Skip to Content Skip to footer

US Employee Biometric Data Policy

PURPOSE

This Policy describes the way in which ACCO Brands handles biometric data (e.g., fingerprint scans, fingerprint templates, facial scans) in the course of its business.

APPLICABILITY

  • United States – All Employees

KEY POINTS

  • When collecting biometric data, ACCO Brands must obtain a signed consent form (as shown in Annex 1) from the individual providing their data.
  • ACCO Brands must implement adequate technical and organizational measures to protect biometric data.
  • ACCO Brands cannot sell or disclose biometric data in most cases. If you would like to disclose biometric data to any third party, you must obtain approval from Senior Counsel – HR & IT.
  • If you have any questions about this Policy, contact DataPrivacy@acco.com.

POLICY

Employees

ACCO Brands may issue company-owned electronic devices such as smart phones, laptops or peripheral devices (collectively, “Devices”) that offer employees the opportunity to use biometrics technologies, such as fingerprint scans or facial scans for various purposes, including unlocking the devices and logging in.  Employees can use or not use these features at their discretion.  If employees elect to use the features, this Policy outlines how ACCO Brands may collect, store, use and destroy the biometric data.  This Policy supplements any other communications and policies that relate to this subject, including applicable ACCO Brands HR Privacy Notices.

COLLECTION, STORAGE, AND USE OF YOUR ENCRYPTED SCAN

The first time an employee uses biometric login, the device scans the fingerprint and/or face to obtain an encrypted mathematical algorithm (“Encrypted Scan”), which is used to confirm the employee’s identity to unlock and/or log in to the device.  Each subsequent scan is compared to the Encrypted Scan created by the initial scan.  The Encrypted Scan is solely stored locally on the device and is generally not accessible to ACCO Brands.

RETENTION AND DESTRUCTION OF YOUR ENCRYPTED SCAN

The Encrypted Scan will be used to unlock and/or log in to the device during the employee’s employment and will be permanently destroyed by IT within 60 days after the device is returned to ACCO Brands.  ACCO Brands will use a reasonable standard of care in using, storing, transmitting and protecting the Encrypted Scan from unauthorized disclosure, as it does with other confidential and sensitive information. 

PROHIBITION ON UNAUTHORIZED DISCLOSURE

ACCO Brands will not sell, lease, trade or otherwise profit from the Encrypted Scan.  ACCO Brands will not disclose, redisclose or otherwise disseminate the Encrypted Scan unless required by law, court order, warrant or subpoena, the disclosure is part of a financial transaction requested and authorized by the employee, or the employee otherwise consents to the disclosure or redisclosure. 

QUESTIONS

If you have any questions about this Policy, please contact DataPrivacy@acco.com.

 

Updated Date: July 1, 2025