29 CFR §516.2 requires records of hours worked each workday and total hours worked each workweek.
- Source (primary)
- https://www.ecfr.gov/current/title-29/subtitle-B/chapter-V/subchapter-A/part-516/subpart-A/section-516.2
- Verified
- May 28, 2026
Buddy Punching and Time Clock Fraud: How Employers Can Detect It Safely
Fact Check: Buddy Punching and Time Clock Fraud: How Employers Can Detect It Safely
Partial May 28, 2026How we fact-check
Summary
This check verifies the research's current legal architecture: FLSA recordkeeping, Illinois BIPA, the 2024 BIPA amendment, the 2026 Clay retroactivity decision, Texas CUBI, Washington, Colorado, Maryland, and non-biometric detection alternatives.
Result: 27 claims checked. 26 verified. 1 partial. 0 issues. 0 outdated.
Federal Recordkeeping
3 claims
Payroll records are retained for 3 years and supplementary records such as time cards for 2 years.
- Source (primary)
- https://www.ecfr.gov/current/title-29/subtitle-B/chapter-V/subchapter-A/part-516/subpart-A/section-516.5
- Source (secondary)
- https://www.ecfr.gov/current/title-29/subtitle-B/chapter-V/subchapter-A/part-516/subpart-A/section-516.6
- Verified
- May 28, 2026
Mt. Clemens allows employees to use just-and-reasonable inference when employer records are inaccurate or inadequate.
- Source (primary)
- https://supreme.justia.com/cases/federal/us/328/680/
- Verified
- May 28, 2026
Illinois BIPA
8 claims
BIPA's biometric identifiers include fingerprint, voiceprint, and scans of hand or face geometry, and exclude photographs.
- Source (primary)
- https://www.ilga.gov/legislation/ilcs/ilcs3.asp?ActID=3004
- Verified
- May 28, 2026
BIPA §15(a)-(e) creates retention, notice/release, sale, disclosure, and care obligations.
- Source (primary)
- https://www.ilga.gov/legislation/ilcs/ilcs3.asp?ActID=3004
- Verified
- May 28, 2026
BIPA §20 creates a private right of action and liquidated damages amounts of $1,000 negligent / $5,000 intentional or reckless.
- Source (primary)
- https://www.ilga.gov/legislation/ilcs/ilcs3.asp?ActID=3004
- Verified
- May 28, 2026
Public Act 103-0769 / SB 2979 took effect August 2, 2024 and created one recovery per person, per method, for repeated §15(b) and §15(d) violations.
- Source (primary)
- https://ilga.gov/Legislation/publicacts/view/103-0769
- Verified
- May 28, 2026
Clay v. Union Pacific Railroad Co., No. 25-2185 (7th Cir. Apr. 1, 2026), held the 2024 BIPA amendment applies retroactively to cases pending when enacted.
- Source (primary)
- https://law.justia.com/cases/federal/appellate-courts/ca7/25-2185/25-2185-2026-04-01.html
- Verified
- May 28, 2026
Rosenbach v. Six Flags held a statutory BIPA violation can make a person "aggrieved" without separate actual injury.
- Source (primary)
- https://www.isba.org/cases/illinois/supreme/2019/01/25/rosenbachvsixflagsentertainmentcorp
- Verified
- May 28, 2026
Cothron v. White Castle held each scan/transmission could accrue separately before the 2024 amendment.
- Source (primary)
- https://www.isba.org/cases/illinois/supreme/2023/02/17/cothronvwhitecastlesysteminc
- Verified
- May 28, 2026
Rogers v. BNSF's $228M verdict was vacated for a damages retrial and later settlement process.
- Source (primary)
- https://www.bnsfbipaclassaction.com/Content/Documents/Notice.pdf
- Verified
- May 28, 2026
- Notes
The research correctly treats $228M as a vacated verdict, not a final damages judgment.
Other State Laws
5 claims
Texas CUBI requires notice and consent and allows AG enforcement with civil penalties up to $25,000 per violation.
