The Information Commissioner's Office (ICO) has issued an enforcement notice to a number of Serco subsidiaries, ordering the companies to stop using facial recognition and fingerprint scanning technology to monitor employee attendance and timekeeping. Following an investigation, the ICO discovered that the technologies were used in 38 different locations and had processed the biometric data of over 2000 employees. The ICO said that Serco was unable to explain why technology was proportionate or necessary and that no alternative methods were offered to the employees.
Information Commissioner John Edwards criticized the use of biometric data, stating that it poses significant risks of harm in case of inaccuracies or security breaches and that "you can't reset someone's face or fingerprint like you can reset a password." Mr Edwards went on to criticise Serco for failing to consider the risks and for not giving employees an option to opt-out.
The enforcement notice was issued on the same day as the ICO published new guidance for organisations using biometric data.
What is this page?
You are reading a summary article on the Privacy Newsfeed, a free resource for DPOs and other professionals with privacy or data protection responsibilities helping them stay informed of industry news all in one place. The information here is a brief snippet relating to a single piece of original content or several articles about a common topic or thread. The main contributor is listed in the top left-hand corner, just beneath the article title.
The Privacy Newsfeed monitors over 300 global publications, of which more than 4,350 summary articles have been posted to the online archive dating back to the beginning of 2020. A weekly roundup is available by email every Friday.