Staffing firm to pay $1.5M over biometric data misuse

Photo by Immo Wegmann on Unsplash

DX Enterprises, a staffing and recruitment company from Princeton, Indiana, has agreed to a $1.5+ million biometric data privacy payout to settle a class action lawsuit, as reported by Staffing Industry Analysts on April 18, 2025.

 

What is biometric data?

Biometric data is personal information based on unique physical traits, such as fingerprints or facial features, used to identify and verify an individual.

 

The settlement resolves claims that the staffing company unlawfully collected and used workers’ fingerprint data without consent.

 

According to the court documents, the lawsuit was brought forward by an employee who had been assigned to work at a Toyota plant in Lawrenceville, Illinois.

 

The settlement comprises a $1,519,796.84 fund to be distributed among 586 affected workers, whose fingerprint scans were taken via a biometric attendance system between February 27, 2018, and January 7, 2025, without prior written consent.

 

Individuals are expected to receive $2,444.74 each, plus an additional $846.40 for every time an individual was rehired.

 

Eligible participants do not need to take any action to receive their share. Settlement checks will be mailed automatically within 21 days of the deal taking effect.

 

Lessons for Employers

 

This case highlights the growing legal risks associated with biometric data handling, particularly in Indiana, where the Biometric Information Privacy Act (BIPA) imposes strict requirements.

 

Under BIPA, companies must inform employees in writing if biometric data is stored, outline the purpose of data collection, and obtain signed consent. The law also mandates that companies maintain a publicly available data retention schedule and destruction policy. DX Enterprises was accused of ignoring all of these obligations.

 

What is a data retention schedule and destruction policy?

A data retention schedule outlines how long a company must keep certain types of personal data before it is deleted. A destruction policy sets the procedures for securely disposing of that data once the retention period ends.

 

To protect themselves, organizations must implement clear biometric data policies, obtain written consent from employees, and strictly adhere to biometric data laws.

 

Related Content:

What is Time and Attendance Software?

6 Reasons Why Companies Shouldn’t Use Time and Attendance Software

How to Track and Check Attendance

What are the Different Types of Attendance Systems?

What is Face Recognition Attendance?

See All