12.4 Biometric Recognition Technology
12.4.1 Facial Recognition Technology (FRT) Surveillance automatically compares CCTV images of individuals with images of persons of interest held in a secure database, matches are flagged up to operatives for verification as a confirmed match before being held in archive for subsequent retrieval. FRT is considered a very invasive form of data processing it is imperative that a Privacy Impact Assessment is undertaken as part of the decision making process in considering the adoption off FRT.
“Scanning people’s faces as they lawfully go about their daily lives, in order to identify them, is a potential threat to privacy that should concern us all. That is especially the case if it is done without people’s knowledge or understanding”
– Elizabeth Denham – Information Commissioner
22.214.171.124 Code of Practice – Having regard for the lack of practical advice or a Code of Practice from either the ICO or The Surveillance Camera Commissioners Office, the following guidance is offered for general interest only as part of a decision making process that must include Privacy Impact and Legitimate Interest Assessments.
126.96.36.199 Scope – The use of FRT should only be considered for the purpose of identifying persons believed to be responsible for antisocial behaviour, criminal activities, hostile reconnaissance, and for missing persons. Before entering images into the persons of interest database it must be recorded in writing how the person has demonstrated such behaviour and activity.
188.8.131.52 Justification – The decision to enter a person’s image into the database must be documented and agreed by the data controller in consultation with (as applicable) law enforcement agencies and government intelligence agencies.
184.108.40.206 Image Quality – All images must be of sufficient quality so as to reduce the possibility of false matches being flagged by the system.
220.127.116.11 Review – Images of suspect subjects held on the database shall be routinely reviewed and permanently deleted when retention can no longer be reasonably justified.
18.104.22.168 Consent – due to the lawful purpose of this processing consent would not be required.
22.214.171.124 Archive Retention – only confirmed matches are retained by the system. A 30 day archive is typically held and then automatically deleted. Confirmed matches may be retained for the purpose of an ongoing police investigation until marked as no longer required, at which point they are archived subject to automatic deletion after 30 days.
126.96.36.199 Privacy – access to recordings shall be password protected and managed on computer devices identified by unique reference numbers logged in a Controlled Data Register. The recording must be deleted at the end of the archive period.
12 4.1.11 Process – to be documented in an activity log on a case by case basis.
12.4.2 Body Temperature Fever Scanning (BTFS)
Dedicated cameras scan the body temperatures of individuals present within mass numbers of people entering an area, these temperatures are compared with the norm and any exceptions are flagged for immediate validation by a nominated person, normally a member of the security team using a non contact thermometer.
The fundamental purpose of BTFS is to identify individuals with abnormal temperature, inform them that their body temperature is indicative of COVID19 and request that they leave the building.
Provided that no Personal Data or Images are committed to writing or stored in a filing system (for any amount of time or in any format), the live monitoring of body temperatures will not fall under Data Protection Legislation.
It would be good practice to inform that Body Temperature Fever Scanning is taking place by means of prominent signage located at the point of entry.
Guidance and regulations relating to the COVID-19 pandemic are changing rapidly. You should keep this regulatory area under regular review.
In commercial property access control applications the norm is to provide NFC cards or tokens rather than use of Biometrics, however fingerprint recognition is the more acceptable choice as opposed to facial recognition technology or retina scanning.
Biometric data must be converted into code at the point of capture and no biometric images retained or otherwise stored in the database. Furthermore, it should not be possible to recreate the biometric data from code. For the avoidance of doubt, the advice of the manufacture should be sought in relation to the data compliance of its processing methods.
You should ensure that individuals whose data is entered to this system are made aware of your operational process, the following template provides useful guidance.