With the growing demand for biometrics in Identity Management and Know Your Customer strategies, the issue of compliance is never far away and should be considered a priority.
This is the view of executive management at Ideco, an established leader in the application of biometric technology and Southern Africa’s primary distributor of Morpho fingerprint biometric solutions.
Compliance, in this context, refers to adherence to industry standards within two key areas: technical and regulatory.
“Technical compliance will ensure the system is capturing, processing, communicating and storing the biometric data according to relevant national and international requirements. Regulatory compliance ensures that the personal information is processed in the various legal frameworks to ensure there is no risk to the person’s identity,” says Marius Coetzee, CEO at Ideco.
“This is the acknowledged industry reasoning behind compliance, but if one goes deeper, there are certain legal implications to compliance and non-compliance,” Coetzee explains.
“Keep in mind that only Face, Signature and Fingerprint are accepted biometric evidence in terms of SA Law. The rest is only regarded supporting evidence. At the same time, the responsibility of the purchaser is to ensure that solutions are compliant so that the technology adds legal value,” he continues.
Solutions must be compliant to ensure the biometric implementation is fully compatible with- (or can benefit from) civil systems such as the Online Fingerprint Verification service of the Department of Home Affairs, or the Criminal Record Verification service of the South African Police Service (SAPS).
Furthermore, compliance will ensure that the chain of evidence from every biometric transaction can be presented in a court of law as irrefutable evidence of the Identity involved with the transaction.
“Biometric technology offers an effective deterrent to villains who will not worry if a newly implemented biometric system cannot be used to identify them as a criminal in the SAPS database and couldn’t be used to convict them in a court of law,” says Coetzee.
Bear in mind compliance conditions
Ideco management warns the market that the onus to ensure compliance of product lies with the purchaser.
“Remember, vendors are chasing sales targets and will force any deal without taking the time to ensure compliance to the full spectrum of requirements. We have seen it in so many cases. For instance, customers will implement video surveillance and when an incident happens, the video footage cannot be used in a CCMA case. Some organisations are facing huge risk to their reputations for selling non-compliant equipment to major corporates, or making ill-informed product recommendations,” Coetzee explains.
“When villains start to realise there is no intrinsic value in a specific biometric system or the first time a case is dismissed by a court as inconclusive biometric evidence, the full investment is void. Corporate South Africa is currently spending millions on biometric solutions without realising the importance of compliance,” he adds.
Customers are advised to at least select biometric solutions that are evaluated by the National Institute of Science and Technology (NIST). This body defines the standards used by numerous world leaders in this field including the FBI, Interpol, Scotland Yard and our own SAPS.