ITBusiness .ca has an article entitled HR departments use biometrics to account for employee attendance that talks about a business that uses employee fingerprints to track their working hours.

The interesting part for me was how the system was designed with privacy in mind from the outset. Designing privacy into technology and processes is a common theme of Privacy Commissioners and privacy advocates.

The system mentioned in the article stored info about an employee’s fingerprint on an ID card. That card is read, along with the fingerprint, which authenticates the user. There is no central database of fingerprint data. The fingerprint data that is stored on the cards is not the actual fingerprint – just enough to allow the system to make the match. The fingerprint data on the cards is not usable to reverse engineer the fingerprint, and is not compatable with the methods used by law enforcement.

That’s the right way to do it – the best way to avoid data leaks and unintended use of data is to never have it in the first place.

Read the ITBusiness.ca article

Read an earlier article of mine on the topic