Professional growth          Court news           Productivity           Technology          Wellness          Just for fun

Using biometrics in your legal practice: is it safe?

everything you need to know about using biometrics in a legal practice

The use of biometric technology is much more common than many people realize.

By using unique biological identifiers to identify and authenticate users — facial recognition and voice recognition are a couple of examples — this technology can provide heightened security.

The question for legal professionals is whether biometrics can or should be used in your legal practice.

Some considerations for using biometrics in law firms are security and practicality. In addition, legal practices must recognize the legal implications of this technology.

If your firm decides to implement biometrics, you should follow some practice pointers.

In this article, we cover the basics of biometric technology that legal professionals need to think about.

What are biometrics?

Biometric technology is used to recognize or authenticate employees using unique identifiers based on biological or behavioral traits.

Facial recognition is a type of biometric identification many people are aware of simply by accessing their smartphones, but there are many other types of biometric methods of identification such as retina scans, fingerprint scans, iris recognition, signature recognition — even ear authentication.

Behavioral identifiers can also be used, such as walking gait or typing speed and patterns.

The most common types of biometrics used in the workplace are facial recognition and fingerprint scanning.

Other types of biometrics such as iris scanning, voice recognition, and hand geometry are less widespread but still have some workplace usage. Mostly, these types of biometrics are used in high-security settings.

Currently, the broadest workplace application of biometrics is tracking employee time and attendance. A biometric time clock can ensure that clocking in and out is accurate and that users are who they purport to be.

Biometrics can also be employed to control access to confidential or sensitive information — something that legal practices deal with on a regular basis.

The primary advantages of biometrics are security and convenience.

In contrast with traditional security measures like passwords and ID cards, biometric identifiers cannot be stolen or replicated. In addition, users do not need to remember a password, or a set of passwords, in order to access systems.

Are biometrics really secure?

While biometrics provide a definite security advantage, one point must be stressed — no security system is completely invulnerable to breaches.

Facial recognition systems can be fooled using video clips of faces. Even fingerprints can be copied from touched surfaces and replicated with artificial versions made of gelatin and silicon.

Realistically, though, are you working with anything valuable enough for someone to put in the time, effort, and money to copy your fingerprint?

On the other hand, some types of biometric security are extremely difficult to bypass.

Retina scans and iris recognition are two examples of solid barriers to security breaches. However, these systems are also very expensive and less acceptable to most users. This means retina and iris detection will generally be used for high-security applications only instead of the typical legal setting.

Despite their lack of perfection, face and fingerprint recognition systems are adequate protection for most timekeeping and low-security functions. This means that legal professionals can reasonably rely on them.

Using biometrics in your legal practice

Should you use biometrics in your legal practice?

While biometrics can provide advantages, all businesses that implement them must consider the legal ramifications.

Fortunately, some simple pointers can effectively address these considerations.

Legal considerations with biometrics

Several states have enacted laws to regulate biometric data.

These regulations generally cover how this data should be collected, used, and stored. They also impose requirements of written policies concerning these practices, as well as written notices of these policies.

The Illinois Biometric Information Privacy Act (BIPA), enacted in 2008, was the first biometric privacy law in the United States.

The first class action lawsuits alleging BIPA violations were filed in 2015, unleashing a wave of litigation against employers using biometrics for timekeeping and security. Biometric privacy regulations have since been enacted in other states, such as California and Texas.

There are several common requirements of these state-level biometric regulations which obligate employers to do the following:

  1. Notify users that the employer is collecting biometric data;
  2. Establish policies regarding the collection, use, and storage of this data, and;
  3. Make commercially reasonable efforts to protect the data.


Practice pointers for utilizing biometrics

The best practices for compliance with biometric privacy regulations include the following:

  1. Notify all employees from whom you collect, or will be collecting, biometric data;
  2. Create clear policies on how this data will be handled, and;
  3. Constantly update your firm’s policies and procedures as the legal landscape evolves.


In addition, consider the practicality of any application of biometric technology your firm considers.

One widespread practice is the use of facial recognition with contract attorneys working from home. Many such systems monitor the user’s level of attention and kick the users out of the system if they look away from the monitor for too long.

Understandably, many contract attorneys feel these systems are overly intrusive. In addition, the attorneys complain of lost work time due to constantly needing to log back into the systems.

This is just one example where the use of biometrics may have too many drawbacks to make it worthwhile.

While biometrics serve as the newest frontier in top-of-the-line security, carefully consider whether your practice will implement them in light of the issues outlined here.

Are you fulfilling your duty of technological competence?

If you’re reading this article, we’re willing to bet that you take your duty of technological competence seriously.

However, if you do need to brush up on your requirements for tech competence, we’ve got you covered. Our free eBook can help you understand what it means to be technologically competent, and then help your whole firm meet those basic requirements.

Download it for free here:

eBook: Meeting tech competence expectations in your state


  • Mike Robinson

    After a fifteen-year legal career in business and healthcare finance litigation, Mike Robinson now crafts compelling content that explores topics around technology, litigation, and process improvements in the legal industry.

    View all posts

Our recommendations

Follow InfoTrack