The use of biometric technology is on the increase and so is, inevitably, the collection and use of biometric data, such as fingerprints, DNA, facial images and typing rhythm. As biometric data relates to an individual’s physiological or behavioural traits which allow unique identification, it can be highly sensitive and its increased collection and use raise serious concerns amongst privacy advocates. The recent announcement from the U.S. Office of Personnel Management that fingerprint data of around 5.6 million individuals was stolen in a major data breach involving the theft of background investigation records will further fuel such concerns.
The Hong Kong Privacy Commissioner has recently issued Guidance on Collection and Use of Biometric Data which provides practical guidance for collecting and using biometric data in compliance with applicable privacy principles. The Canadian Privacy Commissioner issued a primer on biometrics and biometric systems (Data at Your Fingertips) as early as 2011. Both guidance documents are useful on a global scale as they reflect best practices that any organisation dealing with biometric data would be well-advised to adhere to.
Based on the Hong Kong and Canadian Guidance, we are exploring in this three-part contribution:
- five basics you need to know about biometrics (now published);
- four key rules for collecting biometric data; and
- key rules for handling biometric data post collection.
Contributor – Anna von Dietze
