321Privacy and security safeguards

#### 321 Privacy and security safeguards 321 Privacy and security safeguards > > (1) The Commissioner is to ensure that the following requirements are complied with in relation to the operation of an authorised biometric identification system in any correctional centre— > > > > > (a) any image or recording of a person’s features, other than the person’s photograph, must not be retained on the system, and must be deleted as soon as the person’s biometric algorithm is made, > > > > > (b) a person’s biometric algorithm must not be made, stored or kept as part of any other database that is maintained by or on behalf of Corrective Services NSW, other than a database kept for the purposes of tracking radiation dosage from an X-ray scanning device, > > > > > (c) the system must not be used to reconstruct a person’s features from a person’s biometric algorithm, > > > > > (d) the photograph of each visitor to a correctional centre must be eliminated from the system— > > > > > > > (i) within 6 months after the person’s last recorded visit to a correctional centre, or > > > > > > > (ii) as soon as practicable at the request of the person, > > > > > (e) a person’s biometric algorithm must not be stored in the system’s database in a way that would enable unauthorised access to the information, > > > > > (f) permission must not be given to any person or agency that would enable any person, other than a correctional officer or departmental officer, to gain access to a person’s biometric algorithm stored in the system’s database. > > > (2) Any person who is involved in the operation of an authorised biometric identification system must not knowingly or negligently— > > > > > (a) permit a person to gain access to any information in the system’s database, or > > > > > (b) provide a person with any information in the system’s database, or > > > > > (c) use the system to reconstruct a person’s features from the person’s biometric algorithm. > > > (3) This clause does not prevent access to a person’s photograph or personal details being given to— > > > > > (a) the Commissioner, or > > > > > (b) the principal officer, however described, of a law enforcement agency, or > > > > > (c) any person involved in the operation, maintenance, repair or replacement of the system. > > > (4) For the purposes of this clause, a person’s features are taken to include all aspects of the person’s physical characteristics (for example, fingerprints and iris scans) and all aspects of a person’s behavioural characteristics (for example, tone of voice and style of handwriting). > > **cl 321:** Am 2022 (487), Sch 1\[9\].