Important

 

Biometric Processing Privacy Code – New Zealand Clients

 

The Office of the Privacy Commissioner (OPC) in New Zealand has introduced the Biometric Processing Privacy Code, which governs the collection, use, and storage of biometric information. This Code applies to most uses of biometric technology across government, public sector, and private businesses—including its use within Time and Attendance systems.

​

All clients, including those already using biometric solutions, must understand their obligations under this Code. Compliance is required not only when implementing new biometric systems but also when continuing to use existing ones.

​

Under the Code, employers must:

​

• Demonstrate that the use of biometric systems is necessary and not more intrusive than alternative methods (e.g. swipe cards, PINs).

• Provide clear and transparent communication to employees about how their biometric data is collected, used, stored, and their rights to access or request deletion of that data.

• Evaluate the proportionality of biometric use, including consideration of privacy risks and cultural impacts - particularly in relation to Māori communities.

​

Implementation Timeline:

• New Users: Must comply with the Code from 3 November 2025.

• Existing Users: Must ensure full compliance by 3 August 2026.

 

We recommend all clients review their current or planned use of biometric technologies to ensure timely alignment with the new regulatory requirements.

​

To understand more about this Biometrics Processing Privacy Code and your obligations please click on the following links from the Office of the Privacy Commissioner (OPC) -

​​

Overview of the Biometric Processing Privacy Code -

https://www.privacy.org.nz/privacy-principles/codes-of-practice/biometric-processing-privacy-code/

​

Indepth Detail of the Biometric Processing Privacy Code -

https://www.privacy.org.nz/resources-and-learning/a-z-topics/biometrics/

​

Biometric Processing Privacy Code (PDF) - DRAFT

2024-12-16-Biometrics-Code-FOR-RELEASE-A1040522.pdf​

​

For all new and existing users of Biometric solutions it is strongly recommended that you complete a Privacy Impact Assessment (PIA) to help demonstrate compliance with the Code. Here is the link to the Office of the Privacy Commissioner (OPC) page on PIA's -

​

Privacy Impact Assessment -

Office of the Privacy Commissioner | Privacy Impact Assessments

​​

Tools like ChatGPT are a great way to help assist in formulating a Privacy Impact Statement for your business, subject of course to qualified legal review.

​

Please note although the above is specifically for New Zealand based clients it is important for clients outside of New Zealand that you also understand your obligations in regard to using this technology in your jurisdiction.

​​    

​__________________________

 

Proactively, we have recently (2024) added a new function in both our Time Clock Software and COMMS Sigma Software around explicit Biometric Consent. If you are not running the latest version with this function, you should download and update your software without delay to ensure you have it. For more about this new function please click on the following - 

​

​What's New (Time Clock Software Version 4.007) -

https://www.lauranka.co.nz/whatsnew

​

Is Explicit Biometric Consent Required (including link to Biometric Consent Form) -

https://www.lauranka.co.nz/biometricconsent

​

Software Download Page (Existing Clients) - 

https://www.lauranka.co.nz/upgrades

​

About our Technology and Software

Although the below link/information covers the technology we offer and how it works, please note it DOES NOT in anyway represent legal advice. If you are unsure about your obligations we recommend you seek independent legal advice as we are unable to provide this.

 

​