Biometric Information Security Policy
I. APPLICABILITY
This policy applies to all SURESTAFF, LLC, Surestaff Services LLC, and Pillar Staffing LLC (collectively “SURESTAFF”) employees who may be assigned to any SURESTAFF client that collects, stores, and/or uses Biometric Identifiers and/or Biometric Information (collectively “Biometric Data”) (as defined below).
II. PURPOSE AND ROLE
The purpose of this Biometric Information Security Policy (the “Policy”) is to define and explain SURESTAFF’s policies and procedures regarding the collection, use, safeguarding, storage, retention, and destruction of an employee’s Biometric Data.
SURESTAFF does not collect, store, or use Biometric Data. However, certain SURESTAFF clients may collect, store, and/or use Biometric Data in connection with, and during, a SURESTAFF employee’s assignment to such client. The purpose for the collection, storage, and/or use of Biometric Data may include, but is not limited to timekeeping, payroll, building or site access, security, verification, safety, and compliance. The SURESTAFF client may use third party services and/or equipment to collect, store, or use Biometric Data, but such third-party collection, storage, and use will be strictly limited to SURESTAFF’s and/or SURESTAFF’s client’s administrative purposes and will not be disclosed to any other third party for any other purpose.
A copy of this Policy will be made available upon request. A copy of this Policy is also available to the public at: www.sure-staff.com.
III. DEFINITIONS
For purposes of this policy, the following definitions shall apply:
A. “Biometric Identifier” means a retina or iris scan, fingerprint, voiceprint, or scan of hand or face geometry.
B. “Biometric Information” means any information, regardless of how it is captured, converted, stored, or shared, based on an individual’s biometric identifier used to identify an individual.
C. “Biometric Data” refers collectively to all Biometric Identifiers and Biometric Information.
IV. POLICY
A. SURESTAFF’s policy is to protect all Biometric Data in accordance with applicable standards and laws.
B. An employee’s Biometric Data will not be collected or otherwise obtained by SURESTAFF and/or a SURESTAFF client without the prior written consent of the employee. SURESTAFF and/or a SURESTAFF client will inform the employee of: (i) the purpose for collecting the Biometric Data; and (ii) the length of time the Biometric Data will be collected, stored, and used.
C. SURESTAFF will not sell, lease, trade, or otherwise profit from any Biometric Data that may come into SURESTAFF’s possession as the result of a SURESTAFF client’s collection and/or use of such Biometric Data.
D. SURESTAFF will not disclose any Biometric Data unless (i) consent is obtained from the employee, (ii) disclosure is necessary to complete a financial transaction requested or authorized by the employee, (iii) disclosure is required by State or federal law or regulation, or municipal ordinance, or (iv) disclosure is required pursuant to a valid warrant or subpoena.
E. If SURESTAFF comes into the possession of Biometric Data, it will be stored using a reasonable standard of care in SURESTAFF’s industry, and in a manner that is the same as or exceeds the standards used to protect other confidential and sensitive information held by SURESTAFF.
F. SURESTAFF will destroy any Biometric Data in its possession in accordance with the procedures outlined below.
V. PROCEDURES
A. Before an employee’s Biometric Data is collected, SURESTAFF and/or the SURESTAFF client will obtain the employee’s written consent using a consent form.
B. If any SURESTAFF employee who has not reviewed and/or signed a consent form is asked to provide Biometric Data in connection with his or her assignment to a SURESTAFF client, the employee must: (i) not provide his or her Biometric Data; and (ii) request that he or she be provided a consent form. In no event should a SURESTAFF employee provide Biometric Data to any SURESTAFF client before he or she has reviewed and agreed to the collection and/or storage of his or her Biometric Data. If the SURESTAFF client is unable to provide a consent form, the SURESTAFF employee should immediately contact Chris Klatka at 630-634-5633 or HR@sure-staff.com to request that a form be provided before he or she provides Biometric Data to the SURESTAFF client.
C. SURESTAFF will permanently destroy and delete any Biometric Data from its systems no later than three (3) years after the employee’s assignment with the SURESTAFF client ends. SURESTAFF will require the same of the SURESTAFF client to which the employee was assigned, along with any third party possessing Biometric Data.