Flux rss en fonction de votre recherche RESET

Does the biometric control respect the privacy of the employees when accessing the premises?

Introduction

The general management decided to change the magnetic access control by a biometric control (iris scanner or hand geometry and fingerprints).  The personnel were informed of this change. The staff committee held a meeting. 

Trigger

After a lively discussion, the staff committee decided to obstruct the managements' project.

Incident

The Human Resources Department (HRD) was caught in the middle. On the one hand, the general management, convinced of the benefits of the device did not want to reverse their decision. On the other hand, the staff committee strongly supports that the use of such a device could affect the individuality of the employees.   The HRD organized a joint meeting with the Information Systems Manager (ISD), the management and the consultant (or the person in charge) for the protection of data to evaluate possible solutions.

Resolution

At the end of the session, they accepted that the proposed data collection was not in proportion to the actual aim and it would therefore be necessary to obtain the consent of each employee. Given the costs and complications that would result from having two parallel devices (magnetic and biometric), the general management postponed the project and asked the ISD to find a less intrusive solution.

Conclusion

The data collected to allow for a biometric check can be used for purposes unrelated to the stated goal. The HRD is pleased to have contributed to the search for a solution that respects the individuality of the employees.

timbre signification

Recommendations

The biometric data usually includes some sensitive data (particularly health). When this is the case, a formal  legal basis is required and the persons concerned must be clearly informed and must consent to the processing of this data.  The goal must be clear, and the most adequate and less intrusive measures must be chosen. These measures must be adequately communicated.  In addition to this, the employer must also consult the employees or their representatives and, in the absence of a formal legal basis, obtain their free and informed consent prior to the introduction of an automated system for the processing of personal data.

Basic principles

LIPAD 38 and 42 ; LT 6 ; OLT3 26 ; CO 328 and 328b ; DPA 4 al. 4, 12, 13 

Protection of privacy, protection of workers, the principle of proportionality: these measures must be necessary and the least intrusive possible.

Resources

The private bank Pictet & Cie in Geneva have been using 3D facial recognition to secure the access to its buildings since 2006. How did they overcome the fears of its 2,000 employees? Through communication. This technology does not monitor the health of an individual or violate their privacy. "The employees feared that their facial scan could affect their health, which is not the case because the machine simply films," says Jean-Pierre Therre, in charge of the security of the private bank.  The database bank does not contain any photos of the employees either, but analyses the scans of their skulls according to the 40,000 reference points, and from which nothing can be drawn from. : http://www.1234economy.com/biometrie-et-reconnaissan ce-faciale-en-3d-comment-la-banque-privee-genevoise-pictet-a-gere-les-resistances /

Related scripts