Leave Them Kids Alone have listed some questions that concerned parents can ask schools:
Apart from all the issues surrounding biometric systems in schools I would hope that Q11 has been given very careful consideration as this could, if not addressed properly, seriously affect children's safety in school.
1) Aside from manufacturers' anecdotal claims in advertising material, can the school give me details of any independent research proving benefits to my child of using this system?
2) Has any independent research been carried out regarding the effect on children of repeatedly using biometrics on a daily basis in a familiar setting? What steps is the school undertaking to teach my child about the dangers of misusing their biometric data?
3) The manufacturer claims that this system does not store my child's fingerprint, but surely if the biometric template it stores isn't the direct equivalent of a fingerprint, then the system simply wouldn't work?
4) Will my child be photographed as well as fingerprinted? Will all and any such photographic data be destroyed along with fingerprint templates when my child leaves school, or if I change my mind at any time?
5) Who, under existing legislation, including the Children Act and the government's stated commitment to widespread data sharing, may access my child's biometric template and associated data as stored on the system? The police? Social services? Civil servants? Technicians from the manufacturer carrying out routine maintenance? The large private multinational PFI companies that now run some LEAs e.g. Amey, Nord Anglia? The private companies running City Academies that may have access to children's data?
6) Would the school permit 'fishing expeditions' in the stored biometric data (e.g. if the local police were trying to find a match for a crime mark they suspected may have been left by a child from the school)? What would the school do if such a search revealed TWO probable matches?
7) Bearing in mind that my child's biometric template remains valuable for their entire lifetime, since it can't ever be changed, where is the biometric data stored, where are backups stored, and what security procedures are in place to prevent unauthorised copying of, or any type of access to this data? How will the school know if the data has been copied? What procedures would be followed if the main computer or backup system storing the data were stolen?
8) Is the computer holding the data connected to the school network and/or the internet? What active measures are taken to ensure the biometric data cannot be accessed by third parties via any such connection(s)?
9) Can the school guarantee that the data, including any backup copies, will be promptly removed as soon as my child leaves school, or if I change my mind at any point, by an approved professional data cleansing company as required by the Data Protection Act? Will the data-cleansing company certify in writing that the biometric information has been satisfactorily removed? (This requirement was confirmed by the Information Commissioner on 9 Feb 2007.)
10) As new pupils join the school, will you regularly seek explicit informed parental consent before fingerprinting them (as recommended by the Information Commissioner, Richard Thomas on 30 January 2007)?
11) Where fingerprinting is used for school registration, what backup strategy will the school implement to ensure that if any part of the system fails before registration is complete, a full and accurate record of those children at school will be available in the event of an emergency evacuation at the start of the day, e.g. in the event of a fire?