Biometric Data Privacy Policy | STERIS Biometric Data Privacy Policy | STERIS
STERIS Corporation - Helping to provide a healthier today and a safer tomorrow.

STERIS Biometric Data Privacy Policy

STERIS is committed to protecting your privacy. In order to efficiently and securely track employee time records STERIS may use a biometric timekeeping system. STERIS may also use a biometric system for the purposes of personnel identification. STERIS may use third-party timeclock and personnel identification vendors to supply it with biometric timekeeping systems.

STERIS collects certain personally identifiable information that may be defined by law as "biometric information" or "biometric identifiers" (together, "Biometric Data") under various laws concerning biometric data, including, but not limited to, the Illinois Biometric Information Privacy Act. This Biometric Data Privacy Policy (“Policy") governs the collection, retention, disclosure, and destruction of Biometric Data in accordance with applicable law.

Biometric Data Defined:

As used in this Policy, "biometric identifiers" means fingerprints; voiceprints; retina, iris, or hand scans; or face geometry. Biometric identifiers do not include information such as writing samples, written signatures, photographs, human biological samples used for valid scientific testing or screening, demographic data, tattoo descriptions, or physical descriptions such as height, weight, hair color, or eye color.

"Biometric information" means any information, regardless of how it is captured, converted, stored, or shared, based on an individual's biometric identifier used to identify an individual.

Why STERIS Collects and Uses Biometric Data

STERIS and the vendors and/or licensors of our time and attendance software collect, store, and use images of fingerprints as well as data representing or derived from fingerprints or other biometric identifiers, from personnel solely for personnel identification and timekeeping purposes.

Data Disclosure

Subject to individual consent, STERIS may disclose the Biometric Data to its third-party vendors and/or licensors in order to facilitate the provision of the time and attendance software.

STERIS does not sell, lease, trade, or otherwise profit from the Biometric Data.
STERIS prohibits any further disclosure or re-disclosure of Biometric Data unless the disclosure:

  1. Is consented to by the individual or the individual's legally authorized representative;
  2. Is required by state or federal law, or required by municipal ordinance; or
  3. Is required pursuant to a valid warrant or subpoena issued by a court of competent jurisdiction requesting Biometric Data.

Data Security

STERIS is committed to collecting and processing Biometric Data responsibly and in accordance with applicable law. STERIS stores, transmits, and protects all Biometric Data using a reasonable standard of care with measures that are at least equivalent to measures that STERIS uses to store, transmit, and protect its other confidential and sensitive information, such as medical records, financial account numbers, drivers' license numbers and social security numbers. These measures include storing and transmitting Biometric Data in encrypted format.

Retention Schedule and Destruction

STERIS retains the Biometric Data until the first of the following occurs:

  1. The initial purpose for the collection has been satisfied (e.g., so long as the individual from whom it collects Biometric Data is in a role for which timekeeping is required); or
  2. For no longer than three years from the personnel's last interaction with STERIS.

Unless otherwise required by law or legal process, once the retention schedule no longer authorizes STERIS to retain the Biometric Data, STERIS securely and permanently destroys the Biometric Data.