- Source (primary)
- https://statutes.capitol.texas.gov/Docs/BC/htm/BC.503.htm
- Verified
- May 28, 2026
Texas announced a $1.4B Meta settlement under its biometric/privacy enforcement track on July 30, 2024.
Washington RCW 19.375 is AG-only.
- Source (primary)
- https://app.leg.wa.gov/RCW/default.aspx?cite=19.375.030
- Verified
- May 28, 2026
Colorado HB24-1130 is effective July 1, 2025 and extends biometric obligations to employee data.
- Source (primary)
- https://leg.colorado.gov/bills/hb24-1130
- Verified
- May 28, 2026
Maryland MODPA took effect October 1, 2025, with enforcement beginning April 1, 2026.
- Source (primary)
- https://mgaleg.maryland.gov/mgawebsite/Legislation/Details/sb0541
- Verified
- May 28, 2026
Detection Claims
3 claims
Photo-on-punch is different from face-recognition matching for BIPA purposes.
- Source (primary)
- https://www.ilga.gov/legislation/ilcs/ilcs3.asp?ActID=3004
- Verified
- May 28, 2026
- Notes
Photographs are excluded; scans of face geometry are included. The research explains this as the processing pivot.
GPS, device-ID, IP restriction, manager approval, and pattern alerts are non-biometric detection methods.
- Source (primary)
- Product/research design
- Verified
- May 28, 2026
- Notes
These are operational detection categories. The research says they reduce biometric privacy risk, not all legal risk.
The 2% payroll-loss estimate is directional, not primary-source strong.
- Source (primary)
- Source (secondary)
- Article-level survey history and HR literature review
- Verified
- May 28, 2026
- Notes
The public surfaces treat this as directional background and do not defer to a competitor-published survey as public authority.
Sources
17 unique sources cited across the report — click to audit any claim directly against its evidence.
- 1.https://www.ecfr.gov/current/title-29/subtitle-B/chapter-V/subchapter-A/part-516/subpart-A/section-516.2
- 2.https://www.ecfr.gov/current/title-29/subtitle-B/chapter-V/subchapter-A/part-516/subpart-A/section-516.5
- 3.https://www.ecfr.gov/current/title-29/subtitle-B/chapter-V/subchapter-A/part-516/subpart-A/section-516.6
- 4.https://supreme.justia.com/cases/federal/us/328/680/
- 5.https://www.ilga.gov/legislation/ilcs/ilcs3.asp?ActID=3004
- 6.https://ilga.gov/Legislation/publicacts/view/103-0769
- 7.https://law.justia.com/cases/federal/appellate-courts/ca7/25-2185/25-2185-2026-04-01.html
- 8.https://www.isba.org/cases/illinois/supreme/2019/01/25/rosenbachvsixflagsentertainmentcorp
- 9.https://www.isba.org/cases/illinois/supreme/2023/02/17/cothronvwhitecastlesysteminc
- 10.https://www.bnsfbipaclassaction.com/Content/Documents/Notice.pdf
- 11.https://statutes.capitol.texas.gov/Docs/BC/htm/BC.503.htm
- 12.https://www.texasattorneygeneral.gov/news/releases/attorney-general-ken-paxton-secures-14-billion-settlement-meta-stop-companys-practice-capturing
- 13.https://app.leg.wa.gov/RCW/default.aspx?cite=19.375.030
- 14.https://leg.colorado.gov/bills/hb24-1130
- 15.https://mgaleg.maryland.gov/mgawebsite/Legislation/Details/sb0541
- 16.Product/research design
- 17.Article-level survey history and HR literature review
Check our work
Every claim above links to the source we used. Open any source to compare the wording here with the underlying rule, guidance, court opinion, or product behavior.
If a source has changed or a claim looks wrong, tell us. We would rather correct the page than leave a stale answer online. See how we fact-check.
About Clockspot
Clockspot helps small businesses track employee time and keep payroll-ready records. Used in all 50 states since 2007, we focus on getting time and pay right — including the wage-and-hour rules that shape both.
We build Clockspot for the same reason we publish these reports: time records should be understandable, reviewable, and tied to the rules that affect payroll. See how Clockspot works.