislation was to address the regulation, storage, and use of information gathered from employees by the methods noted above. Severe penalties can be doled out when an employer fails to adhere to the strict guidelines of the state the employer is operating in. Currently, there are approximately 9 states that have enacted similar laws and approximately 21 others that have proposed legislation.

From the employer’s perspective, the use of biometrics to track employees is extremely helpful in meeting timekeeping requirements. The problem is there are employers that do not or have not, conform to the legislative requirements that go along with utilizing any of the biometric systems. The end result is class-action lawsuits. One notable case was recent case was Cothron v. White Castle Systems, Inc. In that case, the employer, White Castle, required its employees to scan their fingerprints to access their pay stubs and computer. The complaint alleged, that the employer implemented the bio-metric collection system in violation of the Illinois Biometric Information Privacy Act, (740 ILCS 14/15(b), section (d), which provides that a private entity may not “collect, capture, purchase, receive through trade, or otherwise obtain” a person’s biometric data without first providing notice to and receiving consent from the person; a private entity may not “disclose, redisclose, or otherwise disseminate” biometric data without consent.[1] The problem for White Castle was that the company failed to timely obtain the consent of the plaintiff and her co-workers to acquire her fingerprint biometric. The assessed liability was based on each employee for each day the information was collected and stored. This a costly result for an employer that used technology as directed but failed in their responsibility associated with the collection and storage of the data. Giving notice, getting the consent of the employees, and when it would be destroyed, were all that would have been necessary.

Another major example—is Facebook! They had to settle a case for violating the Illinois Biometric Information Privacy Act. The end result is $550 million dollars and is the largest consumer privacy settlement in the United States. Great technology, but the guidelines must be followed to the letter of the law.

Biometric time clocks appear to be the most secure and accurate way to record an employee’s working time. This method is associated with hand scans, thumb scans, and even retina scans to record working time. Across the country, there is a growing trend of enacting biometric privacy laws that have created an abundance of class-action lawsuits against employers. These laws and regulations have required employers to inform employees of the tracking method being utilized be it by hand, thumb, or retina scans. The employer is also required to inform the employees of the biometric information being gathered or the biometric identification.

Illinois has been noted as the state that set the benchmark regarding the use of biometrics. The “Illinois Biometric Information Privacy Act” pretty much established the bar for other states to follow and many have. The purpose of this legislation was to address the regulation, storage, and use of information gathered from employees by the methods noted above. Severe penalties can be doled out when an employer fails to adhere to the strict guidelines of the state the employer is operating in. Currently, there are approximately 9 states that have enacted similar laws and approximately 21 others that have proposed legislation.

From the employer’s perspective, the use of biometrics to track employees is extremely helpful in meeting timekeeping requirements. The problem is there are employers that do not or have not, conform to the legislative requirements that go along with utilizing any of the biometric systems. The end result is class-action lawsuits. One notable case was recent case was Cothron v. White Castle Systems, Inc. In that case, the employer, White Castle, required its employees to scan their fingerprints to access their pay stubs and computer. The complaint alleged, that the employer implemented the bio-metric collection system in violation of the Illinois Biometric Information Privacy Act, (740 ILCS 14/15(b), section (d), which provides that a private entity may not “collect, capture, purchase, receive through trade, or otherwise obtain” a person’s biometric data without first providing notice to and receiving consent from the person; a private entity may not “disclose, redisclose, or otherwise disseminate” biometric data without consent.[1] The problem for White Castle was that the company failed to timely obtain the consent of the plaintiff and her co-workers to acquire her fingerprint biometric. The assessed liability was based on each employee for each day the information was collected and stored. This a costly result for an employer that used technology as directed but failed in their responsibility associated with the collection and storage of the data. Giving notice, getting the consent of the employees, and when it would be destroyed, were all that would have been necessary.

Another major example—is Facebook! They had to settle a case for violating the Illinois Biometric Information Privacy Act. The end result is $550 million dollars and is the largest consumer privacy settlement in the United States. Great technology, but the guidelines must be followed to the letter of the law.

[1] Cothron v. White Castle System, Inc. :: 2023 :: Supreme Court of Illinois Decisions :: Illinois Case Law :: Illinois Law :: US Law :: Justia

California, on the heels of Illinois, enacted its own Biometric Data collection legislation coupled with the stringent privacy laws in the country. The California Consumer Privacy Act (which only applies to businesses with $25 million in gross revenues or possess and sell large amounts of personal data) became effective on January 1, 2020, and obligates employers to comply with the requirements concerning the collection, storage, and use of employee, applicant, and independent contractor biometric information. As a direct result, employers must provide notice when collecting personal information for employment, recruitment, and contracting with an independent contractor. In addition, the data collected can never be used for any reason that is not provided in the notice. It should be noted, however, the CCPA has been changed more than once. As an example, effective January 1, 2023, employers are under the obligation to review all such data received during 2022 and provide after-the-fact disclosures on all such information received and retained during that year.

The following are suggested steps that employers may want to consider if they are collecting, possessing, or capturing biometric information or biometric identifiers. They are not intended as legal advice and I would strongly recommend discussing these suggestions, or possibly others, with counsel.

1. Have a written policy in place that clearly establishes a retention schedule and guidelines for the destruction of any biometric information or biometric identifiers that was received.
2. Have a separate document for each applicant and employee to sign consenting to the use of biometric information and identifiers.
3. How the biometric information and biometric identifiers will be secured keeping in mind that any challenge to the secure methods will take into consideration a reasonable standard of care utilized within the respective industry of the employer.
4. Employees must be notified that their biometric information and biometric identifiers will be collected, the purpose for which it is being collected, and the length of time it will be collected, stored, or used.
5. Employers need to secure a written release from the employee before the collection of the biometric information and biometric identifiers.
6. Train all individuals associated with the collection, storage, or use of biometric information and biometric identifiers to ensure compliance with policy and any state or federal requirements.

Note: There could be the recovery of liquidated statutory damages, or actual damages for violations of the above-noted state or federal guidelines.

California employers have sought to find more efficient ways for recording the time employees work. The old “punch-in” method created time theft when others clocked in for co-workers. Cheating on time created a response from software manufacturers to create what they believed was a better way to avoid the issues of the past. Payroll companies, for example, adopted the new methods and sold the concept to their respective client base. Legal issues that emerged were unlawful rounding and automatic deductions for lunch. Now another trend is emerging. “Locking out” an employee from being able to clock back in from lunch before the required thirty-minute minimum under California law for every five (5) hours worked.

The issue of “rounding” an employee’s time has created an absolute class-action nightmare for employers. Often, the employer is blindsided because they apply the technology and did not realize that a potential issue existed with this timekeeping method. Just to be clear, rounding is the practice of capturing time entries and converting them to the close five, ten, or 15-minute equivalent. Clients have stated that they love rounding because it is “easier to calculate for payroll purposes.” We have to constantly remind them that there is no California law that cares about the simplicity afforded by basic math techniques when it comes to ensuring that all employees are paid for all hours worked. In a landmark case, Home Depot fell victim to using rounding methods.

Camp v. Home Depot, a case that was resolved in October 2022, had over 60,000 employees. The complaint defined the class as:

“All person[s] current or formerly employed by Defendant HOME DEPOT U.S.A., Inc., in hourly-paid positions within the State of California at any time on or after the date four years prior to the filing of the initial Complaint in this matter and whose aggregate work time for purposes of calculating payroll was lower after application of time rounding by Defendant HOME DEPOT U.S.A., Inc.’s timekeeping systems than the aggregate work time captured by the timekeeping system before applying rounding to daily total time worked.”[1]

Take note of the fact that the potential damage claims go back four years. This included current and former employees of Home Depot. Home Depot used an electronic timekeeping system that recorded the exact minute clocked in and out for each shift and for meal breaks. The problem that emerged was that the system applied a quarter-hour rounding policy to the hourly employee’s total shift time. With that rounding policy, the records reflected that the employees were not paid for all hours worked. In fact, the records showed that rounding Camp’s time resulted in it being reduced by 470 minutes in the aggregate. The technology was there but the rounding policy contained within the system created the eventual nightmare for Home Depot. Part of the problem, Home Depot appears to have had a comfort zone and no one, apparently, double-checked to ensure that the employees were being paid for all time worked. Or was their comfort level based on a prior ruling in another landmark case years before?

In See’s Candy Shops v. Superior Court, the Court held that an employer’s time-rounding policy is lawful when the policy is “fair and neutral on its face” and is used in a way that will not result, over a period of time, “in failure to compensate the employees properly for all the time they have actually worked.” The See’s Candy test permitted timeclock rounding systems, so long as the rounding was to the nearest set increment, as opposed to always rounding against the employee.[2]

A final point—meal periods and rounding. Again, employers need to be cognizant that the technology with rounding is not necessarily their friend. As applied to the meal break, rounding time principles could, and has, created scenarios where the lunch break ended up being less than thirty minutes. When that happens, the meal period premium penalty gets applied and opens up pandora’s box for class-action lawsuits.

