Skip to main content
close search
site logo

By mandating scans for building access, JPMorgan supercharges biometric data debate

The United States’ largest bank won’t let its employees access its new headquarters unless they allow it to collect their most unique personally identifiable information.

Published Oct. 15, 2025
Robert Freedman's headshot
Lead Editor
JPMorgan headquarters building, biometric scans
Street level view of JP Morgan Chase skyscraper in NYC during daytime. The bank is requiring employees to agree to biometric scans to access the building. Getty Images

JPMorgan is requiring employees to provide an iris or fingerprint scan to access its new, $3 billion Manhattan headquarters, the Financial Times reported.

The bank is also requiring employees to use a mobile app to access goods and services in the building, including food from the 19 dining vendors on site, the Guardian reported

When combined, the app and the biometric scanning will give the bank, the largest in the United States with some $3.5 trillion in assets, an unprecedented amount of personal data on each of the 10,000 employees expected to be working at the building by the end of the year.

“Critics warn that the bank’s decision could normalize coercive data collection across white-collar workplaces,” a post in Biometric Update says. “Biometric identifiers are immutable. Once compromised, they cannot be replaced like a password or badge.”

Even if employees technically consent, the Biometric Update report says, “the choice is illusory when access to one’s job depends on enrollment [and the] biometric logs could theoretically be correlated with productivity or attendance data, creating a new vector for workplace monitoring.”

The 60-story, 2.5 million-square foot building at 270 Park Ave. was completed in August and is New York City’s largest all-electric tower, JPMorgan said when it announced plans for the building in 2022. 

It’s powered by 100% renewable energy, with net-zero operational carbon emissions, the bank said. It’s using “state-of-the-art building technology and systems,” including sensors and AI to respond to energy needs, triple-pane window glazing and automatic solar shades, continuous monitoring of air quality, advanced HVAC filtration systems and storage and reuse systems that are expected to reduce water needs by more than 40%, the company said. 

The building’s green credentials, focus on healthy indoor air, natural lighting and work-friendly acoustics, along with a mix of amenities like yoga and cycling rooms and meditation spaces, are part of the bank’s effort to attract and retain talent while requiring all of its employees to work on-site five days a week. 

JPMorgan and other banks are “asking folks to come back,” Mark Kreisman, global managing director of financial services at JLL, said earlier this year in a webinar. “The emphasis on experience is going to become more and more important.” 

The bank’s mandatory collection of employee biometric data stems in part from the rise of workplace violence in the United States, according to the Guardian report. “It is understood that the use of biometric data for access is designed to make the building more secure,” the report said. 

Many executives are treating the shooting at 345 Park Ave. in July – when a gunman killed a security officer and an employee at private equity firm Blackstone, while trying to access NFL offices in the building – as a wake-up call. 

Matthew Dumpert, a security specialist with advisory firm Kroll, said he received a surge in calls from worried business leaders after the incident. “Clients [called] with questions about how to protect themselves from similar attacks,” he said.

Illinois, Washington and Texas are among a handful of states that have standalone biometric privacy laws that require organizations to get approval before they can capture data from people’s iris, fingerprint or other scans. In addition to requiring consent, the laws, like most states’ data privacy laws, impose requirements to protect people’s personal information from exposure.  

“Almost all states now have breach remediation rules and in some cases there are penalties,” Jeremy Gottschalk, a privacy specialist with Marketplace Risk, an advisement firm, said in an interview last month. “So, if there’s a breach, the cost to the building can grow quickly just by virtue of complying with state breach notification laws. [The data] just becomes an inherent risk over a really long tail.”

JPMorgan’s biometric access requirement applies to all of its headquarters employees, with some exceptions, according to reports. “Some employees … will still be able to use a badge for access,” the Guardian reported, “although the criteria for who will use more traditional ID access is unclear.”

Recommended Reading

Filed Under: Technology

Editors' picks

Company Announcements

View all | Post a press release

Want to share a company announcement with your peers?

Share your announcement

Editors' picks
Latest in Technology
Industry Dive is an Informa TechTarget business.
© 2025 TechTarget, Inc. or its subsidiaries. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell
This website is owned and operated by Informa TechTarget, part of a global network that informs, influences and connects the world's technology buyers and sellers. All copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. TechTarget, Inc.'s registered office is 275 Grove St. Newton, MA 02466.