A biometric "clocking in" system planned by the National Gallery is to be examined by the Data Protection Commissioner, following a complaint by a member of staff.
Three of the gallery's 75 attendants have refused to provide fingerprints for the system, despite a decision by their union, SIPTU, to accept its introduction.
Concern that the system could be in breach of the law has already been expressed by the Office of the Data Protection Commissioner (DPC) in a letter to a staff member at the gallery.
The office's concern is based on the fact that the new system would involve the storing of attendants' fingerprints on a centralised database.
In the letter on February 3rd, Mr Nelius Lynch of the DPC's office said such a system would not be acceptable if used solely for clocking-in purposes.
"In a time-management context, the creation of a central database would be excessive and involve a contravention of section 2 (1) (c) (iii) of the [Data Protection] Acts," he said.
The office would expect "a much higher justification" for the centralised storage of biometrics. An alternative approach, he said, would be a "verification system". This would involve the use of swipe cards or tokens, with a biometric element to confirm that a worker using a card or token was its owner.
There would be no centralised storage of data.
In a separate response to a complaint from a gallery attendant, the DPC's office said it would examine the gallery's system.
It is understood that in a submission to the Labour Court last year, the gallery said the new system was being introduced for time-management and payroll purposes.
However, the SIPTU branch secretary who negotiated on the issue, Mr Michael Corcoran, said last night the gallery had also cited security reasons for the system's introduction.
He said the three union members refusing to co-operate with the system risked losing benchmarking pay increases. The union had proposed setting up a sub-committee to monitor the system, but the three had rejected this. The National Gallery declined to comment.
The Data Protection Commissioner, Mr Joe Meade, expressed concern last year about the threat to privacy posed by the inappropriate use of biometrics.
He told an EU conference on biometrics at Farmleigh House in Dublin that "this threat is greatest where a central database exists".
