+ Post New Thread
Results 1 to 9 of 9
How do you do....it? Thread, How to Destroy Biometric Data in Technical; We are planning on a Cashless Catering system with Biometric readers. Does anyone else use a system like this? How ...
  1. #1
    fiza's Avatar
    Join Date
    Dec 2008
    Location
    London
    Posts
    1,726
    Thank Post
    309
    Thanked 226 Times in 200 Posts
    Rep Power
    86

    How to Destroy Biometric Data

    We are planning on a Cashless Catering system with Biometric readers. Does anyone else use a system like this? How do you deal with Biometric Data after the student leaves the school? Make the account inactive, delete or destroy? If its destroy how do you do it? All the data is held in a database so how do you go about destroying 1 record?

    not sure what the regulations are but I had read somewhere that the Biometric Data should be destroyed.

    Any pointers? (other than dont introduce it in the first place!!)

  2. #2
    fiza's Avatar
    Join Date
    Dec 2008
    Location
    London
    Posts
    1,726
    Thank Post
    309
    Thanked 226 Times in 200 Posts
    Rep Power
    86
    http://www.ico.gov.uk/for_organisati...inal_view.ashx

    States that "Biometric Data must also be destroyed when it is no longer needed".

    If its one record in a database how do you "destroy it"? A deletion would not be the same thing.

  3. #3

    Join Date
    Jan 2006
    Location
    Surburbia
    Posts
    2,178
    Thank Post
    74
    Thanked 307 Times in 243 Posts
    Rep Power
    114
    Talk to the vendor about it before handing over your money and possibly choose another vendor if they can't give a convincing answer.

    Also ensure the SLT have read sections 26 - 28 of the Protections of Freedoms Act 2012 (they're not active yet and might not be until next year, but if you're implementing a new system I suggest you start off the way you will have to continue re. "consent management" and providing reasonable alternatives).

  4. #4

    glennda's Avatar
    Join Date
    Jun 2009
    Location
    Sussex
    Posts
    7,713
    Thank Post
    269
    Thanked 1,115 Times in 1,011 Posts
    Rep Power
    345
    Biostore is different, it doesn't actually store the fingerprint as a readable fingerprint. It stores it as a number/code, the fingerprint is read from the scanner converted to a number and the number is looked up on the system. Therefore when the students leave you actually only have a number/code which references there finger.

    I'm not sure about the others though.

    EDIT: Quote from Biostore site:

    Does Biostore record images of fingers?

    No. It is the policy of Biostore never to store images of fingers anywhere on their system. Only mathematical representations of certain points of interest are recorded, typically between ten and forty depending on the characteristics of the finger. This information is encrypted and is called a template. This data is extremely secure in its encrypted form but even if it were not encrypted it is impossible to recreate the original image of the finger from this data.
    Source http://www.biostore.co.uk/WSFAQ.asp
    Last edited by glennda; 11th May 2012 at 08:13 PM.

  5. #5
    fiza's Avatar
    Join Date
    Dec 2008
    Location
    London
    Posts
    1,726
    Thank Post
    309
    Thanked 226 Times in 200 Posts
    Rep Power
    86
    If Biostore is different does the Freedoms of Information Act 2012 (sections 26-28) still apply when it comes into force?
    Also I still need to know how to destroy the data (NOT delete as that apparantly is not good enough). Biostore website mentions it is secure etc but not what happens when a student leaves and the data is no longer required. According to the ICO it should be destroyed.

  6. #6

    glennda's Avatar
    Join Date
    Jun 2009
    Location
    Sussex
    Posts
    7,713
    Thank Post
    269
    Thanked 1,115 Times in 1,011 Posts
    Rep Power
    345
    You will have to check with them. Bit technically its not storing biometric Information.

    How do you define the difference between delete and destroy?

  7. #7
    fiza's Avatar
    Join Date
    Dec 2008
    Location
    London
    Posts
    1,726
    Thank Post
    309
    Thanked 226 Times in 200 Posts
    Rep Power
    86
    Quote Originally Posted by glennda View Post
    You will have to check with them. Bit technically its not storing biometric Information.

    How do you define the difference between delete and destroy?
    To me a delete means the data is recoverable with certain specialist software but a destroy would destroy it. A parent has quoted the ICO website so I need to follow that and state how the data will be destroyed.

    I will contact the supplier on Monday and Biostore

  8. #8

    Join Date
    Jan 2006
    Location
    Surburbia
    Posts
    2,178
    Thank Post
    74
    Thanked 307 Times in 243 Posts
    Rep Power
    114
    Biostore is different
    Sorry, but that's not different - templates are common to every system I've tripped over, they don't make the (legal) issues go away. For instance in that (rather dated) ICO doc:

    A subset of the unique features of the fingerprint are extracted from a scanned image and converted into a biometric “template”. This template, a binary number, is checked against the template generated each time a person places his finger on the scanner. Full fingerprint images are not stored and it is extremely unlikely that a usable fingerprint image could be generated (“reverse engineered”) from the template.

    Bit technically its not storing biometric Information.
    You're 100% wrong. "Biometric information" is very abstract, here's the shiny new legal definition:


    (2) “Biometric information” means information about a person’s physical or behavioural characteristics or features which—
    (a) is capable of being used in order to establish or verify the identity of the person, and
    (b) is obtained or recorded with the intention that it be used for the purposes of a biometric recognition system.

    (3) Biometric information may, in particular, include—
    (a) information about the skin pattern and other physical characteristics or features of a person’s fingers or palms,
    (b) information about the features of an iris or any other part of the eye, and
    (c) information about a person’s voice or handwriting.

    (4) In subsection (2) “biometric recognition system” means a system which, by means of equipment operating automatically—
    (a) obtains or records information about a person’s physical or behavioural characteristics or features, and
    (b) compares the information with stored information that has previously been so obtained or recorded, or otherwise processes the information, for the purpose of establishing or verifying the identity of the person, or otherwise determining whether the person is recognised by the system.


    It doesn't matter what happens between a fingerprint reader/iris scanner/whatever and the system deciding someone is Fred Bloggs.
    Last edited by PiqueABoo; 11th May 2012 at 09:54 PM. Reason: Dug out PFA 2012 definition

  9. Thanks to PiqueABoo from:

    GrumbleDook (11th May 2012)

  10. #9

    Join Date
    Jan 2007
    Location
    Nottinghamshire
    Posts
    530
    Thank Post
    1
    Thanked 84 Times in 58 Posts
    Rep Power
    37
    So in general it's a stupid law, why don't I have to "destroy" passwords? Or anything someone hand wrote, or any photos of someone, or their date of birth?

SHARE:
+ Post New Thread

Similar Threads

  1. Replies: 26
    Last Post: 19th October 2011, 01:59 PM
  2. Data Protector Express - how to?!?!?
    By gerardsweeney in forum How do you do....it?
    Replies: 0
    Last Post: 14th April 2011, 01:29 PM
  3. [MS Office - 2003] How to export data that you insert in a VB Form into a spreadsheet
    By EaglesNerd in forum Office Software
    Replies: 13
    Last Post: 26th March 2011, 11:08 AM
  4. how to do dhcp and isaserver
    By browolf in forum Windows
    Replies: 7
    Last Post: 28th June 2005, 09:20 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •