Biometric information and technologies
Biometric information is a record of unique human characteristics, such as facial dimensions, iris scans, finger and palm prints, voice recordings, and even health data such as heart rate and fitness metrics. This kind of information is increasingly being used by organisations to confirm identity.
Some new technologies capture biometric information as part of their standard functionality, for example, check-in kiosks using palm prints or attendance devices that use facial recognition. Other examples include sport and health monitoring devices, or oral/language learning tools which capture voice recordings.
Use of biometric information
Biometric information is unique to an individual and always retains that connection to the person, so the use of this sort of information, particularly that of children, needs to be carefully considered.
Schools must consult with the Department’s Privacy team and their school community when considering using technologies that use biometric information. This will help schools to determine if the intended benefit of using the biometric technology outweighs the risks and ensure that any proposed use is in line with relevant policies.
Privacy obligations do not prohibit the use of biometric technologies in schools, however schools considering use must:
- contact the Privacy team for support in assessing the benefits of the biometric technology in real terms, in comparison to current practices and weigh them against potential risks. For example, if considering the use of facial recognition to capture attendance data, is there enough additional benefit to this new method to risk exposure and misuse of students’ biometric information?
- conduct a privacy impact assessment with support from the Department’s Privacy team – the Privacy team may suggest that a security assessment is also done, in consultation with the InfoSafe team
- work with the Privacy team to check the contract and terms and conditions, and assess how they comply with the following Department policies:
- undertake a comprehensive consultation process with parents, students, and other members of the school community, for example, a parent information evening.
The above 4 steps must be completed before progressing with adopting any biometric technology.
Photographs and audio-visual recordings
Extra care must be taken when using and storing images and voice recordings of students. If this information becomes compromised, there can be long term consequences due to the inability to change biometric information.
Before capturing and using images and recordings of students, consider the following:
- Is the image or recording really needed for what you are doing? For example, could an avatar be used instead of a photograph?
- Does the image and recording need to be widely accessible? If not, restrict to only those that need to have access for a clearly defined purpose.
- Does the image or recording need to be in a third-party system or could it be more securely stored in an existing school or departmental system?
- If using a third-party system, ensure your contract with the vendor has the appropriate privacy protections. It is important that the school can instruct the vendor to remove data from the system at any point, if necessary.
Refer to Photographing, Filming and Recording Students and Photographing, Filming and Recording Staff and Other Adults for further guidance.
Reviewed 07 December 2021