The Scottish Government

« Previous | Contents | Next »

Listen

Implementation of biometric systems

9. Pupil and parent consent

9.1 There is nothing explicit in the Act to require education authorities to seek the consent of all parents before implementing a biometric technology system. The Act provides that personal data must be processed fairly and lawfully and, in particular, shall not be processed unless one of the conditions of processing detailed in Schedule 2 of the Act is met. Consent is one of these, but it is not required if any of the other conditions apply (see Appendix 1).

9.2 The Information Commissioner indicates, in the statement referred to earlier, that for the purposes of the Act, the pupils themselves are "data subjects". That is, it is they who should in the first instance be informed and consulted about the use of their personal data. However, the Commissioner goes on to say:

"Deciding when children are mature enough to decide how their personal information should be used is difficult. On the one hand, as children mature they are entitled to an increasing measure of autonomy. On the other hand, while children might understand a simple explanation of why their fingerprints are being taken, they may well not appreciate the potential wider implications."

As noted previously there is nothing explicit in the Act to require education authorities to seek consent from all parents before implementing a biometric system. However, the Information Commissioner states that:

"…unless schools can be certain that all children fully understand the implications of, for example, giving their fingerprints, then they must fully involve parents in order to ensure that the information is obtained fairly. Parents play a central role in their children's education, in terms of support and guidance, and also in terms of legal liability, for example, in case of truancy. They, therefore, rightly expect to be informed and consulted when biometric systems are introduced in their child's school. Suspicions are only likely to be increased when new and possibly controversial technology is introduced without a comprehensive effort to address people's fears and concerns."

9.3 In addition, the Standards in Scotland's Schools etc. Act 2000 requires an education authority to have due regard to the views of the children or young persons in decisions that significantly affect them, taking account of the child or young person's age and maturity. The Act also requires that education authorities, in their annual statement of improvement objectives, include an account of the ways the authority will seek to involve parents in promoting the education of their children. The Scottish Schools (Parental Involvement) Act 2006 describes the duty of an education authority to promote the involvement of parents in the education provided by the school.

9.4 Before deciding to install a biometric system, the Scottish Government would expect that a properly documented privacy impact assessment is carried out (see paragraph 8.4). The Scottish Government would also expect that any education authority considering introducing biometric technology into one or more schools will inform and consult both pupils and parents. It is important for education authorities to be clear and open with all parents and pupils when introducing the technology. This will involve providing clear and unambiguous information for children and parents to ensure that they are fully aware of what is proposed and why, what information will be kept and how and for how long and how it will be secured. Information should also be given about how to opt out and consent issues. That information could also set out the rights to privacy that children have under Article 8 of the European Convention on Human Rights and Article 16 of the United Nations Convention on the Rights of the Child.

9.5 Education authorities should also be able to reassure parents and pupils that they will not pass the data on to any third parties without the consent of the data subject, (except where one of the other conditions specified in schedule 2 of the Act (see Appendix 1) can be met) and explain how the personal data used will be kept safe. They should also have clear retention policies that allow them, for example, to reassure parents and pupils that all biometric data will be destroyed when the pupil leaves the school.

9.6 Education authorities should respect the wishes of those pupils and parents who object to initiatives involving biometric technologies. Other systems such as smart cards, where a card can work just as well as a fingerprint, are relevant here so that those who wish to "opt out" can be given another means of accessing the same services. Parents and pupils should be made aware of the option to opt out, and also what alternatives will be provided. Education authorities should reassure parents that, for example, the Young Scot card is not capable of holding biometric data and that these data will not be held on educational authority pupil records.

10. Security

10.1 Education authorities should recognise that security of personal data is of paramount importance and, for obvious reasons, a particular concern of parents. Under the Act, education authorities have a duty to ensure that all the personal data they hold are kept secure from unauthorised processing and accidental loss, destruction or damage. This would reflect the seventh principle in Schedule 1, Part 1 of the Act:

"Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data."

10.2 BECTA, which has a UK wide remit, has published functional and technical specifications for school infrastructure, available on its website http://industry.becta.org.uk . The technical specification includes the detail of the ICT security measures schools should have in place, covering ICT security policies and procedures, physical security, data security, network security and internet and remote access security. Each area addresses the controls that need to be implemented in order to maintain an appropriate level of ICT security.

10.3 Education authorities implementing a biometric system should review existing levels of security and documentation in respect to this and ensure these are adequate for the introduction of any biometric system.

11. Accuracy

11.1 Schedule 1, Part 1(4) of the Act states that "Personal data shall be accurate and, where necessary, kept up to date". Therefore authorities must be confident that any biometric system will accurately identify the persons whose data are being processed by the system and that if changes in physical or psychological characteristics result in a template becoming outdated, a procedure will be in place to ensure that the template and hence the data, is kept up to date.

12. Access and use of data

12.1 There should be clear procedures and rules restricting access to any data or logs to authorised persons only who require such access in order to implement the system. Such procedures should specify why, when and how such access will be permitted. Data should not be passed on to any third parties, excepting where allowed for in the Act (see paragraph 9.5 and Appendix 1).

12.2 Biometrics applications should be self-contained systems, whose templates cannot readily be used by computers running other fingerprint recognition applications.

12.3 Pupils' biometric data should not be used for any purpose not directly related to that for which it was collected. This would reflect the second principle in Schedule 1, Part 1 of the Act:

"Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes."

12.4 It should be noted that section 10 of the Act, provides that a data subject can write to give notice to a data controller to cease processing personal data (except where one of the other conditions specified in paragraphs 1 to 4 of Schedule 2 of the Act (see Appendix 1) can be met), if the processing is causing or is likely to cause substantial damage or distress to the data subject or another person and that damage or distress would be unwarranted.

13. Retention

13.1 It would be necessary to devise a retention policy in advance of the deployment of the system which clearly sets out the retention period which would apply for keeping biometric data.

13.2 Personal data should not be kept for longer than it is needed for its specific purpose. It is envisaged that as soon as a pupil permanently leaves the school, his/her biometric data would be immediately deleted. This would reflect the fifth principle in Schedule 1, Part 1 of the Act:

"Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes."

14. Data protection policy

14.1 The education authority should update its existing data protection policy to take account of the introduction of a biometric system for pupils.

15. Taking account of the needs of pupils with disabilities

15.1 Education authorities also need to consider how they will ensure that pupils, who are unable to provide biometric data, because of a disability for example, are not discriminated against by being required to operate a different system.

16. Critical risk management

16.1 The education authority should ensure that adequate back up systems and plans are in place to cover any breakdown of the system.

17. Responses to consultation

17.1 Comments are invited on the draft guidance by 4 December. Responses should be sent together with a completed Respondent Information Form to:

Russell.Cockburn@scotland.gsi.gov.uk
Or by post to:
Consultation on Biometric Technologies in Schools -
Draft Guidance for Education Authorities ( CRES - CON 1065)

17.2 If you have any questions about this consultation document please contact Russell Cockburn on 0131 244 4482.

« Previous | Contents | Next »