Biometrics Privacy Charter - Biometrics Institute

spotlessstareΑσφάλεια

29 Νοε 2013 (πριν από 3 χρόνια και 18 μέρες)

72 εμφανίσεις


Biometrics Institute


Biometrics
Privacy
Guidelines

201
2
-
201
3


1


BIOMETRICS
INSTITUTE
-

PRIVACY
GUIDELINES


REVISED DRAFT
:


JANUARY 2013



SUBJECT TO FINAL APP
ROVAL BY THE
BOARD OF DIRECTORS


1.

PURPOSE OF THE BIOME
TRICS
PRIVACY
GUIDELINES

Th
e

Biometrics Privacy
Guidelines

ha
ve

been designed by the Biometrics Institute to provide a

universal
guide for suppliers
, end users, managers and purchasers of biometric syste
ms. It is the

public’s
assurance

that the biometric managers have followed best practice
privacy
principles when designing,
implementing and managing biometric based projects.

The
Guidelines

are

intended to be a guide across many different countries and jurisdictions.
They take

into account the legislative and administrative frameworks of different countries but recogni
s
e

that
biometrics and information technologies do connect beyond national boundaries and across different
fields as diverse as health

records,

border co
ntrol
s,
consumer based applications in the
telecommunications industry
, banking and drivers licenses
.

The Biometrics
Privacy
Guidelines

are

based

on the principle that citizens, when

providing their
biometric
,

have a right to expect that those who design,
implement and manage that biometric
understand its unique value and are
committed to
Guidelines

that ensure best
privacy
practice
in
biometric design, policy and management.

2.

DEFINITION OF BIOMET
RICS

Th
e
s
e

Guidelines

are

jurisdictional and technology neutr
al and accept
the following

definition of
biometrics

of the International Standards Organisation
;

automated recognition of individuals based on
their biological and behavioural characteristics.
1
.

3.

ABOUT THE BIOMETRICS

INSTITUTE

The Biometrics Institute was established in Australia in 2001 and is now
operating at an international
level

with an office in London and Sydney
. Its members cover a wide range of vendors, users such as
banks, airlines, governments and law enforcement auth
orities

as well as research organisations
. The
Biometrics
Institute’s constitution requires that vendors are represented on the Board but
independence is assured by the majority control being vested in users. This guarantees independence
from commercial co
ntrol but assists vendors to act as good corporate citizens.




1

ISO/IEC 2382
-
37:
Information technology


Vocabulary

Part 37: Biometrics
, December 2012


Biometrics Institute


Biometrics
Privacy
Guidelines

201
2
-
201
3


2


In September 2006, the Biometrics Institute Privacy Code


a first of its kind in the world


was
registered with the Australian Privacy Commission and became part of Australian Privacy Legislati
on.
The Code was developed by the Biometrics Institute with co
-
funding from the Australian government
and in close consultation with the industry. It includes privacy standards that are at least equivalent to
the Australian National Privacy Principles in t
he Australian Privacy Act and also incorporates higher
standards of privacy protection in relation to certain acts and practices in relation to employee records
that otherwise would be exempt, the protection of biometric information and the restriction of
some
secondary uses without express free and informed consent. Furthermore, it introduces an obligation of
accountability through an extra notice obligation, requires an audit of biometric systems to be
undertaken, introduces the concept of holistic privac
y management in relation to a biometric product or
service, and mandates the use of privacy impact assessments.

The Biometrics Institute then launched a Privacy Awareness Checklist (PAC) in 2010 to assist members in
a quick an easy way to assess privacy i
mpacts when using biometrics. It provides a snapshot in time of
where the organisation sits in regards to privacy.

The Biometrics Privacy
Guidelines

are

an advance on the Code and the Privacy Awareness Checklist and
are

also international, comprehensible,
useful and realistic.

4.

THE KEY PRINC
I
PLES OF THE
GUIDELINES




Principle One:

Respect for Client Privacy

The first principle of the
se

Guidelines

is respect for client privacy; all other principles are guided by
respect for the fact that the end users, in providing a unique physical attribute of themselves to another
party, are entitled to expect that the recipients understand their responsibilitie
s as guardians and act in
accordance with that understanding.

Principle Two:

Proportionality

When considering the business case for the use of biometrics,
consider

if such a technology choice could
constitute
a
privacy

risk
and if that risk is
proportional to the business benefits
.


Principle Three:

Informed Consent

A person’s right to give informed consent
should

be respected where possible. This includes the right to
know;

a)

why the biometric is collected,

b)

who is collecting,


Biometrics Institute


Biometrics
Privacy
Guidelines

201
2
-
201
3


3


c)

who else will have

access,

d)

how it will be stored , transmitted and accessed,

e)

the time limits on its use and storage

f)

access rules for other authorities such as law enforcement agencies

g)

rules that protect minors where parents are not readily available to make the decision

Principle Four:

Truth and Accuracy in Business Operations

Vendors and managers
should

provide accurate and honest information about the biometric system,
especially its efficacy and its effects on privacy protection.

Principle Five:

Protection of
Biometric Data Collected

The
data controller or equivalent person(s)
should

be accountable for protecting biometric data
collected. This
should

include Privacy Audits, clear privacy policy procedures and policies and technical
controls.

Principle Six:

Complaints and Enquiries

Managers of biometric systems
should

have in place complaints and enquiry systems which include
transparent avenues for redress and a sympathetic approach which accepts the possibility of procedural
or technical faults in the
biometrics system.

Principle Seven:


Purpose

The managers
should
, wherever possible, clearly identify the purpose of the collection or use of
biometric data and
should

not use that data for purposes other than that stated purpose.

Principle Eight:


Anti
-
discrimination

Managers
should

ensure that no person will be denied service or access due to their inability to provide
a biometric or use a biometric system. An alternative should be offered where possible and system
design should include
alternative processes for those unable to access that system.

This
should

include identifying any options for exempting persons who cannot use the system for
reasons of disability, conscientious objection or cultural or religious beliefs.





Biometrics Institute


Biometrics
Privacy
Guidelines

201
2
-
201
3


4


Principle Nin
e:

Accountability

Where contractors and other providers are used by managers to design, build or operate biometric
systems, the principal
should

ensure that privacy protections and accountability are designed into the
systems and that contractual
obligations to protect privacy are in place and are monitored regularly.

Principle Ten:

Sharing of
B
iometric
D
ata

All clients/end users
should

be informed of circumstances where data may be shared with other parties
whether for law enforcement purposes
or fraud investigations or other purposes relating to law and
order. This may be done through a general warning but the client/end user should be made aware of
that possibility.

Principle Eleven:

Provision of Advance Warnings of Surveillance

Where
biometrics are used for surveillance purposes such as in CCTV monitoring, there should be
forward warnings that s
uch surveillance may take place
, except for clearly stated law enforcement or
border control purposes.

Principle Twelve:

Transmission of Bio
metric Data Beyond National Boundaries

This should only be done wherever the data protection regime in that other jurisdiction is greater than
or equal to that which prevails in the client/end user’s own country and should involve prior warning
⡥v敮e楦ig
敮敲楣⤠瑨慴W獵捨c愠瑲慮獦敲s捡c 瑡W攠p污捥⸠坨敲Pv敲epo獳楢汥Ⱐsy獴sm猠獨潵汤 b攠T敳楧n敤eso
瑨慴W瑨Wy 慲攠no琠r敬楡e琠upon 瑨攠n敥T Wo 瑲慮獦敲 獵捨 T慴愠b整w敥n 捯un瑲楥猬W數c数琠fo爠捬敡牬y
獴慴敤e眠敮eo牣敭敮琠o爠bo牤敲econ瑲o氠灵牰os敳e

Principle Thirteen:

