15 October 2011
During the last few years, increasing numbers of employers have announced that they intend imposing biometric schemes on their employees, usually for the purposes of ‘clocking on and off in the workplace’. Some have even gone ahead, ignoring the concerns of employees, unions, advocates and regulators.
Many employees are complacent about the idea. Buy many others feel considerable misgivings, some perceive themselves to be being treated with contempt, and some have serious concerns. However, particularly during periods of relatively high unemployment, many employees are hesitant to even question their employer’s intentions, let alone oppose them.
Parliaments have abjectly failed to protect employees. There is very little law to support them when they seek ways to avoid having their bodies measured.
The APF has had a Policy Statement in relation to Biometrics for some years, which calls for a moratorium on all new biometrics schemes, and strong, statutory protections.
This document provides a brief statement of the Privacy Foundation’s policy in relation to biometrics in the workplace. The links in the text below are to the relevant parts of the APF’s general Policy Statement.
APF POLICY re BIOMETRICS in the WORKPLACE
Applications of biometrics therefore demand strong justification. They must not be imposed just because an employer is powerful enough to get away with it.
Even if the circumstances warrant the use of biometrics, there must be substantial safeguards, to mitigate the many harmful aspects.
It is essential that proponents of biometrics schemes in the workplace:
- conduct a privacy impact assessment (PIA)
- as part of that PIA, provide information, in advance, to the people affected by it, including:
- a sufficiently detailed description of the particular biometric technology
- a sufficiently detailed description of the way in which it proposes to use biometrics
- the justification for doing so
- as part of that PIA, undertake consultations, in advance of the decision whether or not to proceed, with representatives of the various categories of people affected by it, including relevant unions and social welfare organisations, and civil liberties and privacy advocacy organisations
The Biometrics Industry Self-Regulation Attempts Are a Complete Failure
The Biometrics ‘Institute’ is an unhealthy alliance of both suppliers of biometric technologies and user organisations. It has a weak Privacy Code that was designed as a defensive manoeuvre, in the hope that it would forestall the imposition of genuine regulation. It has been adopted by almost none of the Institute’s members. The APF has called on the Privacy Commissioner to de-register the weak and ineffective Code.
The Code “covers the acts and practices … where a biometric is included as part of the employee record, or where a biometric has a function related to the collection and storage of, access to or transmission of that employee record”.
Yet almost all proposals to apply biometrics in employment have been in breach of even that weak Code’s provisions:
1. – Biometrics should not be collected unless it is “necessary” for business functions. (It isn’t).
10. – “Sensitive information about an individual” – which a person’s biometrics clearly are – must not be collected unless there is consent (which must be informed and freely given – and it isn’t), or it is “required by law” (which it isn’t).
12 – “Enrolments in biometric systems shall be voluntary, unless required by law”. (Employers must permit ‘free and informed consent’ or ‘opt-in’ to the schemes. If they make submission to the scheme a condition of employment, then they are in breach of the Code).