How to install a control system through biometrics?
A sports facility decided to strengthen the control of subscribed customers by taking their fingerprints when entering the centre.
All the data was centrally stored in a database, and it was possible, from the biometric template, to find the corresponding membership card and identification of the data subject.
The federal commissioner advised that the establishment stopped using centralised biometric data.
The Information Systems Management suggested saving biometric templates without correspondence lists with the personal data.
The installation of control systems based on taking biometric data should be designed to respect the privacy of clients, because of the sensitive data.
Recommendations
The objective must be clear, and the most adequate and less intrusive means to achieve this must be chosen. We prefer for example a biometric verification system without trace or involving centralized data storage. This measure must be the subject of adequate communication.
Basic principles
LIPAD 38 and 42 ; OLT3 26 ; CO 328 and 328b ; DPA 4, 12, 13 ; FoIA 6
Protection of privacy, protection of workers, the principle of proportionality: the measure must be adequate, necessary and the least intrusive possible.