Employee Biometric Data Must be Protected

Wherever employees are required to provide biometric data to their employers, that data
should

be
protected in accordance with the provisions of Principles Five and Nine. Where an employee’s biometric
T慴愠 楳i 捯汬e捴cT 慳a p慲琠 o映 獵sv敩汬慮捥Ⱐ 瑨攠 po獳楢楬楴i o映 瑨W琠 獵sv敩汬慮捥c shou汤 b攠 m慤攠 歮own
b敦e牥桡nT Wo 瑨攠敭ploy敥⸠啰on 捥c獡瑩on of emp
loyment, the former employee’s biometric data
獨潵汤 b攠T敳eroy敤e睩瑨wn 愠牥慳rn慢汥lp敲eoT 慦ae爠瑨慴W捥c獡瑩Wn un汥獳l瑨W牥r慲攠橵獴楦楡s汥lr敡eon猠
no琠Wo⁤o⁳o⸠




Biometrics Institute


Biometrics
Privacy
Guidelines

201
2
-
201
3


5


Principle Fourteen:

Create and Maintain a Culture of Privacy

Within an
organisation

using biometrics, staff and management
should

commit to protection of privacy,
demonstrate a respect for client/end user privacy and implement plans to control the use of biometric
data and other personal data in a systemic manner.

Principle Fifteen:

L
imit the Extent of Personal Data Being Passed Around Systems

Wherever possible biometric system design should be based on the principle of minimi
s
ing transmission
of personal data around that system. A yes/no or green light/red light should be the first p
rinciple of
transactions within the system.

Principle Sixteen:

Maintain Privacy Logs

In order to ensure privacy accountability within a system, it is essential to maintain privacy logs which
should encompass technical controls, records of privacy breaches or incidents and a regular review of
those logs to ensure that the privacy environmen
t does not deteriorate.

Principle Seventee
n
:

Individual Participation

/ Subject Access

This principle is based on OECD Privacy Principle 7. It concerns the right of a data subject to have access
to their own data and to correct it if it is in error. In the case of biometric data this would be the right to
ensure that a biometric sample has b
een associated with the correct data subject.

An individual should have the right:

a)

to obtain from a data controller, or otherwise, confirmation of whether or not the data controller
has data relating to him;

b)

to have communicated to him, data

relating to h
im

i.

within a reasonable time;

ii.


at a charge, if any, that is not excessive;

iii.

in a reasonable manner; and

iv.

in a form that is readily intelligible to him;

c)

to be given reasons if a request made under subparagraphs (a) and (b) is denied, and to be able to
chall
enge such denial; and

d)

to challenge data relating to him and, if the challenge is successful to have the data erased, rectified,
completed or amended.





Biometrics Institute


Biometrics
Privacy
Guidelines

201
2
-
201
3


6


5.
HOW TO IMPLEMENT AND

MANAGE THE PRINCIPLE
S OF TH
E
S
E

PRIVACY
GUIDELINES




a)

Examine the business case for using a biometric. Determine whether or not biometrics are really
required or are there other technologies or procedural alternatives. Look at the business and
stakeholder needs and perceptions.

b)

Join an independent biometrics
group such as the Biometrics Institute in order to help build your
organisation
’s biometrics and privacy awareness and keep in touch with best practice and
technology advances.

c)

Select the biometric to match the business case; examine the costs and efficacy

and look for privacy
enhancing designs and technology
.

d)

Identify on record for later reference, relevant government privacy acts, directives, regulations or
other privacy codes with which your
organisation

should or must comply.

e)

Conduct a Privacy Impact A
ssessment (PIA) to determine the privacy issues, level of risk and
solutions, legislative or policy constra
ints.


f)

Ensure sign off and commitment for the pr
oject from senior officers; determine accountability and
responsibilities.

g)

Build a communications str
ategy to ensure that there is stakeholder commitment and
understanding and that media, parliamentary and public perceptions are recognized and dealt with;
the strategy should also include a privacy awareness
campaign for the company or agency using the
sys
tem.


h)

If using contractors, ensure that they are governed by contractual and procedural controls about
privacy; you cannot entirely outsource risk, especially if you are a public agency accountable to
legislatures.

i)

Test the system design and pilot
off
-
site before migrating it to the production environment.

j)

Recheck the design and implementation plans against your original compliance record suggested in
section 5 (d) of th
ese

Guidelines
.

k)

Monitor
the achievement of those
milestones that have been set d
uring the selection of the design
and implementation team.

l)

Ensure that privacy logs are kept up to date and are available for privacy auditors and those
conducting Privacy Impact Assessments.


