As businesses begin to re-open and operate on a limited basis, they may choose to take the precautionary measure of using a no-contact thermometer on their employees and customers. The federal government has recognized this as a legitimate practice, and the CDC has provided guidance on assessing employees’ and customers’ temperatures. While temperature taking is both legal and encouraged, logistics and data collection may complicate the process.
Businesses should develop best practices to both limit the exposure of employees tasked with taking temperatures and to insure privacy for customers. One of those best practices is the use of a no-contact thermometer. These devices are a popular choice and come in a variety of categories. The simple, no-contact infrared scanner is probably the most widely used. Other thermal scanners include facial recognition or are wearable (e.g., watches) stick-on sensors.
While the simple infrared scanner is unlikely to pose any problems, other thermometers with biometric reading capabilities may violate states’ biometric privacy laws. For example, Illinois requires private entities that collect, retain, or disclose biometric information to follow a set of requirements as outlined in their Biometric Information Privacy Act, or BIPA. Some of these requirements include establishing written retention and information destruction guidelines.
Businesses should be aware that if their no-contact thermometers are collecting personal information, they’re subject to data breach laws. Should a business collect and store an employee’s or customer's medical and/or biometric information, they may be required to notify those affected in the case of a data breach. Those notifications may trigger a class action scenario or investigation.
Before deploying a no-contact thermometer, businesses should be familiar with the device. They should have a firm understanding of the device’s data-capturing capabilities and other disclosures made by the selling company. Employees and customers should be comfortable with the process and the business should be transparent about what information they’re collecting.
It’s important to consider the risks associated with the use of these devices as businesses implement their return-to-work and reopening policies. It’s also always a good idea to consult legal counsel before making any decisions.