Biometrics in the Retail Sector
Biometric technology analyses biological data such as fingerprint verification and iris, hand, face and voice recognition in order to identify a particular person. By Vin BangeIt is commonly used in the context of ID systems, including state ID cards systems and other systems that monitor the location, habits and behaviour of data subjects. The use of biometrics in relation to the proposed introduction of an Identity Card in the UK has been widely debated and is thus a familiar concept to many.
However, biometric technology is attracting interest from the retail sector, a recent example being the use of biometrics to tackle internal fraud by employees. Retailers trading under the Budgens and Costcutter brands have been reported to have recently introduced a biometric system. The pilot scheme is aimed at saving stores an estimated £10,000 each per year by avoiding payroll losses related to staff inappropriately entering time for one another. Whilst security guards and specific technologies exist to minimise customer fraud, such measures are neither targeted towards, nor effective against, crimes perpetrated by staff. Traditional methods designed to reduce employee fraud include the use of standard or binary keys, magnetic cards or buttons and codes on point of sale devices to identify the staff on duty. However, it is argued that these strategies fail to eliminate the risk of keys and cards being replicated or swapped amongst members of staff, or to prevent such practices as 'buddy punching' (where staff clock in for their absent friends) - unlike biometric technology which exploits fingerprints and other biological information that is unique to each person. The technology may also be used to protect access to restricted areas, in addition to identifying which cashiers and other staff are working when and where - information that is particularly useful in larger stores where the turnover of staff is particularly high.
Customer-facing biometric solutions may also have an important role to play in the future of retail, with huge potential advantages to consumers. Not only could the cost savings from fraud reduction initiatives associated with cheques, credit and debit cards be passed onto consumers, but biometric technology could even become a competitive differentiator for retailers if used to make the shopping experience more convenient. For example, biometrics may replace cards and pin numbers at the point of sale, and could also play a role in stores' loyalty schemes by scanning a consumer's fingerprint and matching it with other pieces of data on record, such as a name and spending habits.
Despite the obvious advantages to using biometrics, retailers face a number of challenges before they can implement the technology - not least the initial investment that is required in order to integrate IT systems to make them capable of supporting the technology. Retailers should also be aware of the privacy issues aired by consumer groups, whose concerns traditionally have centred around such questions as how information that is collected will be used, and where it will be stored. However, it seems that the success of the technology is likely to depend on how it is ultimately presented to consumers; although the majority of consumers are already members of loyalty schemes, research suggests that many are not aware that biometrics do little more than the current systems that match a magnetic strip with customer names and other similar data.
Retailers must also be alive to the fact that any such scheme that collects information relating to or identifying an individual will inevitably be stored on a database and therefore caught by the Data Protection Act 1998 (“DPA”). As such, retailers will have to comply with the requirements of the DPA, which governs how information must be treated, how long it can be retained for and requires appropriate security measures to be in place to safeguard it. In addition, the retailer, as the data controller responsible for complying with the DPA, must ensure that the information collected (including biometric data such as fingerprints) is actually needed. The interpretation of the DPA would no doubt go further, as would the Information Commissioner, in questioning whether the use of fingerprints is proportionate to the purposes for which it is collected. This would mean justifying why fingerprint technology is appropriate in the circumstances and why other, less intrusive, methods would not suffice.
Vin Bange is an Associate and data privacy law expert at Eversheds LLP
Email this article to a friend
You need to be logged in to use this feature.
Please log in here