New work entrance system...

#1
My friend is currently working for a company that are implementing a new secure entry clocking in/out system. It uses fingerprint recognition I believe ( or he says they need to take everyones fingerprints for it at least anyway).

He says is it legal to request and hold a database of fingerprints from staff members? He believes that it could only be asked for by the relevant authorities and not by a company? Is this allowed?

Im not sure on this one, any ideas?

Thanks in advance of any replies
 
#2
Bolo-Driller said:
My friend is currently working for a company that are implementing a new secure entry clocking in/out system. It uses fingerprint recognition I believe ( or he says they need to take everyones fingerprints for it at least anyway).

He says is it legal to request and hold a database of fingerprints from staff members? He believes that it could only be asked for by the relevant authorities and not by a company? Is this allowed?

Im not sure on this one, any ideas?

Thanks in advance of any replies
It is legal to request (ask for) and hold almost any data - think of DV - and fingerprints are not considered "sensitive personal data" under the Data Protection Act. You might, if you had a very strong objection to having your fingerprints held by your employer, be able to claim "constructive dismissal" - this is likely to be a material change in your employment Ts&Cs, but I doubt that this would be upheld at Tribunal.

Now, the use of the fingerprints would need to be solely for the purposes for which they were collected (i.e. getting in in the morning), or as otherwise required by law.

Edited to add - your purposes for collecting any data must be lawful. But I doubt that they are collecting fingerprints to aid them in racial, sexual or similar discrimination. It's for building entry.
 
#3
Idrach said:
..............and fingerprints are not considered "sensitive personal data" under the Data Protection Act.
I disagree with your assumption that fingerprints are not classified as “personal data” and refer you to S and Marper v UK (Application Nos. 30562/04 and 30566/04.

In paragraph 68 of the judgement it states:

The Court notes at the outset that all three categories of the personal information retained by the authorities in the present cases, namely fingerprints, DNA profiles and cellular samples, constitute personal data within the meaning of the Data Protection Convention as they relate to identified or identifiable individuals. The Government accepted that all three categories are “personal data” within the meaning of the Data Protection Act 1998 in the hands of those who are able to identify the individual.

Whether or not fingerprints are “directly” identifiable from scans or data encrypted and encoded into algorithmic data is superfluous, as those data controllers may identify the individual concerned, and those with access to relevant software may be able to identify individuals.

Regards
 
#4
Oh FFS.

IT companies have been using finger print security for years. Many laptops (including my 3 year old one) come with it as standard.

The more relevant question is, what does he have to hide?
 
#5
Gremlin said:
Oh FFS.

IT companies have been using finger print security for years. Many laptops (including my 3 year old one) come with it as standard.

The more relevant question is, what does he have to hide?
I doubt very much the original poster "has anything to hide". The door security system can only be used for its intended purpose and will certainly not be linked into the National Fingerprint Database (NPD) as this is unlawful.

It is a question of choice, which surprising as it may seem, we still have in a democratic society. An alternative form of entry must be provided (swipe card, key code etc) for those who wish to limit third party access to personal data.

The position that an objection to divulge personal data constitutes a presumption of guilt is a precarious one to take.
 
#6
As previously mentioned any such prints provided will be covered by the Data Protection Act. This basically says says that the info is to be kept secure and to be only used for the purpose that is as collected for.

If the majority of the workforce DON'T want to hand over their prints then your mate should be pretty safe in not giving his either, however, if the vast majority of the workforce WANT to give their details he may as well spend some time getting his CV updated.

Remind your mate that if he wants to "stick up for his rights and beliefs" that there are millions unemployed at the moment. I think that the employer is making a reasonable request.
 
#7
AT55 said:
If the majority of the workforce DON'T want to hand over their prints then your mate should be pretty safe in not giving his either, however, if the vast majority of the workforce WANT to give their details he may as well spend some time getting his CV updated.

Remind your mate that if he wants to "stick up for his rights and beliefs" that there are millions unemployed at the moment. I think that the employer is making a reasonable request.
It is my belief that unless this is a pre-requisite for the job and is included in his employment contract then imposing this would be unlawful.

An employment law specialist would tender more salient advice.
 
#8
mad_mac said:
AT55 said:
If the majority of the workforce DON'T want to hand over their prints then your mate should be pretty safe in not giving his either, however, if the vast majority of the workforce WANT to give their details he may as well spend some time getting his CV updated.

Remind your mate that if he wants to "stick up for his rights and beliefs" that there are millions unemployed at the moment. I think that the employer is making a reasonable request.
It is my belief that unless this is a pre-requisite for the job and is included in his employment contract then imposing this would be unlawful.

An employment law specialist would tender more salient advice.
Unlawful or not I think the main point is that if the rest of the workforce accepts this and one person does not, then the employer can impose it on that one person and deem it to be reasonable request. If that one person went to a tribunal he would probably loose as the tribunal would say it was a reasonable request as the rest of the work force accepted it[
 
#9
A number of schools now use fingerprinting. If you do a search you will see a wide range of comments from both ends of the spectrum. As for comments about it letting parents know what the children are eating for lunch, this has already been achieved by use of cashless systems and swipe cards with photos on. Fingerprinting is just a different swipe card that you will have difficulty loosing.

link is form Aug 2008

http://www.ico.gov.uk/upload/docume...st_guides/fingerprinting_final_view_v1.11.pdf
 
#10
AT55 said:
Unlawful or not I think the main point is that if the rest of the workforce accepts this and one person does not, then the employer can impose it on that one person and deem it to be reasonable request. If that one person went to a tribunal he would probably loose as the tribunal would say it was a reasonable request as the rest of the work force accepted it[
No, the "status quo" have no relevance in the rule of law unless otherwise legislated.

What is classed as "reasonable" must be objectively derived at through current case law as opposed to subjective reasoning.

To place this at its most base, would the actions of a "lemming scenario" seem justifable because the majority carried out a particular action.

Communi consilio is not a valid defence in law.
 
#11
offog said:
A number of schools now use fingerprinting. If you do a search you will see a wide range of comments from both ends of the spectrum. As for comments about it letting parents know what the children are eating for lunch, this has already been achieved by use of cashless systems and swipe cards with photos on. Fingerprinting is just a different swipe card that you will have difficulty loosing.
I, personally have no problems with this, as long as the principles of data protection are rigorously applied.

That being said, there should not be a culture of "exclusivity" applied because of non compliance.
 
#12
mad_mac said:
Idrach said:
..............and fingerprints are not considered "sensitive personal data" under the Data Protection Act.
I disagree with your assumption that fingerprints are not classified as “personal data” and refer you to S and Marper v UK (Application Nos. 30562/04 and 30566/04.
I refer you to what I said and not what you think I said.

"Sensitive personal data" is defined in s2 of the DPA96 and requires one of more of the Schedule 3 conditions to be met as opposed to "personal data", which requires one or more of the less onerous Schedule 2 conditions to be met. Your case law quote is both accurate and irrelevant.

I would hazard that Sch 2 s2(a) and the OP's mate's contract of employment apply here.
 
#13
mad_mac said:
AT55 said:
Unlawful or not I think the main point is that if the rest of the workforce accepts this and one person does not, then the employer can impose it on that one person and deem it to be reasonable request. If that one person went to a tribunal he would probably loose as the tribunal would say it was a reasonable request as the rest of the work force accepted it[
No, the "status quo" have no relevance in the rule of law unless otherwise legislated.

What is classed as "reasonable" must be objectively derived at through current case law as opposed to subjective reasoning.

To place this at its most base, would the actions of a "lemming scenario" seem justifable because the majority carried out a particular action.

Communi consilio is not a valid defence in law.
There was a case a number of years ago when the AA (I think) imposed new working hours on its patrol staff in one part of the country. All accepted these hours but one. He took his case to law and lost as the Court decided that the employees case was un-reasonable in that all the others had accepted the change in hours.
 
#14
mad_mac said:
AT55 said:
Unlawful or not I think the main point is that if the rest of the workforce accepts this and one person does not, then the employer can impose it on that one person and deem it to be reasonable request. If that one person went to a tribunal he would probably loose as the tribunal would say it was a reasonable request as the rest of the work force accepted it[
No, the "status quo" have no relevance in the rule of law unless otherwise legislated.

What is classed as "reasonable" must be objectively derived at through current case law as opposed to subjective reasoning.

To place this at its most base, would the actions of a "lemming scenario" seem justifable because the majority carried out a particular action.
You have to remember that the Employment Tribunal is not the Civil Court. Rules of evidence, case law precedence and such are not necessarily adhered to in quite the same way. Although the Chairman is legally trained, there is as much weight put on the opinions from the two lay members - who are selected to have specific work experience one from the employers' side and one from the shop floor.

This is not to say that the Tribunal can ignore specific law - it can't (and when it does, there is the judicial Employment Appeal Tribunal) - but they often make what can appear to be, from the strict legalistic interpretation, somewhat perverse interpretations of "reasonable" and "unreasonable". And they do take evidence from fellow-workers on they way they interpreted certain things - and quote that in their judgements.

Been there, got the blood-drenched t-shirt.
 
#15
Idrach said:
.................... is defined in s2 of the DPA96 and requires one of more of the Schedule 3 conditions............................... Your case law quote is both accurate (sic) and irrelevant.
Is DPA96 the the same as The Data Protection Act 1998?
 
