Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Finger print clock in.

  • 17-09-2018 5:23pm
    #1
    Registered Users, Registered Users 2 Posts: 763 ✭✭✭


    Anyone know the laws regarding finger print clock in systems?
    Thanks


Comments

  • Registered Users, Registered Users 2 Posts: 26,280 ✭✭✭✭Eric Cartman


    you probably have it in your employment contract that its alright.
    Most biometric systems are really security conscious and encrypt fingerprints stored etc...

    whats your concern ?


  • Registered Users, Registered Users 2 Posts: 4,310 ✭✭✭Pkiernan




  • Closed Accounts Posts: 1,452 ✭✭✭Twenty Grand


    you probably have it in your employment contract that its alright.
    Most biometric systems are really security conscious and encrypt fingerprints stored etc...

    whats your concern ?

    Most don't store fingerprints, just a few regions of your print that it can use to identify you.


  • Registered Users, Registered Users 2 Posts: 763 ✭✭✭Breaston Plants


    you probably have it in your employment contract that its alright.
    Most biometric systems are really security conscious and encrypt fingerprints stored etc...

    whats your concern ?

    It's not in the employment contract, no concern really, just wondering about the legality of it.


  • Registered Users, Registered Users 2 Posts: 26,280 ✭✭✭✭Eric Cartman


    It's not in the employment contract, no concern really, just wondering about the legality of it.

    same as the legality of an ID card or a pin code for a door really, its access control / time clocking , it enables employers to verify your presence and is perfectly legal.


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 8,922 ✭✭✭GM228


    Finger print clock in would count as biometric data which under the Data Protection Act 2018 (the previously linked DP information is out of date) is now considered a "special category" of data and an employer can not use such for clock in without explicit permission from each employee.


  • Registered Users, Registered Users 2 Posts: 2,245 ✭✭✭check_six


    Important in the event of a fire or other emergency to determine who is on the premises too.


  • Registered Users, Registered Users 2 Posts: 26,280 ✭✭✭✭Eric Cartman


    GM228 wrote: »
    Finger print clock in would count as biometric data which under the Data Protection Act 2018 (the previously linked DP information is out of date) is now considered a "special category" of data and an employer can not use such for clock in without explicit permission from each employee.

    but its not really biometric data , as a user pointed out above its just reference points, these scanners cannot reconstruct a finger print and do not store even partially complete finger prints on them. Even the points used aren't interchangeable with other scanners and serve no use in a database.

    Explicit permission is pretty much granted by you agreeing to set up your account on the scanner, its not like they're getting your prints in your sleep.


  • Registered Users, Registered Users 2 Posts: 8,922 ✭✭✭GM228


    but its not really biometric data , as a user pointed out above its just reference points, these scanners cannot reconstruct a finger print and do not store even partially complete finger prints on them. Even the points used aren't interchangeable with other scanners and serve no use in a database.

    Explicit permission is pretty much granted by you agreeing to set up your account on the scanner, its not like they're getting your prints in your sleep.

    The scanner does not need to store the data, but it uses the data to identify you and falls within the scope of the DP Act 2018.


  • Registered Users, Registered Users 2 Posts: 7,237 ✭✭✭mcmoustache


    GM228 wrote: »
    Finger print clock in would count as biometric data which under the Data Protection Act 2018 (the previously linked DP information is out of date) is now considered a "special category" of data and an employer can not use such for clock in without explicit permission from each employee.

    That's quite interesting. I didn't think it could be considered biometric.

    I had assumed that these scanners would read a few points on the finger and store a hash generated from that information. Authentication would then just be a case of comparing hashes. And since hashes aren't reversible, there wouldn't be any biometric data stored - just a the output of a one-way function of biometric data.

    I guess the thinking behind this is that even if the finger print isn't stored in a way that can be reconstructed, the hashed data is still a function of an individual's unique finger-print and can identify them. I guess it's not really any different to facial recognition systems - they also just take a few data points and compare those.


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 8,922 ✭✭✭GM228


    That's quite interesting. I didn't think it could be considered biometric.

    I had assumed that these scanners would read a few points on the finger and store a hash generated from that information. Authentication would then just be a case of comparing hashes. And since hashes aren't reversible, there wouldn't be any biometric data stored - just a the output of a one-way function of biometric data.

    I guess the thinking behind this is that even if the finger print isn't stored in a way that can be reconstructed, the hashed data is still a function of an individual's unique finger-print and can identify them. I guess it's not really any different to facial recognition systems - they also just take a few data points and compare those.

    Finger print scanners apply specific technical processing relating to the physical characteristics of the finger to identify an individual and so satisfies the definition of biometric data for the purposes of the DP Act 2018. How the data is stored etc is irrelevant.


  • Registered Users, Registered Users 2 Posts: 8,779 ✭✭✭Carawaystick


    Ignoring the legalities, is it not a little impractical? if an employee gets a cut or scar or requires a plaster / bandage
    let alone has wear or callus on their fingers an alternative method will be required.


  • Registered Users, Registered Users 2 Posts: 26,280 ✭✭✭✭Eric Cartman


    Ignoring the legalities, is it not a little impractical? if an employee gets a cut or scar or requires a plaster / bandage
    let alone has wear or callus on their fingers an alternative method will be required.

    you usually train 4 fingers on these units so usually not an issue. cuts and things won't throw them off.


  • Registered Users, Registered Users 2 Posts: 18,834 ✭✭✭✭_Brian


    We had a mind bending gdpr season few months back.

    Person doing the training said there was a serious argument to be made that this was unnecessary personal data being recorded as clock in cam work perfectly well without fingerprint.

    I’ve worked in places with it and never had a problem, in those places the folk fighting most were lads who always asked friends to clock them out so they could pop off early.


  • Closed Accounts Posts: 636 ✭✭✭7aubzxk43m2sni


    While the answers regarding storage mean that hackers can't necessarily steal your fingerprint or anything, the point remains that the machine can uniquely identify you by your fingerprint.

    I don't see why they're necessary given the abundance of options we have with NFC, and I don't think they should be compulsory.


  • Registered Users, Registered Users 2 Posts: 26,280 ✭✭✭✭Eric Cartman


    While the answers regarding storage mean that hackers can't necessarily steal your fingerprint or anything, the point remains that the machine can uniquely identify you by your fingerprint.

    I don't see why they're necessary given the abundance of options we have with NFC, and I don't think they should be compulsory.

    Id fobs, tags etc.. can be lost or other people swipe you in with them, NFC on a phone requires a phone thats powered on which may not be allowed in that workplace.

    You want a biometric system so somebody else can't clock in and theres nothing to lose or have made up / replace. Doing it with hand scans, facial recognition or fingerprints are the best ways.


Advertisement