Thursday, March 22, 2007

Irelands advice to schools when employing biometrics

The Data Protection Commissioner in Ireland has this advice for educational establishments to consider before purchasing biometric technology for use with children. Under the term biometric it includes a fingerprint, an iris, a retina, a face, outline of a hand, an ear shape, voice pattern, DNA, and body odour. Biometric data might also be created from behavioural data such as hand writing or keystroke analysis.

It details consent, proportionality, fair obtaining and processing, fair obtaining of sensitive data (i.e. photographs, health and race), transparency, accuracy, security and retention of data.

The Irish Data Protection Commissioner stipulates that the obtaining of consent is of paramount importance when schools consider the introduction of a biometric system.

The document details points for schools to consider before installing such systems, it then goes on to say:

Before a school or college installs a biometric system, the Data Protection Commissioner recommends that a documented privacy impact assessment is carried out.

This is an important procedure to adopt as a contravention may result in action being taking against a school or college by the Commissioner, or may expose a school or college to a claim for damages from a student. Data protection responsibility and liability rests with the school or college, not with the person who has supplied the system.

The lack of guidance from the UK Information Commissioners Office or government is now becoming conspicuous in it's absence, especially when the percentage of children using biometrics in schools in the UK is probably higher than any other European country.

No comments: