Wendy’s Sued for Mismanagement of Employee Fingerprints

As reported by ZDNet.com, a class-action lawsuit has been filed in Illinois that claims Wendy’s restaurant chain has broken state laws by improperly storing and managing employee fingerprints.

The complaint centers on Wendy’s practice of using biometric clocks that scan fingerprints when employees arrive at work, when they leave, and when they use the point-of-sale and cash register systems.

The suit contends that Wendy’s breaks the Illinois Biometric Information Privacy Act (BIPA) because the company doesn’t inform its employees how it uses their data and fails to obtain a written release with their explicit consent to obtain and handle the prints in the first place.

Further, according to the plaintiffs, Wendy’s doesn’t provide a publicly available retention schedule or guidelines for permanently destroying employees’ fingerprints after they leave the company.

“Unlike key fobs or identification cards – which can be changed or replaced if stolen or compromised – fingerprints are unique, permanent biometric identifiers associated with the employee,” the plaintiffs said in the complaint. “This exposes employees to serious and irreversible privacy risks.”

Also named in the lawsuit is Discovery NCR Corporation, which supplies Wendy’s with the biometric clocks and cash register access systems. The article suggests that NCR was included because of its similarity to Pay By Touch, a biometric company that once provided retailers in Illinois with fingerprint scanners. In late 2007, Pay By Touch had accumulated the fingerprints of many employees throughout the state, and there were concerns the company would sell the data in an effort to recoup expenses during a bankruptcy proceeding. BIPA was enacted as a response.

ZDNet.com reports that Wendy’s did not respond to a request for comment. Plaintiffs’ lawyers declined to comment when reached as well.