Two Lawsuits in One: The Growing Risk of Pairing Biometric Tech With Wage-and-Hour Violations

On April 16, 2026, a complaint alleging a putative class and collective action was filed in the U.S. District Court for the Northern District of Illinois, alleging that a property management company violated Illinois’ biometric privacy law through the use of its biometric timekeeping software. The complaint, which begins with the statement that “[t]his is a wage theft and privacy case,” emphasizes the legal risks that may arise when employers deploy biometric timekeeping technology without adequate compliance measures, particularly in Illinois, one of the most employee-protective states for biometric privacy claims.

The Complaint

According to the complaint, hourly workers at TI Communities, including the named plaintiff, Amir Muhammad, recorded their time using a timekeeping system, Worksite. With Worksite, Muhammad alleges, employees were subject to a face scan when clocking in and out. Worksite tracks work hours and collects employee’s face scans and, according to Muhammad, did so without employees’ written consent.

Muhammad claims that the company’s timekeeping and overtime practices violated the Illinois Minimum Wage Law, the Fair Labor Standards Act (FLSA), and the Illinois Biometric Privacy Act (BIPA).

His wage-and-hour claims focus on two theories: off-the-clock work and overtime rate miscalculations. Muhammad alleges that when he clocked in and out of work, the face scan recorded his working hours. However, he goes on to allege that TI Communities regularly called him back to work after hours and explicitly instructed him not to clock back in using the timekeeping system. As a result, Muhammad’s wage and hour claims were tied to the employer’s alleged failure to account for his overtime hours rather than its use of the face scan technology to establish his working time.

Thus, his BIPA allegations, and his application of BIPA’s protections to wage-and-hour practices, warrant the most attention.

The Biometric Privacy Claims

Illinois’ BIPA is among the strictest biometric privacy laws in the country. As relevant here, it requires employers who collect biometric identifiers (including face scans, fingerprints, and retina scans) to:

• Obtain a written release from each employee prior to collection.
• Provide employees with a written policy governing the retention and destruction of biometric data.

According to Muhammad’s complaint, TI Communities’ use of Worksite violated both these requirements of BIPA. Muhammad alleges the company failed to maintain and publicize the required policy about its biometric practices and that it did not seek written consent from employees before using the face scanning technology.

 Key Takeaways

This case is a timely reminder of several overlapping compliance obligations for employers, particularly as states continue to increase their regulation of biometric data.

The use of biometric time-and-attendance systems is increasingly common across industries. Employers using such systems in Illinois — or those with operations in other states with biometric privacy laws (such as Texas and Washington) — must ensure that their deployment of these tools is supported by appropriate written consent forms, retention schedules, and employee-facing disclosures.

Best practices when using biometric time-and-attendance systems may include:

• Auditing timekeeping practices to identify whether employees are performing any work, including after-hours or on-call work, that is not being captured and compensated.
• Auditing biometric data collection to confirm that all required written consents have been obtained before any biometric identifiers are collected.
• Implementing or updating a written BIPA policy covering data retention schedules, destruction timelines, and third-party disclosure restrictions.
• Training supervisors on their obligations under federal and state wage-and-hour and privacy laws.