Privacy Commissioner warns of dangers in scanning IDs in pubs and clubs

Scanning policies must adhere to privacy laws

Privacy Commissioner, Karen Curtis, is warning CIOs of pubs and clubs around Australia to be aware of privacy obligations to their patrons.

It is commonplace for pubs and clubs to request identification of patrons as they enter a venue, however Curtis has warned that patrons’ information could be divulged to a third party if proper security procedures are not adhered to.

“ID scanning, fingerprinting and iris scans are becoming increasingly common at pubs and clubs, and I am not convinced that all venues understand what their privacy obligations are when using these technologies,” she said in a statement.

“The digitised information these technologies offer has the potential to be used or disclosed for many other purposes, such as direct marketing and the creation of databases, as well as the risk of facilitating identity fraud.”

The warning comes as Privacy Awareness Week draws to a close.

Some clubs include the relevant details about privacy on their websites. The Wenty Leagues club in NSW is home to three bars and several restaurants. It was unavailable to comment on the issue, but the club specify its privacy policy on its website: “We protect personal information through the use of secure databases that can only be accessed by authorised individuals. As a matter of course, employees, including those able to access personal information, sign confidentiality agreements as a condition of their employment”.

Max Cowan, head of marketing at the Panthers Group, said that the club use traditional forms of security rather than scanning patrons’ ID.

“We don’t do it because it is not practical to use,” he said. “Even if someone’s licence is scanned, it still needs to be checked.”

The club’s procedure requires visitors to show their ID to club security and sign a guest book when they enter the premises.

The Privacy Commissioner urges both consumers and club owners to review newly-released guidance material if they are unsure of their rights and responsibilities with regards to scanning technology and privacy.

Join the CSO newsletter!

Error: Please check your email address.

Tags iris scanningprivacy

More about Cowan

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Lisa Banks

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place