How are biometrics stored with Time and Attendance

Owned by Knowledge Assistant
Last updated: Nov 25, 2024
1 min read



Description of Issue

With regards to Personally Identifiable Information (PII), how are biometrics stored with T&A Clocks and T&A database



Context

  • ExecuTime (ET)

  • Time & Attendance (T&A)

  • Time clocks

  • Biometrics

  • Personally Identifiable Information (PII)



Cause

You have implemented biometric on ExecuTime/T&A Devices



Resolution

  • ExecuTime/T&A Time clocks are capable of biometric fingerprint identification when appropriately accessorized with a biometric reader.  The reader is proprietary to the clock and does not store exact images of the scanned appendage, rather it stores as a hash that is calculated from a proprietary algorithm. The value is a 1000 byte vchar value which is stored both on the clock and in the T&A Database.  The bio reader picks up a heat signature from the fingerprint and digitizes this value.

  • It is NOT PII and there isnt any way to reverse engineer that data into an image because it is not an image. When the finger is presented, it is rescanned, and the result is compared to what is stored in the clock – either matches or it doesn't. Part of the reason why multiple scans of the finger are required. Finger placement is critical and the condition of said finger is also important.  For example, some welders no longer have readable fingers.

  • The data is stored in the DB in order for a nightly scheduled task can ship out the data to all of the clocks.



Additional Information

Choosing the Clear Biometric function on the clock's web interface will erase the storage table.