ex-employee with axe to grind, rather than actual concerns..
Part of my work involves timeclocks with biometrics. Not Kronos, but it is probably similar.
As mentioned, what is stored in the clocks is a template, not data reversible to a fingerprint image. The image of the fingerprint that is shown on the clock when registering (if it has a display) is not retained.
The typical reason a biometric template is transmitted to a server is so that they can be distributed between different clocks, allowing an employee to clock in and out at any of the customer sites. You also want to record the biometrics in case the clock fails and the data need to be synchronised down to the new clock.
The biometric distribution is an overnight process, clocks send upload/update/delete biometric requests to the central clock server, so if it the biometric is deleted from the clock used to register it, it's removed from all other clocks.
When swiping in and out, all that is transmitted is the unique id for the employee, the time and date, and clock status information. Biometrics are not included.
The sensors used are rather better than the pieces of crap included in laptops and phones, and cost hundreds of pounds just by themselves. Whilst I've been able to lock myself out of a Thinkpad by having sanded down fingerprints after doing some DIY, on a clock the accuracy of my finger print recognition went down by about 4%, it was still perfectly able to check my prints.
It's possible to register multiple biometrics (most people add a backup finger), and a lot of clocks offer multiple input options, so if biometrics can't be used for a small number of staff, proximity cards or other identification can be used instead.
An 'ex-employee'. I definitely sense a huge axe to grind here.
However, it is critical to get employee buy in. I know of instances of repeated clock vandalism. Repairing of deliberate damage is not covered by warranty, and these clocks are not cheap.