Learn the legal issues, concerning data security, that must be kept under the Data Protection Act. Safety of Data Collection e-timetracking.com

Buyers Manual Biometrics Time and Attendance Software Case Studies TA Software Glossary

Want to know how to identify the "real" person that is gaining access to the system, without resorting to any complex and troublesome mechanism for verification. Consider biometrics as one of the best means of solving this problem.

Safety of Data Collection Transparency Section 2D of the Act require that an employer provide at least the following information to employees when processing their data: • The purpose in processing data. • The identity of the employer. • Any third party to whom the biometric data will be given. It is important that your employees are aware of the purpose of biometrics data to be processed. This means that an employer must carefully think through any purpose or potential purpose: is the system only for access control? The disclosure will typically only be an issue if another company administers, manages or maintains the system. But disclosure would include sending data to a parent company. Under what circumstances will management access logs created by the system? What are the consequences for the employee concerned if there is an identified abuse of the system? Will it be used for time management? Transparency is even more important where the biometric system does not require the knowledge or active participation of an employee. For example a facial recognition system, may capture and compare images without that person’s knowledge.  Accuracy Every biometric system must correctly identify the persons whose data are processed by the system. If changes in physiological or physical characteristics lead to a templet outdate, some procedure must be applied to ensure that the data are kept up to date. Security The requirement, under section 2(1)(d), that an employer has appropriate security measures in place to prevent the unauthorised access to, or the unauthorised alteration, disclosure or destruction of data would appear to promote the use of technological solutions such as biometrics. However, in deciding upon what constitutes an appropriate security measure, Section 2C details four factors that should be taken into account: • The availability of technology. • The cost of implementing such technology. • The nature of the data being protected. • The harm that might result through the unlawful processing of such data. This nature of the data and the harm caused through unlawful processing must be carefully considered. For example, patient medical records should expect to be held in a more secure environment than would a fast food company’s customer database.

Copyright © e-timetracking.com 2007-2009 Links Contact Us