Fingerprint clock-in gets thumbs-down
A primary school and two companies have been ordered to stop using fingerprints to check on attendance.
Privacy Commissioner Roderick Woo Bun said yesterday the collection of biometric data in the three cases is not necessary and therefore in breach of the privacy code.
However, a company involved in surveillance said at least 20 percent of all companies are now using fingerprints or face scans because of reduced costs and more accurate records.
The decision by the commission may see a massive reassessment, not to mention additional costs as a stop order also requires the perpetrator to destroy all data within 28 days.
According to Woo, a furniture chain installed a Fingerprint Recognition System in 2006 to find out when its 400 employees clocked in or off duty, had meals or left and returned from outdoor work.
The company explained a time clock would not eliminate the practice of employees punching time cards for each other.
Although the company said it had consulted its staff, Woo said they might not all have truly consented to the collection of such data. Since receiving an enforcement order from the commission, the company has ceased using the system and destroyed the fingerprint data.
Woo said the second company investigated by the commission had adopted the system in 2007 but has since destroyed all data.
Woo said the use of the fingerprint system for attendance, library use and meals by a primary school investigated in 2006 was unnecessary and excessive. He said the students were aged between six and 12 and were not sufficiently mature to understand the implications. "Given its uniqueness and unchangeable nature, fingerprint data are sensitive personal data. Extra care is needed when handling the data," Woo said.
"When considering whether the collection of fingerprint data is excessive, the data user should balance the benefits against the adverse impact on personal data privacy. They should consider if there are less privacy intrusive options."
He said employees should be provided with choices and must all agree voluntarily to the collection of such data.
According to the privacy ordinance, parties that fail to exercise an enforcement notice, including destroying the data, within 28 days may be fined HK$50,000 and jailed for two years, in addition to a HK$1,000 penalty per day.
Thomson Alarm Central Monitoring director Evan Tam Ka-ming said more than 20 percent of companies have installed similar systems over the past three years owing to reduced costs and greater convenience.
The Hong Kong Jockey Club's call center in Tin Shui Wai applied the face- recognition system earlier this year. The club's spokesman stressed the club notified all staff and considered privacy conditions before installing the system.
Fung Kai Primary School said it is currently using a face-recognition system which has been approved by the commission.
source: standard news
No comments:
Post a Comment