There are no official checks and balances on how the data is collected, stored, used or shared. Federal Privacy Commissioner Tim Pilgrim has warned he does not have the power to audit the systems and the lack of regulation has even industry players calling for tighter controls. NSW premises using the systems include the Australian Brewery, Lone Pine Tavern, Phriction Night Club and the Mean Fiddler in Sydney's west; Home Nightclub, the Coogee Bay Hotel; Woy Woy Leagues Club, Woodport Inn and Munmorah United Bowling Club on the central coast; Fotheringhams Hotel in Taree; and Wollongong's Palm Court Hotel. At the Coogee Bay Hotel, patrons not only queue for fingerprint scans, but may then be rejected on the grounds of a curious dress code, which includes a ban on stepped haircuts, a common style where there is a clearly visible line between layers of shaved and unshaved hair. However, complaints have been made that the hotel does not enforce the code unless it wants to refuse entry to groups of Lebanese males. When The Sun-Herald visited the hotel last week, it was not enforcing the dress code, which includes bans on visible tattoos, singlets, thongs and rats-tails . Despite the explosion in the use of biometric scanners, criminologists at Deakin University warn they have ''slipped'' into use in Australia with ''little public awareness, no policy consideration and questionable claims concerning their effectiveness in enhancing safety and reducing crime''.

The Biometrics Institute of Australia, the main industry group, has already called for changes to the Privacy Act including mandatory privacy impact assessments and audits, no exemptions for any group and a unified national privacy system. But one scanning company, ID Tect, advertises that the information is stored on a national database and can ''share a banned list of troublemakers - whether that listing is local, statewide or national''. Company director Peter Perrett did not return calls to The Sun-Herald. The Privacy Commissioner warned that: ''Anyone using this technology should be aware that under the Privacy Act, organisations must provide individuals with notice of what will happen to the collected information. It cannot be automatically shared with other venues, even if the purpose for sharing it is the same across all the organisations.'' The Privacy Commissioner has drafted guidelines for ID scanning, which are available on its website. NightKey fingerprint scanning system director David Wallace has called for regulation and protection of data saying ''anything bad in the industry reflects back on everybody''. NightKey has been working with NSW Police to ensure it complies with security and licensing laws. Mr Wallace said the system was audited annually. He would not reveal the audit results but said the system had been improved based on the findings.

Australasian Council of Security Professionals chairman Jason Brown said biometrics were a higher level of intrusion than just checking a licence and ''it needs to be managed, accountable, audited and subject to the same professional ethics as security and surveillance''. The fingerprint scanning system takes a photograph of the patron, scans their ID and takes a fingerprint which is converted into a map of the meridian points on the print and converted into a PIN. When a patron returns, the scanner matches the meridian points of their finger to the code to find their identity. The company insists there are no fingerprints kept in the system. Patrons can request their details be deleted from the system although not if they are flagged as troublemakers. ID Tect scanners scan identities into a database which can be shared with hundreds in the country. The system stores the data for 28 days and then it is deleted. But the troublemakers' IDs can be kept indefinitely. Among the drinkers scanned on entry to the Coogee Bay Hotel on Australia Day was Ben Davies, a fraud investigator from Mosman. He was ''shocked by the willingness of so many people to hand over their entire lives in this way''. ''You have to be so careful with identification details. If someone breaks into the system, that means someone could be walking around with a fake version of my driver's licence.,'' Mr Davies said.

Laura O'Donnell, a Bondi PR manager, said a driver's licence should be enough. Loading Tamara Salamacha, of Maroubra, said she did not like such tight controls. But ''like most people in here, I just agreed to let it happen, so I could come in and join my friends''. nobrien@fairfaxmedia.com.au