23 July 2012

Scanners

In December last year I noted the national Privacy Commissioner's case note regarding scanning by licensed premises of drivers licences and other identity documents. Capture of information by nightclubs, football clubs and similar venues continues to be problematical, with disagreement about principles and practice (particularly supervision of biometric scanners and questions about the security of the systems).

The Canberra Times today reports 'ACT clubs scanning your licence' -
ACT clubs are increasingly using scanning systems to make copies of guests' drivers licences upon entry, prompting privacy concerns from civil liberties groups. 
The territory's larger clubs, including the Tradies, Canberra Labor Club, Hellenic Club, and the Canberra Southern Cross Club, have all begun to use scanning systems in the past year. 
The technology, which is optional for guests, is used to scan the identification of visiting patrons instead of signing in manually. 
Clubs use the scanners to allow guests to get through the door quickly and without hassle, particularly on busier days like Anzac Day. 
The scanned data can be stored for up to seven years, according to ClubsACT chief executive Jeff House. ... Mr House said scanning the licences did not give clubs any more data than they would have collected during manual sign ins. 
He also stressed the technology was optional. 
"Clubs are member-based organisations so patrons need to prove they're a member to gain entry anyway," he said. 
"Scanning their identification is merely one of several options for patrons to choose from in how they demonstrate they're a member."
 As things stand such scanning is legal, subject to people having an alternate mechanism for demonstrating their membership or otherwise indicating their identity.

In H and Registered Club [2011] AICmrCN 2 the complainant alleged that a registered club interfered with that person's privacy by scanning the complainant's driver licence and, in doing so, recording unnecessary information.

The complaint related to
National Privacy Principle [NPP] 1.1 - an organisation must not collect an individual's personal information, unless that information is necessary for one of more if its functions or activities. 
NPP 1.3 - at or before the time (or if that is not practicable, as soon as practicable after) an organisation collects an individual's personal information, it must take reasonable steps to ensure an individual is aware of a number of factors, including the purposes for which the information is collected. 
NPP 4.1 - an organisation must take reasonable steps to protect the personal information it holds from misuse and loss and from unauthorised access, modification or disclosure.
The complainant conceded that the club was required by NSW law to collect the person's name, address and signature. However, the complainant argued that collection of the other information on the licence (including the individual's date of birth, driver's licence number, driver's licence type and photograph) was unnecessary.

The club relied on statutory obligations under the Registered Clubs Act 1976 to retain certain personal information for five years, stating it had a procedure in place to delete the information after that time. It would not agree to cease or alter its identity scanning practices, instead continuing to offer patrons the option of manually completing and signing its entry register. The club advised that a privacy statement regarding collection and handling of the personal information was displayed at its entrance. The statement was also displayed on the device where identification documents were scanned.

The complainant accepted the registered club's offer to delete the personal information from its database, on the condition that the complainant would provide a statutory declaration setting out the person's name, address, and the date the club was entered as a visitor.

The Commissioner decided that the offer of deletion coupled with the alternative option of manual sign-in adequately dealt with the collection issues in the complaint. Clubs were thus free to scan the licences or other identity documents.

The organisations operating those scanners in the ACT or elsewhere would be expected to safeguard the captured information. Past controversies have featured claims that nightclubs were networking biometric databases (eg security staff at one venue could use an identity management service to access fingerprint scans, drivers licences and other data from multiple venues in order for example to exclude 'blacklisted' people). Given weak regulation of the 'bouncer' sector some concerns about dissemination of personal information and about its long-term retention appear justified.

In 2007 the then Privacy Commissioner commented that -
our Community Attitudes study found only 18% of individuals surveyed felt it was acceptable for identification documents to be copied or scanned in order to obtain entry into licensed premises. 
What are the concerns people have expressed? Firstly, personal information collected by scanning is digitised and has the potential to be used or disclosed for other purposes, such as direct marketing or the creation of customer databases. Individuals may be concerned that scanned and electronically stored personal information can be matched to personal information held by other organisations. This can create a detailed picture of how they go about their day to day activities. 
With the rise of identity crime, there are also legitimate community concerns about possible misuse of personal information, especially with regard to identity information contained on driver's licences and other proof of identity documents. Individuals are also concerned that the stored personal information could be compromised through hacking, computer theft or other inappropriate access. Those who steal the personal information may be able to do significant damage to the individual, whether by committing financial, credit card or identity fraud. 
A business may only scan customers' identity documents if it is necessary for its functions or activities. In the first instance businesses should consider whether identification is required and, if so, whether simply sighting a ''proof of identity' document without scanning it would be sufficient. 
Businesses that do seek to use scanning technology must make sure they comply with the National Privacy Principles in the Privacy Act, which regulate the collection and handling of personal information by businesses. In general, if an organisation scans customers' identity documents, the Privacy Act requires that, among other things, the organisation: collect only necessary personal information; give customers information about why it is collecting their personal information and how it will be handled; only use or disclose the personal information for the purpose of the collection, unless an exception applies; only retain the scanned personal information for as long as necessary, consistent with the collection purpose; store the personal information securely and allow access to it by the individual if requested.