Biometrics Institute


Biometrics
Privacy
Guidelines

201
2
-
201
3


7


m)

Put in place annual or regular Privacy Audits that examine and r
eport on privacy compliance and
can detect any degradation of the privacy environment
. Th
e auditing personnel

should report to a
high level officer in the company or agency.


n)

Design in the policies and procedures for any possible decommissioning given that

even a
decommissioned or failed data collection project may contain live and/or sensitive personal data.

6.


DEFINITIONS


In this section the Biometrics Institute has

provided definitions that, as far as possible, have similar
meanings around the world. S
ome jurisdictions may find some of the definitions unfamiliar but the
benefits of attempting some uniformity are obvious.


CCTV

Closed Circuit Television

Client

A

person or entity buying or commissioning a biometric system or service;
sometimes used to describe an individual end user

Contracto
r

A
n entity or person who is engaged to conduct services or work on behalf of a
major client.

Customer


A

person or entity buying and using a biometric system

End User


A

person providing and using their own biometrics; sometimes called a client
when referring to an individual

Managers

Those who manage the planning, implementation and ongoing decisions
about
a biometric system.

Minor

A person under the legislated age of being able to exercise independent adult
responsibility

Decommission

T
o take out, in this scenario, a biometric system

Privacy Audit

A
n analysis by an independent third party of a
project or entity’s privacy
敮e楲潮m敮琬Wcov敲楮g⁳畣h⁩獳略猠慳⁴散桮楣慬⁡湤⁰ o捥摵牡r⁰物v慣y
p牯瑥c瑩WnH⁰物v慣y⁡睡牥w敳猠p牯g牡m猬⁴h牥r瑳W慮T⁲楳歳Ⱐ楮捩T敮e⁲ po牴楮g.

Privacy Impact
Assessment

A

pre
-
implementation assessment of the impact on privacy of a planned
change in business activity


Biometrics Institute


Biometrics
Privacy
Guidelines

201
2
-
201
3


8


Privacy Logs

Auditable logs of those who have had access to personal biometric data bases
and the reasons for that access; also should contain records of pri
vacy breaches
or incidents and the action taken to investigate and report. They should include
any conclusions reached plus any systemic improvements that arise from those
investigations.

Production
Environment

L
ive use of an IT based system as opposed to

a test or pilot site

Biometrics Data
Subject


Individual whose individualis
ed biometric data is within the biometric system
2
.

Data subject means an individual who i
s the subject of personal data
3
.
.

Vendor

or Supplier

A

seller of services or product


7.

FURTHER READING:


ISO/IEC 24745:2011, Information technology


Security techniques


Biometric information protection.

ISO 27002, Payment Card Industry (PCI) Data Security Standards (DSS) and the Federal Financial
Institutions Examination Council (FFIEC
)’s IT Examination Handbook.

ISO 29100: 2011, Information technology
-

Security techniques
-

Privacy Framework

ISO/IEC 2382
-
37: Information technology


Vocabulary

Part 37: Biometrics, December 2012

British Standards Institution PAS92:2011


Code of Pract
ice for the Implementation of a Biometric
System.

The Biometrics Institute can provide further information as documented Standards or Legislation or
Directives changes.


8
.


CONTACT


The Biometrics Institute at
:

Australasia: +61 2 9431 8688

Europe: +44 20
7581 4827

Web:

www.biometricsinstitute.org


Email:
manager@biometricsinstitute.org







2

ISO/IEC 2382
-
37: Information technology


Vocabulary

Part 37: Biometrics, December 2012

3

DP terminology
see:
http://www.ico.gov.uk/for_organisations/data_protection/the_guide.aspx