JiscMail Logo
Email discussion lists for the UK Education and Research communities

Help for DATA-PROTECTION Archives


DATA-PROTECTION Archives

DATA-PROTECTION Archives


data-protection@JISCMAIL.AC.UK


View:

Message:

[

First

|

Previous

|

Next

|

Last

]

By Topic:

[

First

|

Previous

|

Next

|

Last

]

By Author:

[

First

|

Previous

|

Next

|

Last

]

Font:

Proportional Font

LISTSERV Archives

LISTSERV Archives

DATA-PROTECTION Home

DATA-PROTECTION Home

DATA-PROTECTION  May 2009

DATA-PROTECTION May 2009

Options

Subscribe or Unsubscribe

Subscribe or Unsubscribe

Log In

Log In

Get Password

Get Password

Subject:

Re: Biometric Data on Flash Drive

From:

"Bradshaw, Phillip" <[log in to unmask]>

Reply-To:

Bradshaw, Phillip

Date:

Wed, 27 May 2009 16:01:12 +0100

Content-Type:

text/plain

Parts/Attachments:

Parts/Attachments

text/plain (245 lines)

I understand that the data is inaccessible and not a d
 

Ben



I understand that the data is inaccessible and not a direct image of the

fingerprint. There is clearly no significant risk of identification

involved. 



Nevertheless :



1. It is data

2. It relates to a living individual (usually) 

3. The individual it relates to can be identified from other information

which is in the possession of the data controller



QED it is personal data.  See CSA v Scottish Information Commissioner

[2008] UKHL 47 



Section 4(4) is mandatory and unless I turn a blind-eye it seems I may

be forced to follow Donald's suggestion, if as appears from my enquiries

to be the case, deleting the user-profile does not delete the biometric

data.





Phil Bradshaw







-----Original Message-----

From: This list is for those interested in Data Protection issues

[mailto:[log in to unmask]] On Behalf Of Ben Plouviez

Sent: 27 May 2009 15:44

To: [log in to unmask]

Subject: Re: [data-protection] Biometric Data on Flash Drive



I'm not sure that the biometric data on these devices is precisely

personal information: an algorithm is stored which could not be used to

identify an individual (it is used to validate the fingerprint: it is

not a representation of the fingerprint). So personally I wouldn't worry

about it. What do others think?



Ben





-----Original Message-----

From: This list is for those interested in Data Protection issues

[mailto:[log in to unmask]] On Behalf Of Donald Henderson

Sent: 27 May 2009 14:07

To: [log in to unmask]

Subject: Re: [data-protection] Biometric Data on Flash Drive



Phil,



Isn't the pragmatic answer to ensure that the device is wiped /

reformatted within an appropriate time period of a user leaving (say a

year) ? That would mean the biometric data is no longer held

indefinitely, but would still be "required" to be held operationally

(since it couldn't be removed) up to the point of re-formatting.



Periodic reformatting of all such devices might be considered a good

thing anyway to ensure that only those who need to use such a device can

do so.



Regards



Donald Henderson

Information Compliance Manager

Perth & Kinross Council





-----Original Message-----

From: This list is for those interested in Data Protection issues

[mailto:[log in to unmask]] On Behalf Of Phil Bradshaw

Sent: 27 May 2009 12:02

To: [log in to unmask]

Subject: [data-protection] Biometric Data on Flash Drive



We currently issue and use secure USB flash drives which are accessed

using biometric (fingerprint) recognition. 



http://www.beyondifsolutions.com/Stealth_MXP_Feb_23_06.pdf



These can register up to 6 users with their own encrypted secure area.



If we register more than one user, and one of these leaves (as we all do

eventually !) the profile can be removed by an administrator, but I am

advised that technically the biometrics remains on the device - no-one

including the user can actually gain access to the biometric profile, as

such it cannot be taken off the device or accessed by anyone else

including .



It can only be removed by an administrator wiping / reformatting the

device. 



How do I reconcile this with the fifth principle - personal data not to

be kept longer than necessary ? Is it permissible to say since no-one

can access it we do not hold it / are no longer keeping it ? 



Because of the high cost compared to 'open' USB drives  it is

impractical to have one device per user where only occasional use is

required



^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

     All archives of messages are stored permanently and are

      available to the world wide web community at large at

      http://www.jiscmail.ac.uk/lists/data-protection.html

     If you wish to leave this list please send the command

       leave data-protection to [log in to unmask] All user

commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm

 Any queries about sending or receiving messages please send to the list

owner

              [log in to unmask]

  Full help Desk - please email [log in to unmask] describing your

needs

        To receive these emails in HTML format send the command:

         SET data-protection HTML to [log in to unmask]

   (all commands go to [log in to unmask] not the list please)

    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^







Securing the future... - Improving services - Enhancing quality of life

- Making best use of public resources.



The information in this email is solely for the intended recipients. 



If you are not an intended recipient, you must not disclose, copy, or

distribute its contents or use them in any way: please advise the sender

immediately and delete this email.



Perth & Kinross Council does not warrant that this email or any

attachments are virus-free and does not accept any liability for any

loss or damage resulting from any virus infection. Perth & Kinross

Council may monitor or examine any emails received by its email system.



The information contained in this email may not be the views of Perth &

Kinross Council. It is possible for email to be falsified and the sender

cannot be held responsible for the integrity of the information

contained in it.



Requests to Perth & Kinross Council under the Freedom of Information

(Scotland) Act should be directed to the Freedom of Information Team -

email: [log in to unmask]



General enquiries should be made to [log in to unmask] or 01738

475000.



Securing the future... - Improving services - Enhancing quality of life

- Making best use of public resources.



^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

     All archives of messages are stored permanently and are

      available to the world wide web community at large at

      http://www.jiscmail.ac.uk/lists/data-protection.html

     If you wish to leave this list please send the command

       leave data-protection to [log in to unmask] All user

commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm

 Any queries about sending or receiving messages please send to the list

owner

              [log in to unmask]

  Full help Desk - please email [log in to unmask] describing your

needs

        To receive these emails in HTML format send the command:

         SET data-protection HTML to [log in to unmask]

   (all commands go to [log in to unmask] not the list please)

    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^



This email was received from the INTERNET and scanned by the Government

Secure Intranet anti-virus service supplied by Cable&Wireless in

partnership with MessageLabs. (CCTM Certificate Number 2007/11/0032.) In

case of problems, please call your organisation s IT Helpdesk. 

Communications via the GSi may be automatically logged, monitored and/or

recorded for legal purposes.



*******************************************************************

This email has been received from an external party and has been swept

for the presence of computer viruses.

*******************************************************************





********************************************************



This e-mail (and any files or other attachments transmitted with it) is

intended solely for the attention of the addressee(s).  Unauthorised

use, disclosure, storage, copying or distribution of any part of this

e-mail is not permitted.  If you are not the intended recipient please

destroy the email, remove any copies from your system and inform the

sender immediately by return.



 



Communications with the Scottish Government may be monitored or recorded

in order to secure the effective operation of the system and for other

lawful purposes.  The views or opinions contained within this e-mail may

not necessarily reflect those of the Scottish Government.



********************************************************





The original of this email was scanned for viruses by the Government

Secure Intranet virus scanning service supplied by Cable&Wireless in

partnership with MessageLabs. (CCTM Certificate Number 2007/11/0032.) On

leaving the GSi this email was certified virus free.

Communications via the GSi may be automatically logged, monitored and/or

recorded for legal purposes.



^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

     All archives of messages are stored permanently and are

      available to the world wide web community at large at

      http://www.jiscmail.ac.uk/lists/data-protection.html

     If you wish to leave this list please send the command

       leave data-protection to [log in to unmask] All user

commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm

 Any queries about sending or receiving messages please send to the list

owner

              [log in to unmask]

  Full help Desk - please email [log in to unmask] describing your

needs

        To receive these emails in HTML format send the command:

         SET data-protection HTML to [log in to unmask]

   (all commands go to [log in to unmask] not the list please)

    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^



**********************************************************************

Privileged/Confidential Information may be contained in this message. If you are not the addressee indicated in this message (or responsible for delivery of the message to such person), you may not copy or deliver this message to anyone. In such case, you should destroy this message and kindly notify the sender by reply email. Please advise immediately if you or your employer does not consent to Internet email for messages of this kind.  Opinions, conclusions and other information in this message that do not relate to the official business of the Council of the City and County of Cardiff shall be understood as neither given nor endorsed by it.  All e-mail sent to or from this address will be processed by Cardiff County Councils Corporate E-mail system and may be subject to scrutiny by someone other than the addressee.

**********************************************************************

Mae'n bosibl bod gwybodaeth gyfrinachol yn y neges hon. Os na chyfeirir y neges atoch chi'n benodol (neu os nad ydych chi'n gyfrifol am drosglwyddo'r neges i'r person a enwir), yna ni chewch gopio na throsglwyddo'r neges. Mewn achos o'r fath, dylech ddinistrio'r neges a hysbysu'r anfonwr drwy e-bost ar unwaith. Rhowch wybod i'r anfonydd ar unwaith os nad ydych chi neu eich cyflogydd yn caniatau e-bost y Rhyngrwyd am negeseuon fel hon. Rhaid deall nad yw'r safbwyntiau, y casgliadau a'r wybodaeth arall yn y neges hon nad ydynt yn cyfeirio at fusnes swyddogol Cyngor Dinas a Sir Caerdydd yn cynrychioli barn y Cyngor Sir nad yn cael sel ei fendith. Caiff unrhyw negeseuon a anfonir at, neu o'r cyfeiriad e-bost hwn eu prosesu gan system E-bost Gorfforaethol Cyngor Sir Caerdydd a gallant gael eu harchwilio gan rywun heblaw'r person a enwir.

**********************************************************************



^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
     All archives of messages are stored permanently and are
      available to the world wide web community at large at
      http://www.jiscmail.ac.uk/lists/data-protection.html
     If you wish to leave this list please send the command
       leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
 Any queries about sending or receiving messages please send to the list owner
              [log in to unmask]
  Full help Desk - please email [log in to unmask] describing your needs
        To receive these emails in HTML format send the command:
         SET data-protection HTML to [log in to unmask]
   (all commands go to [log in to unmask] not the list please)
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Top of Message | Previous Page | Permalink

JiscMail Tools


RSS Feeds and Sharing


Advanced Options


Archives

August 2019
July 2019
June 2019
May 2019
April 2019
March 2019
February 2019
January 2019
December 2018
November 2018
October 2018
September 2018
August 2018
July 2018
June 2018
May 2018
April 2018
March 2018
February 2018
January 2018
December 2017
November 2017
October 2017
September 2017
August 2017
July 2017
June 2017
May 2017
April 2017
March 2017
February 2017
January 2017
December 2016
November 2016
October 2016
September 2016
August 2016
July 2016
June 2016
May 2016
April 2016
March 2016
February 2016
January 2016
December 2015
November 2015
October 2015
September 2015
August 2015
July 2015
June 2015
May 2015
April 2015
March 2015
February 2015
January 2015
December 2014
November 2014
October 2014
September 2014
August 2014
July 2014
June 2014
May 2014
April 2014
March 2014
February 2014
January 2014
December 2013
November 2013
October 2013
September 2013
August 2013
July 2013
June 2013
May 2013
April 2013
March 2013
February 2013
January 2013
December 2012
November 2012
October 2012
September 2012
August 2012
July 2012
June 2012
May 2012
April 2012
March 2012
February 2012
January 2012
December 2011
November 2011
October 2011
September 2011
August 2011
July 2011
June 2011
May 2011
April 2011
March 2011
February 2011
January 2011
December 2010
November 2010
October 2010
September 2010
August 2010
July 2010
June 2010
May 2010
April 2010
March 2010
February 2010
January 2010
December 2009
November 2009
October 2009
September 2009
August 2009
July 2009
June 2009
May 2009
April 2009
March 2009
February 2009
January 2009
December 2008
November 2008
October 2008
September 2008
August 2008
July 2008
June 2008
May 2008
April 2008
March 2008
February 2008
January 2008
December 2007
November 2007
October 2007
September 2007
August 2007
July 2007
June 2007
May 2007
April 2007
March 2007
February 2007
January 2007
2006
2005
2004
2003
2002
2001
2000
1999
1998


JiscMail is a Jisc service.

View our service policies at https://www.jiscmail.ac.uk/policyandsecurity/ and Jisc's privacy policy at https://www.jisc.ac.uk/website/privacy-notice

Secured by F-Secure Anti-Virus CataList Email List Search Powered by the LISTSERV Email List Manager