Resources and learning
Rule 1 (and rule 10) allows organisations to establish a trial to assess whether their proposed use of biometrics for a particular purpose is going to be effective.
Being able to show that your collection and use of biometric information is effective, and therefore necessary to achieve your purpose is required in rule 1.
Before the trial
Do I need to run a trial? When should I run a trial?
It is not compulsory to run a trial. Running a trial may be appropriate if you can comply with all other parts of the Code but you need more evidence to determine whether your collection or use is effective.
If you have enough evidence to assess the effectiveness of your proposed processing, then the Code does not allow you to run a trial. Read our guidance on what evidence can show effectiveness for more information.
Running a trial only allows compliance with the necessity test to be deferred until the end of the trial period. You should not establish a trial unless you can comply with all parts of the Code except the necessity test – all other parts of the Code must be complied with during the trial.
Is a trial the same as testing your biometric system?
A trial is different from testing your biometric system. A trial is used to evaluate real-world effectiveness. A test is a practice procedure carried out in a controlled environment to identify specific issues or assess if the system behaves as anticipated (without taking real-world actions).
Staff training
Any staff involved in operating or using your biometric system during the trial will need to receive appropriate training and supervision before the trial, and during the trial as necessary.
During the trial
How long can I run a trial for?
A trial must not run for any longer than is necessary to give you sufficient information about the system’s effectiveness and enable you to compare the biometric systems against any lower risk alternative solutions. Before establishing the trial, you need to notify how long the trial will go for.
There is no minimum period for a trial, but the maximum time for a trial is an initial period of 6 months, with a possible extension of a further 6 months if you have not established effectiveness by the end of the initial period (overall, not longer than 1 year).
If you cannot demonstrate that your biometric processing is effective by the end of the trial period (including the extension, if relevant), then you have not met the effectiveness requirement and you must stop collecting or using biometric information.
Can I make changes to the biometric system while running a trial?
The primary purpose of the biometric processing and the core way it is used during the trial should be the same as the intended use after the trial. But you can and should make changes during your trial to make improvements to safeguards and reduce the privacy risk, improve accuracy and performance of the system, and respond to feedback from users and individuals whose information is collected.
Do I need to tell people about the trial?
You need to comply with all the rule 3 requirements. This includes telling people about the fact that you are collecting biometric information during a trial and how long your trial period is for.
Can I take actions that may impact people during a trial?
You should consider whether it is appropriate to take adverse actions against individuals during a trial. An adverse action is an action you take that could negatively impact the individual, for example, removing them from your premises, monitoring their behaviour or imposing a fine on them
In some cases (e.g. fraud detection), it may not be possible to gain the necessary evidence from your trial without taking actions that negatively impact people. But, if it will not undermine the purpose of the trial period, you should consider not taking any adverse actions against individuals during the trial period.
If you are taking actions that may affect people during the trial, you should also tell people about that, unless doing so would undermine the purpose of the trial or the actions.
Privacy harm or non-compliance with the Code during a trial
OPC can still investigate any complaint brought by an individual about a breach of one of the rules in the Code (or the principles in the Privacy Act) or otherwise use our compliance powers under the Privacy Act during a trial period. You must notify OPC of serious privacy breaches during the trial, including by any of your agents or service providers, in accordance with the Privacy Act. You are also accountable to people for any privacy harm caused to them during a trial period.
When a trial ends
Assessing effectiveness and alternatives
Use the evidence gathered from your trial to assess whether the biometric processing was effective in achieving your lawful purpose and whether you could reasonably achieve your purpose as effectively using an alternative option that poses less privacy risk.
To meet the effectiveness requirement, there needs to be a clear and direct link between the biometric processing and achieving your purpose. If you could achieve your purpose easily without the biometric processing, then the biometric processing will not be necessary. Read the effectiveness guidance for more detail.
Assessing the effectiveness of the processing during the trial will also help you determine whether there is a reasonable alternative available to the biometric processing.
If your assessment shows that the processing was not effective (or not sufficiently effective) or that there is a reasonable and effective alternative with less privacy risk, then you have not met the necessity requirement in the Code and you must stop collecting or using biometric information for your purpose.
However, if your assessment shows that the processing was effective, and that there is no reasonable and effective alternative with less privacy risk, then it may be appropriate to continue collecting or using biometric information for your purpose, provided you can continue to comply with the other requirements in the Code.
If you need time to complete the assessment about effectiveness, stop collecting or using biometric information until such time as you have determined that the processing was effective, and that there is no reasonable and effective alternative with less privacy risk.
What should I do with information collected or used during a trial?
When your trial period comes to an end, you need to consider what to do with the biometric information you collected or used. Rule 9 requires that you only keep information for as long as required for the purposes for which it may lawfully be used.
If your trial did not provide you with sufficient evidence that the processing is necessary (e.g. it was either not effective or there was a reasonable and effective alternative available), then you need to consider whether you continue to have a lawful purpose for holding the information, and, if not, you will need to securely destroy it. It could be that you have a lawful purpose for retaining some of the information – e.g. retaining some samples or the data used in your evaluation – but not other information – e.g. destroying templates if you will no longer be using them. You will also generally need to retain any information that is the subject of a privacy complaint or compliance action.
If your trial showed that the biometric processing is necessary and effective for your purpose, and you intend to continue biometric processing on an ongoing basis, then it may be appropriate to retain information that you collected during the trial and continue to use it, if you are confident that the trial information is suitable for your ongoing biometric processing.
You will need to carefully assess whether it is appropriate in your circumstances to retain information you collected or used during a trial, or whether you will securely destroy it and then collect new information after the trial. As part of your decision, you will need to consider what you told individuals when you collected their information and how your trial was set up and run. You should also consider whether you are making any changes (e.g. to system settings, safeguards or other protections for information) that could mean you should securely destroy information collected during the trial (e.g. if you have changed settings that would justify deleting biometric templates and regenerating them according to a higher quality standard.)
