Our website uses cookies so we can analyse our site usage and give you the best experience. Click "Accept" if you’re happy with this, or click "More" for information about cookies on our site, how to opt out, and how to disable cookies altogether.

More Accept ×

We respect your Do Not Track preference.

Close ×

opc header logo

Resources and learning

Print | Email this page

Rule 9 examples

A person holds a bank card in one hand and uses a laptop with the other. A cell phone and notebook are in the background. These scenarios are examples of how an agency might apply rule 9 in context.

Collection of voice biometrics by bank

A bank uses a voice verification system as part of their identity verification process when customers call the bank, to detect and prevent fraud.  

The bank assesses how long to retain the voice-based biometric information it collects and decides:

  • It will retain the original voice sample used to enrol each customer and store it securely. 

  • The bank establishes a policy governing how long subsequent voice samples (e.g. probe recordings) for each customer will be kept for that is based on advice from the bank’s security experts and the bank’s legal obligations. The bank considered deleting these subsequent samples, but determined that its purpose will be better achieved by retaining the sample to allow for manual review if there is any suspected fraudulent activity on a customer’s account and to improve the template for each individual. Therefore, keeping a larger number of samples is justified in this case.

  • If a customer switches to another bank, closes their account, or passes away, the bank will dispose of the customer's voice recordings and templates within one month of account closure (unless another law requires that they be kept for longer).

A black man, shown from the shoulders up, stands at a slight angle to the camera with a blank expression. A red laser line runs from his forehead to his chin, as though his face is being scanned. Facial recognition to control access to restricted site

A company is using FRT to control access to a restricted site. 

The business decides to retain the original face images of authorised workers so that the supervisor can compare the images of authorised workers with the live camera footage of the person that triggered the alert (human review). 

Images of workers that generate positive matches (meaning they are authorised to enter site) will be deleted immediately. Images from negative matches (possibly unauthorised workers attempting to enter site) will be retained until a supervisor confirms whether access should be granted or not, after which they will be deleted.

When an authorised worker no longer requires access to the restricted area, their face image and associated face template will be deleted. This information is deleted because the business no longer has a lawful reason to retain this information and also to ensure that previously authorised workers do not continue to have access when they shouldn’t. 

All biometric information (face images and templates) will also be deleted if the restricted area no longer needs to be restricted. 

A person's finger rests on a fingerprint scanner below a number pad. The scanner has lit up green. Fingerprint scan for Multi Factor Authentication (MFA)

An organisation has highly sensitive information that a limited number of employees have access to. They use a biometric authentication factor (fingerprint) as part of their multi factor authentication (MFA) system to protect and facilitate access to the database.

The organisation disposes of the fingerprint scan once it has been processed and only retains the fingerprint template. Retaining the original fingerprint scan is not necessary for the system to run, so the employer does not have a legal purpose to retain it.

The organisation implements a disposal policy that covers staff who leave employment or change role within the organisation. For instance, the employer builds the removal of biometric information from their systems into the offboarding process. The employer runs regular audits to ensure that the automated disposal decisions are functioning as intended.

Back to top