On 9 April 2015 the Information and Communications Technologies
Appeal Tribunal ("Tribunal") handed down a decision in
Alteo Limited v Data Protection Office. The Tribunal held that the
use of fingerprints for attendance purposes not expressly consented
to by the employee was not in compliance with the provisions of the
Data Protection Act.
It was the case for the company that:
the collection and processing of
fingerprints of employees are necessary for the performance of
their contract of employment; and
the use of the fingerprint-based
electronic attendance system is required for the "proper and
effective running of the group with a view to optimise monitoring
of the attendance of the employees."
Findings of the Tribunal:
The Tribunal found that:
the company has failed to justify
that for the non-consenting employees, the collection of the
fingerprint data by the electronic attendance system was necessary
for the performance of their contract of employment; and
the company had caused the employees
to use the fingerprint-based electronic attendance system without
It is arguable as to whether the fingerprint electronic
attendance system is not disproportionate and excessive to the
objectives to be achieved, i.e., to optimise the monitoring of
employees attendance. Unlike premises where high security and
restricted access are required onsite to ensure the proper carrying
out of activities, it can hardly be said that such level of
security is required on the premises of the company. It is
submitted that the use of biometrics to record and monitor the
attendance of employees is a disproportionate means to do so
unless, having regard to the activities of the company, access to
the premises must be strictly controlled. Furthermore, the use of
such a finger print electronic attendance system may negatively
impact on the relation of trust which must exist between an
employer and its employees. It is important that the express
consent of the employee is obtained and more importantly, all
information pertaining to the fingerprint electronic attendance
system is given to the employee.
The decision of the Tribunal must not be read as suggesting that
a fingerprint electronic attendance system cannot, in all
circumstances, be implemented. Before an employer envisages the
implementation of such a system, the following points which are not
exhaustive must be addressed:
(a) the objective being sought when implementing the
(b) the existence of effective alternative means of achieving the
(c) the existence of safeguards in place to protect the privacy of
(d) the access by the employee to any personal information stored
and the retention period of such information.
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
Earlier this month, on 3 February 2017, the Government of Bermuda confirmed its resolve to appoint a Privacy Commissioner to ensure that guidance to organisations can be provided prior to the legislation being fully implemented.
In this article, we will briefly explore the increasing cybersecurity threat landscape, the various sources of threats, discuss the evolving regulatory environment and introduce some practical options that business leaders should be considering as they develop, enhance and refine their strategies to manage cybersecurity risks.
Significant developments this year, both in legislation and
business practice, demonstrate the evolving nature of
confidentiality regimes and considerations in the Cayman
Islands, writes Simon Dickson and Rhiannon Williams.
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).