Tulane University is bringing the facial recognition technology, CloudApper, an add-on to Oracle Cloud, to campus workplaces, a move that has raised concerns among students and staff about data privacy and the necessity of biometric scanning on campus.
Oracle Cloud is a full-service cloud platform that provides IT infrastructure and tools powered by artificial intelligence.
Tulane is transitioning its human resources and finance operations to Oracle Cloud as part of its WaveWorks initiative, which will consolidate multiple existing university platforms into a single unified system, according to a video posted on the Tulane website. The platform is set to go live on March 20.
By consolidating multiple platforms – including Kronos, Oracle EBS, SciQuest, Concur, Anaplan, Interfolio Staff Search and Bridge – into a single system, Tulane says it hopes to centralize HR, finance, and data operations, improve transparency and reduce the amount of personal information required for reimbursements and honorariums.
Kronos is the current timekeeping system for Tulane’s hourly employees. Students can clock into Kronos using their Splash Card or on their phones. With the implementation of CloudApper, employees have the option to clock in using facial recognition.
Confusion over facial recognition requirement sparks concern
The idea of facial recognition raised concerns among many student employees, many of whom were under the impression that facial recognition was mandatory.
This confusion stemmed from the initial WaveWorks rollout email, which announced that “employees who currently use a physical time clock will need to complete a brief, one-time facial recognition setup,” and did not give an option to opt out.
“I just deem it kind of an unnecessary step when already we had multiple ways of clocking in,” student employee Oliver Perlo said. “So the fact that now there is this artificial … AI face reading component, it seems like a kind of extra step that doesn’t need to be in place for a problem that doesn’t really exist.”
Jacquelyne Howard, associate director of student engagement at the Connolly Alexander Institute for Data Science, said students and employees reached out to her with concerns about biometric technology being used in the workplace. She clarified with Tulane HR that facial recognition is not required, despite what some students and supervisors thought.
Howard said in her experience as a scholar of surveillance studies, providing an opt-out option for biometric technologies is a best practice.
“I look for if employees are being provided genuine choices around biometric technologies in the workplace and not feeling pressured by their supervisors or through a lack of information to comply,” Howard said.
“Safeguarding employee privacy is core to Tulane’s values and HR practices,” Tulane spokesperson Michael Strecker said. “It is important to make clear that the facial authentication system we are offering is just one, entirely optional means, through which employees can record their work attendance.”
According to Strecker, choosing not to use facial recognition will not impact scheduling, pay, evaluations or opportunities.
Questions raised about data storage and access
Nicholas Mattei, co-director of Tulane’s Center of Community-Engaged Artificial Intelligence, said the key questions surrounding any facial recognition system are what the data is being used for, how long it is collected and stored and who has access to it.
“There are versions where that data might not leave Tulane and it might get deleted within 24 hours. Or there’s a world where that data is turned over for use with another company … or Tulane might save it forever. You have no idea,” Mattei said. “The variance in this sort of thing is very, very wide. The fact that we don’t know anything is a little bit concerning.”
Strecker said the new system does not keep searchable photo images for identification purposes and is not for personal surveillance or tracking. Once an image is scanned, it is converted into a mathematical representation and further encrypted to prevent extraction.
Mattei said that the new level of security is unnecessary for on-campus jobs and that he has only encountered face scans in higher-security federal roles.
“What do they think is going to happen? Someone’s going to clock into somebody else’s shift? I don’t know what the argument for using a face scanner or a facial recognition technology is here,” Mattei said.
“It seems like an intense security protocol that isn’t needed,” student employee Brenda Graça said. “I have a desk job. It’s not like a government job where I need a security clearance.”
Oracle under scrutiny for recent data breaches
Oracle has come under fire in the past year for concerns with data privacy, with three major data breaches in 2025.
Oracle had a significant security breach in January 2025, in which a cyber attacker potentially stole records from over 140,000 Oracle Cloud users. Six million sensitive records were exposed in the breach.
Oracle confirmed a second security breach in April 2025 in which a hacker broke into an Oracle software system and stole client log usernames, passkeys and encrypted passwords.
Oracle also experienced a data breach in October 2025, in which hackers claimed to steal data from its E-Business Suite systems and used the information in a large-scale extortion campaign targeting multiple organizations.
Strecker did not respond to questions concerning how long the facial recognition data will be stored, who owns the data and what safeguards are being put in place, given Oracle’s history of security breaches.