Why do I need to know about it?
In Pixar’s The Incredibles fashion designer Edna Mode accesses her workshop in a variety of high-tech ways – a hand scan, eye scan and voice analysis. In The Eternity Code, to gain entry to a villain’s lair child genius Artemis Fowl resorts to cutting off said villain’s thumb to trick a scanner. Far-fetched whimsy you might think. But while these might be works of fiction, the technology used is very real.
This is biometrics: the measurement and analysis of unique physical or behavioural characteristics. The most common types are retina or iris scans, fingerprint scans, voice pattern recognition, hand scans or facial geometry.
“Biometrics are ways to recognise you by personal characteristics. You might lose a key or forget a password but you cannot lose yourself. They make life easy and fast,” explains Mark Nixon, a professor in the School of Electronics and Computer Science at the University of Southampton, and president of the IEEE Biometrics Council.
What do I need to know?
Biometrics are already in wide use within mobile phones. And fingerprints have been used in forensics for decades. Usage is only going to expand though – for relatively simple things like door and car locks, but also facial recognition software to catch criminals and monitor immigration.
However, the tech has had teething problems. The London Policing Ethics Panel released a report last month on the Metropolitan Police’s use of facial recognition tech. It said: ‘Marginal benefit would not be sufficient to justify facial recognition’s adoption in the face of the unease that it engenders in some... Clearly there is no benefit to be gained from adopting an ineffective technology’.
And ineffective it was. Between 2016 and 2018 people were misidentified as criminals in 96% of potential matches flagged by the software.
But it is expected to improve. As the tech develops businesses may deploy it for facilities and fleet access, and to verify time worked by employees and their presence on and off site. Therefore organisations would do well to keep an ‘iris’ on any advancements.
“Businesses need to be aware of existing and future laws specifically governing the use of biometrics as well as privacy laws in general, which may either specifically regulate biometrics or implicate the privacy issues inherent in the collection and use of biometrics,” advises Debra Bernard, a partner at Perkins Coie and expert on biometric law.
Where can HR add value?
With privacy such a key concern HR’s main role will be ensuring any biometric technology use complies with the General Data Protection Regulation (GDPR).
“Biometric data is afforded special protection under the GDPR, which recognises the sensitivity of the data, including the heightened risks to individuals if such data were to be compromised,” a spokesman from the government’s Information Commissioner’s Office (ICO) says. “The ICO views biometric data to be particularly sensitive in nature and requires organisations to meet a higher bar to process it.”
The ICO urges employers to get in touch should they have queries about collecting and storing biometric data.
Employee concerns should not be ignored by HR either. While it’s highly unlikely a black market for severed fingers or plucked eyeballs will arise, some still have deep and passionate concerns.
“As the processing of biometric data is likely to result in a high risk to the rights and freedoms of individuals, organisations considering using biometrics must ensure a data protection impact assessment has been carried out to help identify and minimise any risks,” adds the ICO.
Informing employees of what you plan to do and getting their explicit consent is vital, adds Bernard.
“Society needs to reconcile security and privacy,” muses Nixon. “I sometimes wonder if people consider it threatening they can be recognised by a computer. Given that people can be identified from surveillance recordings and their phone usage I suspect this concern is misplaced. We are totally unique in many ways, and biometrics capitalise on that.”
Anything else?
In January plaintiffs won a case in the Illinois Supreme Court against amusement park Six Flags, which had fingerprinted a 14-year-old without consent. This was good news for the state’s Biometric Information Privacy Act, which requires affirmative consent for businesses to collect biometric markers.
Companies such as Facebook and Google are also getting into trouble in the region for using facial recognition to suggest photo tags.
This piece appeared in the July – August 2019 issue. Subscribe today to have all our latest articles delivered right to your desk
