[Home] [Databases] [World Law] [Multidatabase Search] [Help] [Feedback]
	Irish Data Protection Commission Case Studies
You are here: BAILII >> Databases >> Irish Data Protection Commission Case Studies >> Biometric time and attendance system [2005] IEDPC 1 URL: http://www.bailii.org/ie/cases/IEDPC/2005/1.html Cite as: [2005] IEDPC 1

[New search] [Printable RTF version] [Help]

Biometric time and attendance system [2005] IEDPC 1 (31 December 2005)

A number of staff at a public institution submitted complaints that the biometric time and attendance system installed involved an unreasonable intrusion on their privacy.  The Data Protection issue at stake was whether a biometric system for such a purpose, involving a central database, was proportionate.

Guidance on our website invites employers to examine critically the justification for the introduction of a biometric based system and to address issues such as the following:

Do I have a time management and / or access control system in place ?

Why do I feel the need to replace it ?

What problems are there with the system ?

Are these problems a result of poor administration of the system or an inherent design problem ?

Have I examined a number of types of system that are available?

Will the non-biometric system perform the required tasks adequately?

Do I need a biometric system?

If so, what kind do I need?

Do I need a system that identifies employees as opposed to a verification system?

Do I need a central database?

If so, what is wrong with a system that does not use a central database?

What is the biometric system required to achieve for me?

Is it for time management purposes and / or for access control purposes?

How accurate shall the data be?

What procedures are used to ensure accuracy of data?

Will the data require updating?

How will the information on it be secured?

Who shall have access to the data or to logs?

Why, when and how shall such access be permitted?

What constitutes an abuse of the system by an employee?

What procedures shall I put in place to deal with abuse?

What legal basis do I have for requiring employees to participate?

Does the system used employ additional identifiers (e.g. PIN number, smart card) along with biometric?

If so, would these additional identifiers be sufficient on their own, rather than requiring operation in conjunction with a biometric?

How shall I inform employees about the system?

What information about the system need I provide to employees?

Would I be happy if I was an employee asked to use such a system?

In its response, the institution pointed to its responsibility for safeguarding the valuable public assets under its control.  It stated that the introduction of a biometric system was an outcome of a security review process.

In investigating this matter, my staff sought to establish the nature of the biometric data involved, as biometric data relate to the physiological characteristics of an individual and may facilitate his or her unique identification and linkages with other databases. They also required the institution to provide detailed information in relation to the security safeguards which were in place to protect the privacy of the employees personal data stored on the system.

It was established that the information collected on the system is held in encrypted code and is derived from a person's finger.  This template is then stored for subsequent authentication on the reader and on the Time Management System database.  The institution also stated that, as a reader is used, rather than a scanner, no picture of a finger print is formed, so that even if the data could be read, it could not be 'reverse-engineered' to re-generate a fingerprint.

The institution indicated that staff had been consulted about the introduction of the biometric system which was 'to provide the (institution) and its personnel with a convenient, accurate and secure means of managing access to and from the (institution's) premises and for accurately recording attendance at work.'

In relation to security of the premises, the institution indicated that the biometric system would also improve physical security systems in the place, by further restricting access to unauthorised areas of the building, including areas restricted to staff of the institution.

Proportionality requires that processing of personal data, in view of its specific purposes, should be appropriate and be the minimum necessary to achieve the stated purposes and that these be weighed against the intrusion on the employees' privacy rights.  In assessing whether the introduction of the biometrics system was proportionate, we took into account several aspects of the circumstances of this case.  In particular, we had regard to the concerns of management in relation to the physical security of the premises, including unauthorised access to restricted areas, and the particular circumstances relating to an institution where security is of paramount importance.  We also took into account the particular features of the biometric system installed. 

In the circumstances, we concluded that the system was proportionate and did not constitute an unjustified interference with the privacy rights of individuals.

The case highlighted the meaning of proportionality in practice.