In an investigation report dated July 21, 2015, the Office of
the Privacy Commissioner for Personal Data ("PCPD")
upheld a complaint by a former employee of Queenix (Asia) Limited
("Queenix") that the collection of her fingerprint data
for the purposes of accessing Queenix's offices and monitoring
employee attendance was unnecessary and excessive and that the
manner of collection unfair.
The key findings of the PCPD were that:
Fingerprint data amounts to highly sensitive personal
data, given that it is not only capable of identifying an
individual but is also unique to that individual. As such,
collection, retention, and use of fingerprint data should be
managed with extreme caution, and it should be used only if less
intrusive means are unavailable.
The use of fingerprint data by Queenix was excessive in the
circumstances, taking into account the following questions:
Was collection of the data a necessary and effective means to
meet the purposes of safeguarding office attendance and monitoring
Was the adverse impact on data privacy proportionate to the
benefits arising from the collection of fingerprint data?
Was there any less intrusive way to achieve the same
Queenix had few employees, and there was no evidence that the
use of fingerprint recognition helped to improve security. In the
view of the PCPD, the same purpose could have been achieved by use
of a smart access card that did not contain personal data and the
implementation of other security measures, such as the use of
additional locks after hours. The employee's consent to the
collection of her fingerprint data was not genuine and fair,
because Queenix made collection compulsory for employee access and
did not provide other alternatives.
In light of the Queenix case, Hong Kong employers who use
fingerprint data for security access or similar purposes should
carefully review their policies and procedures. In particular,
employers should consider whether the use of fingerprint data is
genuinely required for the purpose for which it is collected, and
whether alternative measures can be used and offered to
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
On 1 January 2017 the Financial Services Rule Book 2016 comes into operation. With this will be the requirement on all Isle of Man licence holders to establish, implement and maintain an effective whistleblowing policy.
The Ministry of Human Resources has recently issued a string of new ministerial resolutions and decrees designed to address gaps in the employment regulatory framework and reinforce existing legislation...
In April 2016, the Hong Kong Privacy Commissioner for Personal Data issued a Revised Code of Practice on Human Resource Management and new Guidelines on Monitoring and Personal Data Privacy at Work...
Some comments from our readers… “The articles are extremely timely and highly applicable” “I often find critical information not available elsewhere” “As in-house counsel, Mondaq’s service is of great value”
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).