Our website uses cookies so we can analyse our site usage and give you the best experience. Click "Accept" if you’re happy with this, or click "More" for information about cookies on our site, how to opt out, and how to disable cookies altogether.

More Accept ×

We respect your Do Not Track preference.

Close ×

opc header logo

Resources and learning

Print | Email this page

2. Is your biometric system necessary?

Two colleagues look at a computer screen. One is seated and the other leans over to discuss something. The second part of rule 1 is assessing the necessity of your collection.

On this page:

Biometric information may only be collected if the biometric processing is necessary to achieve your identified purpose.

For the biometric processing to be necessary, you need to be able to demonstrate that the collection of the specific biometric information is needed to fulfil your lawful purpose and that the information is relevant and not excessive or arbitrary. This requires that the collection is both: 

  • effective in achieving your purpose, and 
  • there isn’t a reasonable alternative means that could achieve your purpose as effectively with less privacy risk. 

The fact that biometric processing is available, convenient or desirable for you to use is not, on its own, enough to show that the collection of biometric information is necessary for your lawful purpose. If you can achieve your purpose easily or effectively without biometric processing, it will be hard to show that it is necessary.

How much information you are collecting is relevant to necessity. The more information you intend to collect, the more difficult it could be to demonstrate that collecting all the information is necessary for your lawful purpose.

Effective

To meet the effectiveness requirement in the Code, there needs to be a clear and logical connection between collecting the specific information and fulfilling your lawful purpose. Effectiveness requires that the collection of the biometric information has a causal link with the achievement of your purpose. If the biometric processing does not directly enable the achievement of your purpose, then it is not necessary. 

Effectiveness is about whether and to what extent the biometric processing achieves your specific purpose, not just about whether the biometric system can do what it is designed to do.

To test the effectiveness of a proposed use of biometric processing, you need a clear statement of the outcome you are seeking to achieve.  What is the extent, scope and degree of the problem or opportunity you are seeking to address? You also need a detailed factual description of the measure you are proposing to implement and its purpose. The extent to which the measure you have proposed achieves this objective is how effective is it.

Assess the degree of effectiveness

The biometric processing needs to meaningfully contribute to the achievement of your lawful purpose for it to meet the effectiveness requirement in the Code. But how much it contributes to achieving your lawful purpose (i.e. the degree of effectiveness) is relevant both to whether your purpose can be reasonably achieved as effectively by an alternative means with less privacy risk and to the benefit of your processing, which forms part of the proportionality assessment.

Effectiveness is an ongoing requirement. You need to ensure that your processing remains effective once the system is in place. That means that you should continue to assess the kinds of evidence outlined below at reasonable intervals to ensure that your biometric processing is still effective. For example, you should reassess effectiveness whenever you make any substantial and material changes to the way your system operates.

What kind of evidence can show effectiveness?

There is a range of different types of evidence you can use to help assess whether the biometric processing will be effective. What is appropriate in your circumstances will depend on the overall risk and complexity of the biometric processing – high risk or complex uses of biometric information will require a more in-depth assessment. But, in every case you still need to have an objective basis for showing how the biometric processing will be effective in achieving your lawful purpose. Read more about what makes biometric processing higher or lower risk.

Some examples of the types of evidence which can form part of your assessment of effectiveness:

  • Performance metrics (e.g. accuracy metrics) from vendor or independent third-party.
  • Information about training or evaluation data, including assessing differences between training data and likely real-world user data.
  • Assessing the appropriate sensitivity and specificity setting for the use case. 
  • Evidence about the scientific or technical validity of the overall process to address the issue/problem. 
  • Running tests or simulations on training data in your particular context.
  • Reviewing comparable uses or case studies from New Zealand or overseas (after identifying and adjusting for any material differences).  
  • Empirical evidence of effectiveness collected during a trial (see also the guidance below on trial periods). This could be evidence from your trial, or evidence from a trial by another organisation if the trial was in sufficiently comparable circumstances.
  • Operational audits.
  • Expert opinion(s) and academic or scientific research. 
  • Customer surveys to gain understanding of customer desire for improvements in experience/efficiency/convenience etc.

No reasonable and effective alternative with less privacy risk

If you can reasonably achieve your purpose as effectively through an alternative means with less privacy risk, then your biometric processing is not necessary. Read more about assessing privacy risk.

An alternative means could be non-biometric processing, or it could be a different type of biometric processing that has less privacy risk. For example, depending on your purpose, a non-biometric alternative to biometric processing could be a quality CCTV system, using security guards, offering an access card, or a manual sign in or identity verification. A different biometric alternative could be using a verification system instead of an identification system, or collecting only one form of biometric information instead of multiple. The alternative option can also be a range of measures that you could reasonably implement – for example, using a combination of CCTV and security guards as an alternative to facial recognition.

The alternative does not need to achieve the exact same outcome as the biometric processing for it to be a reasonable alternative. The test requires an overall assessment of whether an alternative (or alternatives) with less privacy risk would be able to reasonably achieve your purpose as effectively. If so, the biometric processing is not necessary. But, if there is no reasonable alternative that would be able to achieve your purpose as effectively, that can help you show that your biometric processing is necessary.

For example, in theory, a reasonable alternative to biometric-based ID verification could be manual ID verification. However, depending on your context, resources and other factors, the manual ID verification may not achieve the purpose as effectively as automated biometric-based ID verification would. For example, manual ID verification would not be as effective in a context where you need a high volume of highly accurate verifications that a client or customer can carry out remotely.

Running a trial to assess effectiveness and reasonable alternatives

The Code allows you to run a trial to assess whether your biometric processing will be effective in achieving your purpose, and whether your lawful purpose can reasonably be achieved as effectively by an alternative means with less privacy risk. If you opt to run a trial, you are able to defer compliance with the requirement to show that your processing is necessary (rule 1(b)) until the end of the trial when you will have more information about useful the biometric system is. You still need to meet all the other requirements of rule 1 and the rest of the Code.

See the guidance on running a trial for more information about when you can run a trial and what you should do before, during and after the trial.

Note: A trial is different from testing your biometric system. A trial is used to evaluate real-world effectiveness. A test is a practice procedure carried out in a controlled environment to identify specific issues or assess if the system behaves as anticipated (without taking real-world actions).

 

The next step of rule 1 is implementing appropriate privacy safeguards.

Back to top