Privacy & Biometrics
The Biometrics Institute has always tried to ensure that its privacy strategies match those challenges in the emerging biometrics environment. Privacy protection is a critical component in the responsible use and development of biometrics technologies.
The following initiatives have been approved by the Institute’s Board to meet those challenges.
The Biometrics Institute is working on a proposal for a Biometrics Privacy Trust Mark issued for a biometric product or service. The work started in February 2015 with a landscape report to assess the feasibility of such a Trust Mark. The project then continued in July 2015 with the development of proposed assessment criteria. Read more details.
The Biometrics Institute has launched a Biometrics Privacy Charter in November 2011 and renamed it to Biometrics Privacy Guidelines following a review in late 2012. Another review to refresh and update the Guidelines was completed in December 2015.
It has been designed by the Biometrics Institute to provide a universal guide for suppliers, end users, managers and purchasers of biometric systems. It is the public’s assurance that the biometric managers and data controllers have followed best practice privacy principles when designing, implementing and managing biometric based projects.
The Biometrics Institute launched its Privacy Awareness Checklist (PAC) for members of the Biometrics Institute in May 2010 to assist members in a quick an easy way to assess privacy impacts when using biometrics. It provides a snapshot in time of where the organisation sits in regards to privacy. Members can access this PAC.
The Biometrics Institute Privacy Code was designed for the protection of Institute members and their clients. It was approved by the Australian Privacy Commissioner in 2006.
Due to the delays in finalising the privacy legislation in Australia and the more international outreach of the Biometrics Institute, we decided to be proactive and upgrade our suite of privacy protection and awareness measures through a Privacy Guideline and other related information. The Biometrics Institute therefore requested a review of the Code and the potential need to de-register it (details about the consultation). On the 10 April 2012 the Australian Privacy Commissioner granted the revocation of the Code. Read more about the Privacy Code.
Biometrics Institute Information Sheet "Using Biometrics in Licensed Premises and Clubs – Are you protecting your patrons' privacy and reducing risk of litigation?"
The Biometrics Institute has been following the public debate about the introduction of biometrics into clubs in Australia including the Coogee Bay Hotel (“Fingerprint scanners concern privacy watchdog”, New.com.au, 9 July 2010, ). If your organisation is a club or pub with a turnover greater than $3 million per year and is using, or considering, biometrics (i.e. fingerscans, iris scans, voice prints or facial scans), then the organisation must comply with the National Privacy Principles (NPPs) of the National Privacy Act.
These questions may be too difficult for a small organisation to address. But nevertheless they should consider all privacy and legal implications before introducing biometrics. Otherwise many clubs may get into great difficulty. We provide technical and procedural privacy guidance to members and other interested stakeholders. We suggest that any company considering the use of biometrics should seek our advice in order to ensure that the technology is implemented in a responsible way and with due consideration to privacy and in line with the Australian Privacy Act. We have developed an Information Sheet to help guide Pubs, Clubs & other licensed premises on the introduction of biometrics.
This site will provide you with more information and links about PIAs.
Submission into enquiries and consultations
UK enquiry to the current and future use of biometrics December 2014
Submission to the UK Department of Education regarding the consultation Consultation on proposed amendments to individual pupil information prescribed persons regulations. December 2012
Data Privacy Day and Privacy Awareness Week
Privacy Awareness Week is generally held during the first week of May every year. Find out more at http://www.privacyawarenessweek.org/.
Data Privacy Day, held annually on January 28, encourages everyone to make protecting privacy and data a greater priority. Find more details at https://www.staysafeonline.org/data-privacy-day/.