HMRC to delete five million biometric voice records

0
170

After pilot test, British bank declines to roll out Windows Hello
Lloyds Banking Group tested out biometric authentication using Windows 10 last year.

The UK’s tax authority is to delete the biometric voice records of five million people because it did not have clear consent from its customers to have those files.

HM Revenue and Customs (HMRC) uses the Voice ID biometric voice security system to make it easier for callers to pass its security processes when discussing their account. It says using the system will reduce the time it takes to speak to an advisor and will help prevent anyone else accessing accounts.

SEE: Cybersecurity in an IoT and mobile world (ZDNet special report) | Download the report as a PDF (TechRepublic)

However the scheme was criticised last year by privacy campaigners Big Brother Watch who said there was no option for callers to opt out of the ID scheme, or have their voiceprint deleted.

Now HMRC has written to the Information Commissioners Office (ICO) and said it will now only keep Voice ID enrolments where it holds explicit consent. That accounts for around 1.5 million customers, who have used the service since HMRC introduced changes in October 2018 to comply with GDPR requirements.

It will now have to delete all records where it does not hold explicit consent and said it will complete that work before the 5th June 2019 deadline set by the ICO.

Director of Big Brother Watch Silkie Carlo, said: “To our knowledge, this is the biggest ever deletion of biometric IDs from a state-held database. This sets a vital precedent for biometrics collection and the database state, showing that campaigners and the ICO have real teeth and no government department is above the law.”

“These total around 5 million customers who enrolled in the Voice ID service before October 2018 and have not called us or used the service since to reconfirm their consent,” said Jonathan Thompson, HMRC CEO. There are around 30 million taxpayers in the UK, showing the scale of the work the HMRC has to do.

But he said the agency would continue to use Voice ID, which he said was popular with customers. “HMRC has worked hard to ensure the system complies with GDPR requirements around explicit consent and our published privacy notice already makes clear that we will not use voice identification data for any other purposes,” he said.

Related Topics:

EU

CXO

Digital Transformation

Tech Industry

Smart Cities

Cloud