CONCERNS have been raised about the storage of children’s data in relation to controversial facial recognition software which was introduced – and suspended less than a week later – in nine North Ayrshire schools.

The Times reported last week that the council admitted that there was no political decision to introduce the facial recognition software as a payment method.

Instead, it was brought in by officers as a new supplier had won the contract for facilities relating to school meal payments.

Councillor Tony Gurney raised the issued at a meeting of full council last Thursday [October 28]. He said:“Last week saw the introduction of facial recognition systems in our schools to allow children to access school dinners. These systems use technology that does not simply match ‘pictures’ of the user.

“Instead aspects of each user’s features are captured and recorded. It is these aspects, which in general stay constant throughout your life, that are used to complete facial recognition.

“In other words, the data captured in our schools today can be used to identify our children for the rest of their lives.”

Following the introduction of facial recognition system for children to access school dinners, privacy issues were raised by both national and international media.

Councillor Jim Montgomerie addressed some of the issues relating to the storage of personal data. He said: “The data is stored by the supplier, utilising a Microsoft Azure instance (a highly managed, virtual, cloud-based server ringfenced to a particular supplier) which is provided and maintained by Microsoft to the industry leading standards.

"Utilizing Microsoft Azure enables more advanced security controls than could typically be achieved in-house and which can be deployed by the supplier in the design of their system. Such security controls include the encryption of all data to the international AES-256 standard.

“As part of the contract between the North Ayrshire Council and the supplier, the instance requires to be regularly updated to the latest security standards.

He continued: “The entire system was evaluated at point of procurement to ensure it conformed with a broad set of international and industry specific compliance standards.”