Our website uses cookies so we can analyse our site usage and give you the best experience. Click "Accept" if you’re happy with this, or click "More" for information about cookies on our site, how to opt out, and how to disable cookies altogether.

More Accept ×

We respect your Do Not Track preference.

Close ×

opc header logo

Resources and learning

Print | Email this page

Rule 11 examples

A person holds a bank card in one hand and uses a laptop with the other. A cell phone and notebook are in the background. These scenarios are examples of how an agency might apply rule 11 in context.

Collection of voice sample and behavioural biometric information by bank

Exception covered: maintenance of the law

A bank collects a range of biometric information for fraud detection and prevention purposes. It collects a voice sample when customers call the bank call centre. It also collects a range of behavioural biometric information based on how customers interact with the bank’s digital services such as internet banking and mobile app.

There is suspected fraudulent behaviour on several customer accounts, and based on the biometric information collected, the bank suspects the fraudulent behaviour on multiple accounts is originating from the same person.

The bank discloses the biometric information it has collected related to the suspected fraudulent activity to the Police to assist the Police in investigating the fraud. The Police would collect and hold the information for this specific purpose and any related investigation of offending. This would be permitted under the “avoid prejudice to the maintenance of the law” exception.

A man with a prosthetic leg carries a gym bag as he walks into a gym. Facial recognition to allow entry to gym 

Exception covered: individual authorises disclosure

A gym offers an optional FRT system as an alternative to a physical swipe card for member access. The gym has reciprocal agreements with partner gyms in other cities where each gym, allowing members to access these facilities when travelling. Each gym has its own FRT system and each gym is separately owned and operated.

When an individual chooses to enrol in the FRT system, they are given the option to have their biometric information shared with the other gym(s) that that member may want to use. Provided the gym gives the individual all relevant information (see our rule 3 guidance for more information on informing individuals), this disclosure to other gyms would be permitted under the “individual authorises the disclosure” exception.

Back to top