FB pixel

Biometric data protection policy guidance in Quebec, update in Vermont and warning in Lithuania

Biometric data protection policy guidance in Quebec, update in Vermont and warning in Lithuania
 

A new guide to implementing biometrics in compliance with Quebec’s data protection laws has been published by the Commission on Access to Information, which is responsible for implementing the Canadian province’s data protection policies.

The ‘Biometrics: Principles to be Respected and Legal Obligations of Organizations’ guide and an updated declaration form to submit for approval of any new biometric database. The form must be completed, filed with and approved by the Commission before a new biometric system is implemented.

The 23-page Guide is intended to make public sector organizations and businesses aware of their responsibilities for protecting biometric data, and to support the compliant establishment of biometric systems, the Commission says.

The document defines biometrics, including behavioral biometrics, reviews applicable legislation, and reviews the obligations of implementing parties before and during biometrics use, including providing access to and opportunity for correction of records.

Vermont extends data protection law to biometrics

Amendments to Vermont’s Security Breach Notice Act defining biometric data as personally identifiable information (PII) has come into effect, Blank Rome Attorney David Oberly writes for cybersecurity publication The Daily Swig.

Data breaches covered under the act require businesses to notify the state’s Attorney General and publicly post a breach notice to the AG’s website. In addition to biometrics, the new definition of PII also includes genetic information and a wider range of government credentials and health data.

Vermont joins Arkansas, California, the District of Columbia, New York, and Washington in amending breach notification laws to include biometric data, according to The Swig, while CCPA and Now York’s Shield Act also define biometrics as personal data.

Sports teams in Lithuania warned

Lithuania’s State Data Protection Inspectorate (VDAI) has cautioned sports clubs that their use of biometrics for access control without performing a data protection impact assessment violates the EU’s General Data Protection Rule (GDPR).

Three different teams were discovered by inspectors to be using fingerprint biometrics to provide physical access control for employees and customers. Employees, however, cannot freely consent to the use of their biometrics, according to the VDAI, due to an imbalance of power with their employer.

The VDAI has instructed them to suspend the policy for customers until an assessment is completed and compliance with all GDPR requirements is ensured, and to stop taking employee biometrics altogether. The organizations are also instructed to make sure all necessary technical and policy security measures are in place.

Data security measures for the processing of biometric data must include clear and detailed definitions of the organization’s policies, employee responsibilities and roles, and information security management measures. Hardware, software and network equipment must be inventoried, basic procedures for data breaches established, and the organizations must ensure that employees are able to handle the data confidentially.

The clubs can use the biometric data of customers who clearly and feely consent, after completing the reviews ordered by the VDAI.

Related Posts

Article Topics

 |   |   |   |   |   |   |   |   |   | 

Latest Biometrics News

 

10 million passkeys registered for Mercari market app amid phishing crisis

Mercari, the Japanese e-commerce company behind the Mercari marketplace, has surpassed 10 million registered users of passkeys for authentication. A…

 

Project NOLA’s facial recognition push raises legal and civil rights questions

This week, the New Orleans City Council’s Criminal Justice Committee is expected to convene a hearing to address concerns about…

 

PNG launches birth registration legislation in landmark for national ID project

Papua New Guinea is taking a concrete step in making sure every citizen is officially recognized and able to access…

 

Yoti improves liveness detection pass rates

Digital identity and age estimation company Yoti has released new figures on its liveness detection technology, showing success rate improvements…

 

Inclusive digital ID poised for leap forward with QR codes, similar credentials

QR codes have been around for decades, but they and other similar technologies have only recently emerged as digital identity…

 

Age assurance debate simmers across EU with calls for stronger measures

Age checks remain in the headlines with new proposals from EU digital ministers to go further with legislation limiting social…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Biometric Market Analysis

Most Viewed This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events