#16
The link I gave you, which was written by the Information commissioners office and so the person who would bring a prosecution if the company was doing something wrong. At the end they explains it quite well and indicates that it is not a problem for children's info to be taken. If that is the case then adults would have great difficulty arguing against it.

"Appendix: The data protection principles
The Data Protection Act 1998 includes eight data protection principles with which data controllers must comply. The first, second, fifth and seventh principles are the most relevant to this issue.
The first principle requires that personal data is processed fairly and lawfully. Fairness requires that schools ensure that pupils are informed about and understand the purpose for which their personal data is being processed.
The second principle requires that personal data is obtained for one or more specified and lawful purposes and not further processed in any manner incompatible with that purpose or those purposes. Children’s biometric data should therefore not be used for any purpose not directly related to that for which it was collected.
The fifth principle requires that personal data is not kept for longer than it is needed for its specified purpose. Pupils’ biometric data should therefore be destroyed when they have left the school.
The seventh principle requires that appropriate security is in place to safeguard personal data from unauthorised processing and accidental loss, destruction or damage."
 
#18
Idrach said:
I refer you to what I said and not what you think I said.

"Sensitive personal data" is defined in s2 of the DPA96 and requires one of more of the Schedule 3 conditions to be met as opposed to "personal data", which requires one or more of the less onerous Schedule 2 conditions to be met. Your case law quote is both accurate and irrelevant..........
My point concerning the Marper case was to highlight that this data is in fact covered by the DPA 1998, thus the case law I cited was both accurate and relevant.

Personal data and sensitive personal data differ only in that the processing of sensitive personal data, requires explicit consent of the Data Subject.

This means that it is not appropriate to use wide-ranging definitions of purpose on consent forms to cover all possible data transfer circumstances, or to rely on the right to opt out rather than the obtaining of explicit consent - although both of these approaches are advisable for non-sensitive personal data.
 
#19
Idrach said:
You have to remember that the Employment Tribunal is not the Civil Court. Rules of evidence, case law precedence and such are not necessarily adhered to in quite the same way. Although the Chairman is legally trained, there is as much weight put on the opinions from the two lay members - who are selected to have specific work experience one from the employers' side and one from the shop floor.

This is not to say that the Tribunal can ignore specific law - it can't (and when it does, there is the judicial Employment Appeal Tribunal) - but they often make what can appear to be, from the strict legalistic interpretation, somewhat perverse interpretations of "reasonable" and "unreasonable". And they do take evidence from fellow-workers on they way they interpreted certain things - and quote that in their judgements.

Been there, got the blood-drenched t-shirt.
Appreciate that, and some rather strange rulings have come out at Employment Tribunals. That said, unlike Courts the ET have no powers of judicial precedent.

Research was carried out by the Confederation of British Industry in 2005 entitled Restoring Faith in Employment Tribunals (2005). This document found that most employers lacked confidence in the Employment Tribunal System and often chose to settle weak and vexatious claims to avoid using it. Most employers felt it had become too adversarial and legalistic rather than being a quick and informal means to dispute resolution.

Despite improvements being made under Tribunals, Courts and Enforcements Act 2007 it is still problematic regarding transparency and lack of availability of state funding.

If an error has been made at the Employment Tribunal, the claimant may Appeal to the Employment Appeals Tribunal.

An appeal must be to identify flaws in the original legal reasoning.
 
#20
Bolo-Driller said:
..................Im not sure on this one, any ideas?

Thanks in advance of any replies
His Union may be of some help.

Union wins victory over fingerprinting at work

(14/11/08) UNISON has won a victory at Westminster City Council by convincing the authority to withdraw 'big brother' fingerprint recognition machines at workplaces.

The machines were introduced at some council worksites by community protection management in the autumn, without consultation.

The union campaigned against what it called "big brother proposals … based on mistrust of staff, and a disproportionate way of keeping records of working time."

As part of the campaign, Wesminster branch secretary Phil Vaughan met council chief executive Mike More to explain the union's position and inform him that members would refuse to provide their fingerprints.

"I had a very positive meeting with Mike More about the proposals to finger print staff," reported Mr Vaughan.

"Although he clearly supported his managers, he was also concerned about the wider impact on employee relations."

Following that meeting, Mr More wrote a letter to the branch promising that management "will remove the machinery from current locations" and "will not pursue the use of machines in the community protection service in the foreseeable future."

"We are obviously very pleased with this decision," said Mr Vaughan, "and are now keen to engage with local managers on other ways in which time monitoring can be done without biometric technology."
 

Similar threads

Latest Threads

Top