VIC.GOV.AU | Policy and Advisory Library

School operations

Privacy and Information Sharing

On this page:

Biometric information and technologies

Biometric information is a record of unique human physiological features or behavioural attributes. Some biometric information can also fall within the definition of health information under the Health Records Act 2001.

Biometric information can include a record of a person’s:

  • ace or facial dimensions
  • iris scans
  • finger and palm prints
  • voice recordings
  • health data such as heart rate and fitness metrics.

Biometric information scanning is increasingly used by organisations to confirm identity. Some new technologies even capture biometric information as part of their standard functionality.

For example, biometric characteristics can be scanned via:

  • check-in kiosks using palm prints
  • attendance devices that use facial recognition
  • sport and health monitoring devices
  • oral/language learning tools that capture voice recordings.

Use of biometric information

As biometric information is unique to the individual, it has an ongoing identifiable connection to the person. Therefore, schools must consider carefully before biometric technology is introduced and information from children, families and staff is collected and used. Biometrics can be seen as intrusive when Victorian privacy law indicates that the least intrusive method should be preferred.

Privacy obligations do not prohibit the use of biometric technologies in schools. However, if considering using biometric information, schools must complete the following 4 steps first.

Step 1: Contact the Privacy team

Contact the Privacy team by emailing privacy@education.vic.gov.au

The Privacy team will help assess the benefits of the biometric technology prior to procurement. This will include comparing it to current practices and weighing them against potential risks.

Step 2: Check the software on Arc Software

Step 2 requires that schools check the software has been assessed on Arc SoftwareExternal Link .

If not, then schools will need to follow the process to request a security assessment and undertake a privacy impact assessment (PIA).

Step 3: Review contract terms and conditions with Privacy

If the security assessment and PIA have been completed and endorsed, the school and Privacy team need to review the contract of the biometric software to ensure it complies with departmental policies including:

Step 4: Consult the school community

At this point of the process, a comprehensive consultation process with the school community is required.

This includes consultations with:

  • parents and carers
  • students
  • other members of the school community.

This could be done via a parent information evening or similar.

Photographs and video recordings in biometric applications

Some technologies such as generative artificial intelligence can use existing images, videos and audio recording to create biometric information. This combines the risks inherent in both image/audio capture generally, and biometric data, and should be avoided.

Includes information on the use of biometric information and photographs and audio-visual recordings.

Reviewed 10 July 2025

Guidance

Was this page helpful?