Biometric Privacy Code 2025: The Complete Guide for NZ Time Tracking and Workforce Compliance

Last updated - Oct 1, 2025 at 4:00PM

The Biometric Processing Privacy Code 2025 is a major update to New Zealand privacy law. It introduces strict rules for biometric systems such as fingerprint and facial recognition. This guide explains what the Code is, when it comes into force, what businesses must do to comply, and the alternatives to biometric time tracking.


What is the Biometric Processing Privacy Code 2025?

The Biometric Processing Privacy Code 2025 is a legal framework introduced by the Office of the Privacy Commissioner to regulate how biometric data is collected, stored, and used in New Zealand. It applies to technologies such as:

The purpose of the Code is to limit unnecessary biometric use in everyday workplace settings and require stronger justification, transparency, and security wherever biometrics are used.


Key Dates and Deadlines

3 November 2025 Any new biometric system must comply immediately.
3 August 2026 All existing biometric systems must be updated.
Trial Option Organisations may test biometric systems for up to six months (with one possible six-month extension), but these trials do not delay the compliance deadlines.

Compliance Requirements


Why Biometric Time Clocks Will Struggle


Biometric Alternatives

Non-biometric time tracking systems provide:


Next Steps for Employers

  1. Audit your time tracking systems.

  2. If using biometrics, complete a necessity assessment.

  3. Provide a non-biometric option by law.

  4. Review vendor contracts and data security.

  5. Consider switching to a non-biometric provider like TimeDock.


Summary

The Code is a turning point. Biometric systems will struggle to justify themselves under New Zealand law. Most employers will either pay more to maintain dual systems or switch to a compliant, privacy-friendly alternative like TimeDock.


Further Reading

For more detail on the Biometric Processing Privacy Code 2025, see: