Biometric Finger Print Access - FAQ
How does the system store the finger print?
The actual thumb print image is NOT stored. The software calculates a huge number from the image and it is the number itself which is stored. This number is then encrypted for further security
• The number cannot be used to re-construct the original image.
• Any stored record can be removed easily by clicking [Delete] at the registration process.
• Pupils not allowed to use the technology can be given a barcode which will work at the same time.
Just how secure is this data?
The data is encrypted to industry standards. Also to ensure security, while the library system is hosted by MLS and accessed via the Internet, the files containing fingerprint data are held internally on a school machine / school server.
Who will have access to it?
The information is configured on the school server, only the IT technician is able to access the files fully. The files are still encrypted however and only MLS hold the relevant knowledge to access data within these files.
What other data will it be stored with (eg Name, date of birth, address etc...)?
The encrypted file contains the Borrower_ID (random hexadecimal string assigned to each borrower which is specific to the MLS software) and the fingerprint string.
Will the computer that holds it (or any computer that accesses it) ever be connected to the internet?
Yes, as the library system is hosted it will require an Internet connection however the specific data used to authenticate via fingerprints is not transmitted, and the fingerprint data is stored locally within the school network.
How secure are your networks overall?
The MLS Servers that host Junior.net and Eclipse.net are regularly penetration tested by independent security professionals and housed in a secure facility which is also used by some banks and building societies.
Can you access them from home for example (ie over the internet) and what kind of security is in place to stop hackers from being able to access via that same path?
As the fingerprint data is stored locally on the school network there is no way to access it through the MLS Library system when accessed from outside the school network. Authentication for users logging in from home is achieved using standard username / password.
Will you ever send this data anywhere outside of the school systems?
The data is never stored by MLS so we have no access to the relevant files.
Will it ever be sent anywhere by e-mail (totally unsecure unless heavily encrypted)?
The file is already encrypted however should we require a copy of the file for any support reason we ask customers to upload it to our web-server (via HTTPS portal). The data is then handled as per DPA.
Can people download it onto portable media such as data sticks or CD's?
As the data is stored locally on the school network this is entirely dependent on the security setup by the school’s IT team.
How long will this data be held for and what will happen to it when it is no longer required?
When a child is deleted from the system (or passed into the recycle bin) the fingerprint data is deleted. It can also be deleted for specific students at any time if required.
What is your hardware destruction policy?
All data in the school is destroyed as required by the Data Protection Act and in accordance with BECTA standards.
Do you have backups and if so are they held offsite and if so how do they get there and how secure are these backups
There are no back-ups of the data
Where can I get additional information?
There is a statement on the MLS website clarifying these points (bottom of page):
http://microlib.co.uk/products/Identikit.aspx