[1] Delmer Camp v. Home Depot U.S.A. Inc., Case No. 19-cv-02240-RS, 3 (N.D. Cal. Jul. 26, 2019)
[2] See’s Candies, Inc. v. Superior Court, 73 Cal.App.5th 66, 288 Cal. Rptr. 3d 66 (Cal. Ct. App. 2021)

The following are suggested steps that employers may want to consider if they are using a software program that rounds. These are not intended as legal advice and I would strongly recommend discussing these suggestions, or possibly others, with employment law counsel.

1. Continuing to use the rounding time method puts the employer at risk
2. Employers need to re-think the use of an automatic timekeeping system from either an internal software program or through the use of a payroll company
3. If an employer chooses to continue with either of the above, then all employees associated with payroll and timekeeping need to be trained on the implementation, use, and pitfalls associated with rounding.

Meal break violations, either not taking one, or taking one for less than thirty (30) minutes running a close second to the rounding issue creating liability for damages. The technology associated with punching in and out for lunch is not without its own set of problems. Employers rightfully push managers and supervisors to monitor employees to ensure they are clocking in and for lunch. Unfortunately, that system is not always successful. In response, employers look toward some of the timekeeping features offered by payroll companies and internal software programs.  They include automatic deductions for lunch and a lockout program that prevents employees from clocking back in before the thirty-minute lunch has expired.

One of the features offered through timekeeping technology is an “automatic” deduction of thirty (30) minutes to ensure that employees are taking their lunch required by California law when an employee works five (5) hours or more. Employees sometimes do not clock out, whether intentionally or by accident. In response, employers will activate the automatic deduction feature that takes the time from the employee’s time record thereby, at least in thinking, they have satisfied California law. Not so! The problem reflected in many litigations is that there are times when employees have not taken lunch on a given day and the time has been taken. When this system is challenged either before the Department of Labor Standards, or in Superior Court, there is the presumption that the employer is not keeping accurate time records of all hours worked. This finding can open the door to claims the employer’s timekeeping records are not valid and subject the employer to costly penalties and class-action lawsuits.

What appears to be a new timekeeping technology feature to ensure the entire thirty (30) minute lunch period is being taken is a “lockout” procedure. When an employee punches out for lunch, the timekeeping software prevents them from clocking back in less than the full thirty (30) minutes as required by California law. What this procedure does not take into consideration is when an employee may have to return to work while having lunch, even briefly (although the employee is entitled to an uninterrupted lunch), for a business reason. It happens, especially in a business that has walk-in customers. The easy resolve is they can go back and continue their lunch for the remainder of the 30 minutes. In order to defend itself, the employer must have some record that proves the employee was able to continue their lunch for the minutes missed. In most cases, the employer does not have that evidence. This brings back the same issue of an employer monitoring time, which employers have a tendency not to do which is why they use the software indicated.

Employers have also incorporated timekeeping through the use of cell phones. Employees can clock in and out through the use of either their cell phones or a company cell phone. The opportunity to steal time is still present however, where some employers fail is not to pay the employees for the use of their personal cell phones for business purposes as required under California law. Failure to monitor cellphone time entries and to reimburse for the use of the cellphone creates a risk of double liability.

The following are suggested steps that employers may want to consider if they are using a software feature either for automatic deductions or lockout for lunch breaks. They are not intended as legal advice and I would strongly recommend discussing these suggestions, or possibly others, with counsel.

1. Disable the automatic deduction feature for lunch breaks.
2. Disable the lockout feature for lunch breaks and enforce the policy regarding taking the full thirty (30) minutes for lunch.
3. Pay employees for the use of their personal cell phones for business purposes.

Technology has been incorporated into our personal and business lives in many different ways. Employers, seeking to find more efficient ways to track the working hours of their employees, acted as a catalyst for software manufacturers to create new products. They listened to the concerns expressed by employers and answered them with new innovative ways to track time. The technology can work; however, both employers and software developers need to consider the various laws that could be violated using the technology. Ultimately, the employer has to safeguard its own interests by ensuring that they are not violating any state or federal, or federal law.