Against the backdrop of issuing nine separate enforcement notices in relation to the monitoring of employees by using their biometric data, the Information Commissioner’s Office (ICO) has published a significant new section on its website outlining detailed new guidance for all organisations that are considering using people’s biometric data. The guidance outlines how organisations can comply with data protection law when using biometric data to identify people.
- The guidance outlines how organisations can comply with data protection law when using biometric data to identify people.
- It explains how data protection law applies when firms use biometric data in biometric recognition systems.
- The guidance is primarily for organisations that use or are considering using biometric recognition systems. It is also for providers of these systems (this could include vendors and developers). It therefore applies to controllers, processors and relevant third parties.
- Employees should perhaps be offered clear and less intrusive alternatives to having their faces and fingerprints scanned to clock in and out of the workplace, such as ID cards or fobs.
Last year, the ICO also published guidance on monitoring employees and called on organisations to consider both their legal obligations and their employee’s rights to privacy before they implement any monitoring.