Legal Issues: Biometric Time Clocks and Data Protection in Canada

Biometric Time Clocks

Twelve malls across Canada were found to have been collecting and using facial recognition on images of 5 million consumers without their consent.

The use of biometric data for commercial purposes in Canada is governed by the Personal Information Protection and Electronic Documents Act (PIPEDA), which stipulates that (1) informed consent must be obtained, (2) personal information can only be used for the purposes for which it was collected, and (3) it must be protected by appropriate safeguards.

Midex Time and Attendance solutions provide employers time clocks and software which allow companies to be compliant with PIPEDA. First, we clearly explain how the system works which helps employers provide necessary information to their employees in order to obtain informed consent. Before this time and attendance solution can be used, each employee is enrolling themselves into the time clock, which is part of the consent. Second, the collected biometric information (facial, palm, or fingerprint recognition data) is only used for a specific purpose of time and attendance tracking. Finally, there are built-in protection mechanisms within the hardware and software to protect personal information.