Our website uses cookies so we can analyse our site usage and give you the best experience. Click "Accept" if you’re happy with this, or click "More" for information about cookies on our site, how to opt out, and how to disable cookies altogether.

More Accept ×

We respect your Do Not Track preference.

Close ×

opc header logo

Print | Email this page

Case Note 33623 [2003] NZPrivCmr 5 - Union complains of company's introduction of finger-scanning

A manufacturing company proposed introducing a fingerscanning unit to record employees' attendance. The New Zealand Engineering Printing and Manufacturing Union complained that a fingerscanning unit would constitute an interference with its members' privacy. The Union argued that fingerscanning technology was associated with criminal activity; that it might be used for other purposes; and that it was unnecessary as there were other means available. The Union also argued it was contrary to the New Zealand Bill of Rights Act 1990 and so was unlawful, and would cause loss of dignity.

I considered the complaint in terms of information privacy principles 1, 3, 4 and 5 and concluded there was no breach.

The fingerscan system

The Company supplied detailed information about the process to the Union and me. As I understood it, an individual's finger would be measured by a sensor, which would scan significant landmarks of the fingerprint pattern. The sensor would then enter those data into a computer system, where they would be processed into a set of numbers known as a template.

Each individual would be given a PIN number, associated with a particular template. When the PIN was entered, the system would locate the template associated with that PIN. When the individual's finger was placed on a keypad, the system would check to see whether that finger pattern conformed to the template.

I noted that:
- the template is not a fingerprint image but is a mathematical representation which cannot be reverse-engineered to reconstruct a fingerprint.
- the original image is transient, and cannot be stored within the unit.
- the system verifies the user, but does not identify the user.
- the finger scanner does not search a database, but carries out a one-to-one comparison between a finger and the template shown in the system.

Principle 1

This principle provides that an agency may not collect personal information unless it is collected for a lawful purpose connected with an activity of the agency and the collection is necessary for that purpose.

The fingerscanning unit was to be part of an overall payroll system. The Company advised me that its current payroll system was no longer adequate. The information would be collected for a lawful purpose - to assist the efficient administration of the Company's payroll.

I considered whether the fingerscanner was necessary for that purpose. The Union submitted that a system of time sheets and clock cards would suffice, and the fingerscan was 'overkill'. The Company advised me it had relied on the honesty of employees to complete time sheets, but there had been allegations of dishonesty. The Company believed that a scanner had become a necessity to deal with an existing problem and that the fingerscan unit was the most viable option to meet its requirements.

An employer is legally entitled to collect information to ensure that workers are meeting the terms of their employment contracts. The Company was of the view that the collection was reasonably necessary to address attendance issues.

On the basis of this information, I was satisfied that the collection of the information in question was necessary for the Company's purpose. I took the view that the collection was both lawful and necessary. There was no breach of principle 1.

Principle 3

Principle 3 provides that where an agency collects personal information from the individual concerned, it must take certain steps prior to the collection, if practicable. For instance an agency is required to advise the individual concerned about what information it proposes to collect, and the purpose of collection. The Company gave details of the steps it had taken to educate staff about the fingerscanning units.

The fingerscanning unit was not yet in use. As a result, the Company had not yet needed to advise staff about any consequences if they did not provide all or part of the information (principle 3(1)(f)).

Because of the steps taken by the Company, I formed the opinion that its actions were not in breach of principle 3.

 

Principle 4

An agency may not collect personal information by means which are, in the circumstances of the case, unlawful, unfair or unreasonably intrusive (principle 4).

The Union argued that principle 4 would be breached by the proposed collection and cited the New Zealand Bill of Rights Act 1990. It claimed that fingerscanning requires employees to submit to a physical examination procedure at a specific place without the employees' informed consent, and that it amounted to unlawful constraint and contact.

The Bill of Rights Act applies to acts done by the branches of the New Zealand government, and those performing public duties (section 3). I did not consider that it could apply to the Company.

The Union also pointed to the absence of an express or implied term in the employment contract covering fingerscanning. Determination of this issue may well be for another forum, such as the Employment Court. It would have been quite improper for me to usurp the role of the Court by dealing with the matter.

The Company complied with principles 1 and 3 and I was not persuaded in the circumstances that there was sufficient evidence that the fingerscanning would be unfair, or intrude to an unreasonable extent on the personal affairs of the employees and so breach principle 4.

Principle 5

Principle 5 provides for the storage and security of personal information. This principle is concerned with any safeguards the agency has in place to protect information from, among other things, unauthorised misuse. The safeguards do not have to be fail-safe, but they must be reasonable in the circumstances. Policies, systems and staff training are relevant to this principle.

The Company said that unauthorised tampering with the system would not be possible as the system used passwords and only authorised users would be able to gain access. The number of authorised users would be strictly limited.

On the basis of detailed technical and other information provided to my Office, I formed the provisional view that the Company had security safeguards in place which were reasonable in the circumstances and envisaged by principle 5. A comprehensive technical analysis of the system's capabilities and vulnerabilities would have gone beyond the resources available to my Office.

Section 66

Two requirements must be fulfilled before there is an interference with privacy under the section 66 of the Privacy Act. First, a breach of an information privacy principle must be established and second, I must be satisfied that an adverse consequence in terms of section 66(1)(b) resulted from that breach.

The Union argued that employees would suffer the indignity of having to submit to the physical examination involved which would cause them significant humiliation, loss of dignity and injury to feelings.

I did not consider that the Company had breached principles 1, 3, 4 or 5 and so the first requirement of section 66 was not met. Since a breach of an information privacy principle had not been established, it was not necessary for me to form a view on the issue of harm.

Additionally, the fingerscanning unit was not yet in use. Compliance by the Company with principle 3 would ensure employees could make an informed decision about their participation in the finger scanning procedure. Having reached their decision on the matter, employees would be free to choose to submit to the procedure, or to decline to participate. If employees choose not to participate, they may well have to face the Company's disciplinary actions. Determining whether an adverse response from the Company would give rise to action in the Employment Court was not an issue for me to pursue.

I formed the opinion that the fingerscanning proposal would not cause an interference with the privacy of the Company's employees. I advised the Union accordingly and closed my file.

February 2003

Indexing terms: Collecting personal information - Employer - Use of fingerscanner - Whether collection was 'necessary' and for a 'lawful' purpose - Information privacy principle 1

Collecting personal information - Employer - Use of fingerscanner - Consequences of refusal to undergo procedure - Information privacy principle 3(1)(f)

Collecting personal information - Employer - Use of fingerscanner - Whether infringed New Zealand Bill of Rights Act - Employment contract - Determination by Employment Court - New Zealand Bill of Rights Act 1990 s.3, Information privacy principle 4

Storage of personal information - Employer - Use of fingerscanner - Whether security safeguards reasonable - Information privacy principle 5

Back to top