According to the Office of the Privacy Commissioner for Personal Data, collection and use of biometric data is subject to the Personal Data (Privacy) Ordinance that applies in Hong Kong as well as most other data privacy legislation around the world.
The watchdog has rolled out new guidance on the collection and use of biometric data which mentions that the extent of the data security measures organisations must apply to biometric data will depend on how sensitive the data is. Factors determining the sensitivity of biometric data include whether or not the information is unique to an individual, whether the data is likely to change over time and whether the data can reveal more information about a person than for the purpose of its original collection.
In addition, the guidance point out that other factors like whether the data can be covertly collected and what the impact would be on individuals if the information was leaked will also help determine the sensitivity of biometric data.
The watchdog also unveils that organisations must only collect biometric data where it is justified. To make this determination, organisations must consider both what they intend to collect biometric data for and the method of collecting the data. Where the collection of biometric data is for a justifiable purpose, organisations must still ensure that the subjects of that data are given a ‘free and informed choice’ over whether to allow their biometric data to be collected.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now