PD ISO/IEC TR 24714-1:2008 Information technology. Biometrics. Jurisdictional and societal considerations for commercial applications. General guidance
PD ISO/IEC TR 24714-1 is a Technical Report (TR) that offers guidance on the design of systems that use biometric technologies to capture, process and record biometric information. It sets out the societal, cultural and ethical issues related to the use of biometrics in security systems for identifying people. Specifically it addresses:
- Legal and societal constraints on the use of biometric data
- Accessibility for the widest population
- Health and safety, addressing the concerns of users regarding direct potential hazards as well as the possibility of the misuse of inferred data from biometric information.
PD ISO/IEC TR 24714-1 gives guidelines for the stages in the life cycle of a system’s biometric and associated elements. This covers the following:
- Capture and design of initial requirements, including legal frameworks
- Development and deployment
- Operations, including enrolment and subsequent usage
- Interrelationships with other systems
- Related data storage and security of data
- Data updates and maintenance
- Training and awareness
- System evaluation and audit
- Controlled system expiration.
Specification and assessment of government policy are not within the scope of this part of PD ISO/IEC TR 24714-1.
PD ISO/IEC TR 24714-1 provides support for the further development of ISO/IEC biometric international standards in the context of cross-jurisdictional and societal applications of biometrics, including standardization of both existing and future technologies.
Specifically, this part of PD ISO/IEC TR 24714 offers guidance on the design of systems that use biometric technologies to capture, process and record biometric information
- With regard to societal norms and legal requirements of jurisdictional domains (within and among various levels of jurisdictions)
- Pertaining to privacy/data protection of an identifiable individual
- With respect to an individual’s ability to access and use these systems and the information they contain
- With regard to health and safety issues pertaining to an individual when systems are utilized to capture biometric data.
In this part of PD ISO/IEC TR 24714, biometric data are considered to be personal data.
PD ISO/IEC TR 24714-1’s contents are recommended practices and guidelines. They are not mandatory. Legal requirements of the respective countries take precedence and biometric data should be obtained in accordance with local norms of behaviour. This part of ISO/IEC TR 24714 does not reduce any rights or obligations provided by applicable laws. Compliance with any recommendations in t PD ISO/IEC TR 24714-1 does not of itself confer immunity from legal obligations.
Examples of the benefits to be gained by following the recommendations and guidelines in this part of ISO/IEC TR 24714 are:
- Enhanced acceptance of systems using biometrics by subjects
- Improved public perception and understanding of well-designed systems
- Smoother introduction and operation of these systems
- Potential long-term cost reduction (whole life costs)
- Increased awareness of the range of accessibility-related issues
- Adoption of commonly approved good privacy practice.
PD ISO/IEC TR 24714-1 is aimed at planners, implementers and system operators of biometric systems, with the primary stakeholders being identified as:
- Users – those who use the results of the biometric data
- Developers of technical standards
- Subjects – those who provide a sample of their biometric data
- Writers of system specifications, system architects and IT designers
- Public policy makers.
Contents of PD ISO/IEC TR 24714-1 include:
- Terms and definitions
- Symbols and abbreviated terms
- Societal and cross-jurisdictional considerations
- Jurisdictional issues
- Health and safety
- Societal, cultural and ethical aspects of biometrics