Biometric Privacy Code 2025: The Complete Guide for NZ Time Tracking and Workforce Compliance
Last updated - Oct 1, 2025 at 4:00PM
The Biometric Processing Privacy Code 2025 is a major update to New Zealand privacy law. It introduces strict rules for biometric systems such as fingerprint and facial recognition. This guide explains what the Code is, when it comes into force, what businesses must do to comply, and the alternatives to biometric time tracking.
What is the Biometric Processing Privacy Code 2025?
The Biometric Processing Privacy Code 2025 is a legal framework introduced by the Office of the Privacy Commissioner to regulate how biometric data is collected, stored, and used in New Zealand. It applies to technologies such as:
-
Facial recognition scanners.
-
Fingerprint readers.
-
Iris/retina scans.
-
Voice ID and similar biometric identifiers.
The purpose of the Code is to limit unnecessary biometric use in everyday workplace settings and require stronger justification, transparency, and security wherever biometrics are used.
Key Dates and Deadlines
3 November 2025 | Any new biometric system must comply immediately. |
3 August 2026 | All existing biometric systems must be updated. |
Trial Option | Organisations may test biometric systems for up to six months (with one possible six-month extension), but these trials do not delay the compliance deadlines. |
Compliance Requirements
-
Conduct a necessity and proportionality assessment to prove biometrics are essential.
-
Provide a non-biometric alternative such as RFID, PIN, or mobile clock-ins.
-
Update privacy notices and consent processes.
-
Strengthen security controls, retention policies, and vendor contracts.
Why Biometric Time Clocks Will Struggle
-
Most workplaces cannot prove biometrics are strictly necessary.
-
Alternatives like mobile apps and RFID cards achieve the same results.
-
Vendors may be forced to run dual systems → higher costs, complex onboarding.
-
Only very high-security environments can justify biometric-only solutions.
Biometric Alternatives
Non-biometric time tracking systems provide:
-
Simpler compliance.
-
Lower operating costs.
-
Higher employee trust.
Next Steps for Employers
-
Audit your time tracking systems.
-
If using biometrics, complete a necessity assessment.
-
Provide a non-biometric option by law.
-
Review vendor contracts and data security.
-
Consider switching to a non-biometric provider like TimeDock.
Summary
The Code is a turning point. Biometric systems will struggle to justify themselves under New Zealand law. Most employers will either pay more to maintain dual systems or switch to a compliant, privacy-friendly alternative like TimeDock.
Further Reading
For more detail on the Biometric Processing Privacy Code 2025, see: