Fingerprint | Card Access Control And Time Attendance Solutions : FingerTec Worldwide
GUIDELINES FOR BIOMETRIC DATA USER
 
The guide below provides data users with general information on the protection of biometric data collected from FingerTec devices and highlights the principles and some of the requirements that may be applicable to the respective data user.

The term 'Data user' here refers to every person or entity that uses FingerTec terminal and/or software to collect, store and process biometric data.


Please note that it is each data user's responsibility to ensure that their collection and processing of biometric data is done in accordance with applicable law. As such, this may require them to maintain a set of their own biometric data policies (collection, disclosure, retention, storage and etc.), in addition to complying with other privacy rules specified in respective national laws. For a basic guideline, refer to the section below: GUIDELINES FOR DATA USER.
INTRODUCTION

1. What is Biometric data?

Biometrics is the technical term for body measurements and calculations. This involves technically analysing either the physical or behavioural characteristics of individuals for authentication purposes.

Specifically, Article 4(14) of the EU's General Data Protection Regulation has defined biometric data as: ‘biometric data’ means personal data resulting from specific technical processing relating to the physical, physiological or behavioural characteristics of a natural person, which allow or confirm the unique identification of that natural person, such as facial images or dactyloscopic data (the analysis of fingerprints for the purpose of identification);
Physiological data born with an individual
DNA samples, fingerprint, palm veins, iris, retina
Facial images and hand geometries
   
Behavioural data developed by an individual
Handwriting pattern, typing rhythm, gait, voice
2. What is Personal data?

Personal data usually refers to any information which relates directly or indirectly to a data subject (natural person). This includes any information that can be used to distinguish, identify or contact them.

There is also a further category of "sensitive" personal data, which in Malaysia would mean any personal data consisting of these types of information: physical or mental health, political opinions, religious or other similar beliefs and record of offences. Sensitive data comes with specific processing conditions.

In applications of biometrics, when data is collected and linked to personal data in another database, an individual can be identified. Therefore, biometric data is usually considered to be personal data (possibly also sensitive data depending on national legislation).

While the exact definition of the terms may vary by regulation, over 100 countries around the world now have privacy/data protection laws in place to safeguard personal data.
3. How is biometric data stored and processed in FingerTec devices?

Fingerprint Data
FingerTec devices do not store raw fingerprint images. Instead, the algorithm in FingerTec devices is based on the Minutiae matching method and the device stores a template in the form of an encrypted code. The template is non-reversible to the original image thus it cannot be used elsewhere.

Complete information on the technology is available at Fingerprint Technology Whitepaper

Facial Recognition Technology
FingerTec's face recognition algorithm uses a combined Gabor-LDA (Linear Discriminant Analysis) based method which consist of various processes of comparing selected facial features from a given image with faces within a database.

During face enrollment, the terminal will capture images of a person's face with an infrared camera and generates a 3 dimensional template to be stored as a template for verification process. The encrypted template is non-reversible to the original image thus it cannot be used elsewhere.

More information on the technology is available at Face Recognition Technology Whitepaper
4. How does FingerTec devices protect the personal data?

To ensure data security, users' fingerprint or face templates (together with other personal data) are stored in the device in encrypted format and the data can only be viewed using FingerTec software (TCMS, Ingress and etc.) or TimeTec solution. The same encrypted format is used when using USB drive to export and transfer data.

Due to processing of personal data in the software, it is also important to implement privacy protective measures for the servers containing the data. For instance, one of the practical measures include user authentication to control the access to all softwares, both windows based and cloud based.

For those that are using the devices with TimeTec TA cloud based system, more details of the security practices can be found here: https://www.timeteccloud.com/security
GUIDELINES FOR DATA USER

This is only a basic, non-comprehensive reference/guidance for the collection, processing and storage of biometric data. Please refer to the applicable laws in your country for the actual requirements.

The term 'Data user' here refers to every person or entity that uses FingerTec terminal and/or software to collect, store and process biometric data.


1. Consent, Lawfulness and Purpose

  1.1 Before using FingerTec terminals to collect, use or disclose biometric data, as the data user, you have a responsibility to inform all users or persons (data subject) whose biometric data are collected.
   
  1.2 In certain jurisdictions where applicable law so requires, you may have to satisfy some or all of the conditions below:
 
  i.   Provide this Notice to the individual in writing
  ii.   Indicate the specific purpose(s) for collecting the biometric data (i.e. only for employee's time attendance and access control purposes). The biometric templates that are collected may only be used for this authorized purpose and may not be used for any new purpose without prescribed consent. The data collected should be adequate for the purpose and not excessive.
  iii.  Specify the length of time for which it is being collected, stored, and used (e.g. only during the duration of active employment).
  iv.  Receive a written release that the individual consents to the collection, use or disclosure of their biometric data. The individual may at any time give notice to withdraw consent given, after which you (and other data processors) have to cease collecting, using or disclosing the data.
   
2. Notification to Data Subject (Access, Disclosure, Choice & Transparency)
   
  2.1 Furthermore, depending on the respective regulation, it may also be necessary to provide a written notice to inform a data subject of some or all of the following:
   
 
  i.  Data subjects have the right to request access to, to request correction of or to request erasure of the biometric data.
  ii.   The class of third parties to whom the data user discloses or may disclose the biometric data. Without consent of the data subject, the data shall not be disclosed by the data user unless under exceptional circumstances such as when legally required.
  iii.  Whether it is obligatory or voluntary for the data subject to provide the biometric data and the choice and means the data user offers the data subject for limiting the processing of such data ( e.g. the option of using a smartcard on its own with CCTV monitoring as an alternative to a fingerprint based attendance system)
  iv.  Should it be obligatory for the data subject to supply the biometric data, the consequences if he/she fails to supply the data.
  v.  Where applicable, the fact that the data user intends to transfer the biometric data to a third country or international organisation. The receiving country should also offer an adequate standard of data protection.
   
  2.2 The notice should be given to the data subjects as soon as practicable, such as when they are first asked by the data user to provide their biometric data.
   
  2.3 The notice should also be provided in appropriate, clear and plain language(s) (e.g. the national and English languages) and data subjects should have a readily accessible means to exercise their choice (e.g. choice to not voluntarily provide biometric data or to withdraw consent).
   
  2.4 In connection with items 1.2 and 2.1 of this Guideline, data user should devise Privacy Policies and procedures setting out clearly the rules and practices that are to be followed in collection and processing of biometric data. The policy should be available to all parties concerned and data users should draw the specific attention of the individuals affected to such policies and procedures.
   
  For example, refer to FingerTec's and TimeTec’s Privacy Policies:
https://www.fingertec.com/privacypolicy/index.php
https://www.timeteccloud.com/privacypolicy
3. Security

3.1   A data user shall, when processing biometric data, take practical steps to protect biometric data from any loss, misuse, modification, unauthorized or accidental access or disclosure, alteration or destruction. This requires implementing appropriate technical and organisational security measures.
   
3.2  With regards to FingerTec hardware, to ensure data security, users' fingerprint or face templates (together with other personal data) are stored in the device in encrypted format and the data can only be viewed using FingerTec software (TCMS, Ingress and etc.) or TimeTec software. The same encrypted format is used when using USB drive to export and transfer data.
   
3.3  Nonetheless, as only a set of compact, important features is stored in the biometric templates, it is generally non-reversible to the original image for use elsewhere.
   
3.4  Simultaneously, due to the processing of biometric data in software (Windows based or Cloud based), data users are also responsible to implement (or ensure the data processor implements) sufficient privacy protective measures for the servers containing the data.
   
Examples of worthy security measures are:
 
     The IT system which is used to store and process the biometric data should be carefully and regularly evaluated to ensure that sufficiently effective security and privacy protective measures are in place;
     Encrypting the biometric data while it is being stored or transmitted; refer to 3.2
     Data access is restricted to authorised persons on a need-to-know basis and is protected by strong passwords (e.g. combination of letters, numbers and/ or symbols) while all such accesses are recorded/logged; and
     Written policy and clear guidance should be devised to ensure the proper use of the biometric data collected, and to prevent unnecessary linkage between the biometric database with other IT systems or databases that may result in the transfer or change of use of the biometric data inadvertently.
   
3.5  For those that are using the FingerTec biometric devices with TimeTec cloud based system, more details of the security practices can be found here:
https://www.timeteccloud.com/security
4. Data Storage and Retention

4.1  The biometric data processed for any purpose shall not be kept longer than is necessary for the fulfilment of that purpose (e.g. only during the duration of active employment).
   
4.2  It shall be the duty of a data user to take all reasonable steps to ensure that all biometric data is destroyed or permanently deleted if it is no longer required (e.g. take steps to delete data from FingerTec device, software, cloud and any other database backups).
   
4.3  In FingerTec devices, after the individual's biometric templates are deleted according to standard use instructions, the templates are permanently deleted and will not be stored in any format.
5. Accuracy

5.1  A data user shall take reasonable steps to ensure that the biometric data is accurate, complete and not misleading.
   
5.2  To ensure the accuracy of the biometric recognition system, data users must ascertain and be satisfied that the false acceptance rate and false rejection rate of the biometric recognition system are within reasonable limits, having regard to the size of the population monitored by the system. Data users should also give the individual a reasonable opportunity to explain the irregularity before deciding whether to take any adverse action against the individual.


Last updated : 20/02/2019