Biometric data is a type of personal data which provides information about an individual’s physical characteristics. This includes facial recognition, retinal scanning and fingerprint scanning.
In order to be compliant with data protection law, businesses must demonstrate how they comply with data protection principles. Businesses must also think if any plans to use biometric data correlate to data protection law - such as whether the biometric data is the most effective way to meet a business’ needs and if there are any less intrusive methods to achieve the same goal.
The Information Commissioner’s Office (ICO) has provided draft guidance for businesses when using biometric data and biometric recognition systems. Although still in the consultation phase, the guide provides some important tips.
The guidance from the ICO also states that businesses must:
Businesses can read the draft guidance here. The consultation on the guidance will run until 20 October.
If you need help staying compliant with data protection rules, contact our privacy & data team for further information.