Answer: D - In this instance, Kronos violated Illinois Biometric Information Protection Act (BIPA). Under this state law, no entity may collect, capture, procure, otherwise obtain or store biometric information without the data subject’s consent.
Organizations must provide written notice about the collection, storage, use, transfer and other inflation about the data collection tool/use purpose and process. Under BIPA, consumers (and employees) must provide written consent for the collection, use, storage and/or sharing of the biometric information.