The seventh data protection principle requires appropriate technical and
organisational measures to be taken to protect personal data. Depending on
the justification for introducing this control, it may be reasonable to take
the view that the processing is necessary for compliance with a legal
obligation (Condition 3 of Schedule 2), thus satisfying the first data
protection principle.
However, I would agree that any company introducing such controls would need
to give its employees guarantees as to how the information would be used.
Colin Atkinson
Data Protection Officer
University of Leicester
University Road, Leicester LE1 7RH
Tel. 0116 252 2412 Fax. 0116 252 5169
e-mail: [log in to unmask]
> -----Original Message-----
> From: Leif Wilks [SMTP:[log in to unmask]]
> Sent: Wednesday, November 15, 2000 10:31 AM
> To: [log in to unmask]; [log in to unmask];
> [log in to unmask]
> Subject: Re: RE: Fingerprints!
>
> Tim Wright's objector may well answer for himself, but I would suggest
> that Martin Hoskins looks at the first data protection principle, that
> refers to fair processing.
> Either employees consent to the processing or it is imposed on them, and
> it can only be imposed on them by the threat of dismissal. Fair
> processing?
> I would consider it quite legitimate to be concerned about giving
> fingerprints. The scanning process converts the print into a digital
> record which is then susceptible to being processed like any other data
> (which includes disclosure to whoever) and the employee should be given
> cast-iron guarantees as to how the information would be used. If the
> employer, like One2one, "in almost everything....doesn't need to get an
> individual's consent to process their data.." because ".. the processing
> is necessary for the legitimate interests persued (sic) by the data
> controller" (I refer to earlier messages), employees would have reason for
> concern.
>
> Leif
>
>
> >>> Martin Hoskins <[log in to unmask]> 11/15 9:57 am >>>
> Please ask your objector to point to the part of the Act that REQUIRES
> consent for the collection of fingerprints for this purpose. I suggest
> that
> it is within your legitimate interests to process such data for the
> limited
> purposes you describe!
>
> Regards
> Martin
>
>
> -----Original Message-----
> From: Wright, Tim M. [mailto:[log in to unmask]]
> Sent: 15 November 2000 09:37
> To: [log in to unmask]
> Subject: Fingerprints!
>
>
> A company of my acquaintance is considering the use of fingerprint
> scanners
> for door and workstation security (doing away with the necessity for swipe
> cards and remembering passwords, PINs etc). An objection has been raised
> that in order for this to be legitimate, the agreement of every employee
> must be obtained first. I can't help but feel this is nonsense. There's no
> denying that fingerprint info is personal data, but provided it's only
> used
> for company security purposes I can't see any issues beyond the usual
> secure
> storage, not using it for junk marketing (!) etc etc.
> Can anyone else?
> Tim
>
> --
> Tim M. Wright
> Director - Technology Audit
> Charles Schwab Europe
> Tel: +44 190 852 7793
> Mobile: +44 7932 669 074
> Fax: +44 190 852 7593
>
>
>
> NOTICE AND DISCLAIMER:
> This email (including attachments) is confidential. If you have received
> this email in error please notify the sender immediately and delete this
> email from your system without copying or disseminating it or placing any
> reliance upon its contents. We cannot accept liability for any breaches
> of
> confidence arising through use of email. Any opinions expressed in this
> email (including attachments) are those of the author and do not
> necessarily
> reflect our opinions. We will not accept responsibility for any
> commitments
> made by our employees outside the scope of our business. We do not
> warrant
> the accuracy or completeness of such information.
>
>
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|