In a world where people are being increasingly broken down from whole human beings into pieces of data to be bought, sold, marketed and advertised to, data privacy concerns are reaching a boiling point in the UK.

According to Statista, 27% of British people are concerned with the potential misuse of their data online, with 17% also voicing doubts about the security of storing sensitive data digitally.

Serco leisure's breaches data protection rules

Against this backdrop of consumer uncertainty around data privacy, the recent directive issued to Serco Leisure by the Information Commissioner's Office (ICO) to cease the use of facial recognition technology (FRT) and fingerprint scanning for employee attendance monitoring couldn't be more timely.

It declared that the company had unlawfully processed biometric data from over 2000 employees across 38 sporting and leisure facilities, violating UK data protection laws.

It further stated that the global leisure and fitness brand had failed to demonstrate the necessity or proportionality of using FRT and fingerprint scanning. Less intrusive means to confirm employee attendance, such as key fobs or ID cards, could have been used.

A spokesperson for the ICO said that:

“Due to the imbalance of power between Serco Leisure and its employees, it is unlikely that they would feel able to say no to the collection and use of their biometric data for attendance checks.”

Serco’s next steps

In this instance, the ICO has decided not to enforce any monetary penalties, but on top of ceasing the use of biometric data, the order also mandates Serco Leisure and associated trusts to eradicate all biometric data they are not legally obligated to retain within three months of the enforcement notices being issued.

Regarding Serco’s use of FRT and fingerprint scanning, the ICO emphasised that it was neither fair nor proportionate under data protection law, warning that biometric technologies cannot be deployed lightly.

Systemic issues in data governance

Serco’s situation perfectly demonstrates the broader systemic issues surrounding data governance and corporate accountability. The company’s failure to adequately justify the necessity of biometric technologies highlights the need for greater transparency and oversight in data-driven decision-making processes.

In response to the ICO's directives, Serco has committed to full compliance with the enforcement notice. However, the case has sparked wider discussions on the ethical ramifications of workplace data collection and usage.

Beyond regulatory adherence, there's a call for fostering a culture of responsibility and trust. Companies should proactively address privacy worries, offering transparency on data collection, storage, and usage.

Employers must navigate carefully, prioritising data protection principles and the rights of individuals. Upholding transparency and accountability is crucial in sustaining consumer trust.

How Can Metomic Help?

Metomic offers comprehensive data security solutions to assist businesses in navigating the complexities of data privacy compliance. 

Our platform enables companies to streamline their data governance processes, ensuring compliance with regulations such as GDPR and HIPAA. 

With Metomic, you can easily track sensitive data, and maintain transparency with users. And by implementing Metomic, businesses can demonstrate their commitment to data protection, build trust with customers, and mitigate the risks associated with non-compliance.

Book your personalised demo now to see how Metomic’s data security tools can help you foster a culture of responsible data storage, and compliance with regulatory requirements.