New work entrance system...

Discussion in 'Finance, Property, Law' started by Bolo-Driller, Oct 29, 2009.

Welcome to the Army Rumour Service, ARRSE

The UK's largest and busiest UNofficial military website.

The heart of the site is the forum area, including:

  1. My friend is currently working for a company that are implementing a new secure entry clocking in/out system. It uses fingerprint recognition I believe ( or he says they need to take everyones fingerprints for it at least anyway).

    He says is it legal to request and hold a database of fingerprints from staff members? He believes that it could only be asked for by the relevant authorities and not by a company? Is this allowed?

    Im not sure on this one, any ideas?

    Thanks in advance of any replies
     
  2. It is legal to request (ask for) and hold almost any data - think of DV - and fingerprints are not considered "sensitive personal data" under the Data Protection Act. You might, if you had a very strong objection to having your fingerprints held by your employer, be able to claim "constructive dismissal" - this is likely to be a material change in your employment Ts&Cs, but I doubt that this would be upheld at Tribunal.

    Now, the use of the fingerprints would need to be solely for the purposes for which they were collected (i.e. getting in in the morning), or as otherwise required by law.

    Edited to add - your purposes for collecting any data must be lawful. But I doubt that they are collecting fingerprints to aid them in racial, sexual or similar discrimination. It's for building entry.
     
  3. I disagree with your assumption that fingerprints are not classified as “personal data” and refer you to S and Marper v UK (Application Nos. 30562/04 and 30566/04.

    In paragraph 68 of the judgement it states:

    The Court notes at the outset that all three categories of the personal information retained by the authorities in the present cases, namely fingerprints, DNA profiles and cellular samples, constitute personal data within the meaning of the Data Protection Convention as they relate to identified or identifiable individuals. The Government accepted that all three categories are “personal data” within the meaning of the Data Protection Act 1998 in the hands of those who are able to identify the individual.

    Whether or not fingerprints are “directly” identifiable from scans or data encrypted and encoded into algorithmic data is superfluous, as those data controllers may identify the individual concerned, and those with access to relevant software may be able to identify individuals.

    Regards
     
  4. Gremlin

    Gremlin LE Good Egg (charities)

    Oh FFS.

    IT companies have been using finger print security for years. Many laptops (including my 3 year old one) come with it as standard.

    The more relevant question is, what does he have to hide?
     
  5. I doubt very much the original poster "has anything to hide". The door security system can only be used for its intended purpose and will certainly not be linked into the National Fingerprint Database (NPD) as this is unlawful.

    It is a question of choice, which surprising as it may seem, we still have in a democratic society. An alternative form of entry must be provided (swipe card, key code etc) for those who wish to limit third party access to personal data.

    The position that an objection to divulge personal data constitutes a presumption of guilt is a precarious one to take.
     
  6. As previously mentioned any such prints provided will be covered by the Data Protection Act. This basically says says that the info is to be kept secure and to be only used for the purpose that is as collected for.

    If the majority of the workforce DON'T want to hand over their prints then your mate should be pretty safe in not giving his either, however, if the vast majority of the workforce WANT to give their details he may as well spend some time getting his CV updated.

    Remind your mate that if he wants to "stick up for his rights and beliefs" that there are millions unemployed at the moment. I think that the employer is making a reasonable request.
     
  7. It is my belief that unless this is a pre-requisite for the job and is included in his employment contract then imposing this would be unlawful.

    An employment law specialist would tender more salient advice.
     
  8. Unlawful or not I think the main point is that if the rest of the workforce accepts this and one person does not, then the employer can impose it on that one person and deem it to be reasonable request. If that one person went to a tribunal he would probably loose as the tribunal would say it was a reasonable request as the rest of the work force accepted it[
     
  9. A number of schools now use fingerprinting. If you do a search you will see a wide range of comments from both ends of the spectrum. As for comments about it letting parents know what the children are eating for lunch, this has already been achieved by use of cashless systems and swipe cards with photos on. Fingerprinting is just a different swipe card that you will have difficulty loosing.

    link is form Aug 2008

    http://www.ico.gov.uk/upload/documents/library/data_protection/detailed_specialist_guides/fingerprinting_final_view_v1.11.pdf
     
  10. No, the "status quo" have no relevance in the rule of law unless otherwise legislated.

    What is classed as "reasonable" must be objectively derived at through current case law as opposed to subjective reasoning.

    To place this at its most base, would the actions of a "lemming scenario" seem justifable because the majority carried out a particular action.

    Communi consilio is not a valid defence in law.
     
  11. I, personally have no problems with this, as long as the principles of data protection are rigorously applied.

    That being said, there should not be a culture of "exclusivity" applied because of non compliance.
     
  12. I refer you to what I said and not what you think I said.

    "Sensitive personal data" is defined in s2 of the DPA96 and requires one of more of the Schedule 3 conditions to be met as opposed to "personal data", which requires one or more of the less onerous Schedule 2 conditions to be met. Your case law quote is both accurate and irrelevant.

    I would hazard that Sch 2 s2(a) and the OP's mate's contract of employment apply here.
     
  13. There was a case a number of years ago when the AA (I think) imposed new working hours on its patrol staff in one part of the country. All accepted these hours but one. He took his case to law and lost as the Court decided that the employees case was un-reasonable in that all the others had accepted the change in hours.
     
  14. You have to remember that the Employment Tribunal is not the Civil Court. Rules of evidence, case law precedence and such are not necessarily adhered to in quite the same way. Although the Chairman is legally trained, there is as much weight put on the opinions from the two lay members - who are selected to have specific work experience one from the employers' side and one from the shop floor.

    This is not to say that the Tribunal can ignore specific law - it can't (and when it does, there is the judicial Employment Appeal Tribunal) - but they often make what can appear to be, from the strict legalistic interpretation, somewhat perverse interpretations of "reasonable" and "unreasonable". And they do take evidence from fellow-workers on they way they interpreted certain things - and quote that in their judgements.

    Been there, got the blood-drenched t-shirt.
     
  15. Is DPA96 the the same as The Data Protection Act 1998?