• Home
  • About
  • My Account
  • Blog
  • Success Stories
  • Contact
Bayometric Bayometric Bayometric Bayometric
  • Live Scan
    • Print to FD-258 Card – Background Check
    • SWFT Applicant System
    • FBI Fingerprinting – Live Scan
    • NFA Fingerprinting – Live Scan
    • FINRA EFS
    • FDLE Live Scan
    • Fingerprint Background Check
    • SWFT+ Compatible Devices
  • Fingerprint SDK
    • Touch N Go
    • Griaule Fingerprint SDK
  • Single Sign-On
  • Fingerprint Scanner
    • USB Scanners
      • SecuGen Hamster Pro
      • SecuGen Hamster Plus (HSDU03P)
      • Nitgen Fingkey Hamster DX
      • Lumidigm M301 (M30x)
      • Lumidigm M311 (M31x)
      • Lumidigm V302 (V30x)
      • Lumidigm V311 (V31x)
      • Nitgen Fingkey Hamster II
      • Nitgen Fingkey Hamster III
      • Verifi P5100
      • IB Curve
    • FBI Certified Readers
      • SecuGen Hamster Pro 10
      • SecuGen Hamster Pro 20 (HU20)
      • SecuGen Hamster IV (HSDU04P)
      • Unity 20 Bluetooth
      • Integrated Biometrics Watson Mini
      • Integrated Biometrics Columbo
      • Suprema BioMini Plus 2
      • Suprema RealScan-G1
      • Suprema BioMini Slim 2
      • Suprema BioMini Slim 2S
    • Ten Print Scanners
      • Integrated Biometrics Kojak
      • Suprema RealScan G10
      • Integrated Biometrics FIVE-0
    • Dual / Two Print Scanners
      • Suprema RealScan-D
      • Integrated Biometrics Sherlock
      • Integrated Biometrics Watson Mini
      • Nitgen eNBioScan-D Plus
    • Scanners + Card Readers
      • SecuGen iD-Serial
      • SecuGen iD-USB SC/PIV
      • SecuGen ID USB SC
      • Hamster Pro Duo CL
      • Hamster Pro Duo SC/PIV
      • Suprema BioMini Combo
    • OEM Modules
      • SecuGen SDU03P
      • SecuGen SDU04P
      • Lumidigm M300 (M30x)
      • Lumidigm M310 (M31x)
      • Lumidigm V300 (V30x)
      • Lumidigm V310 (V31x)
  • NFA Fingerprinting
Bayometric Bayometric
  • Live Scan
    • Print to FD-258 Card – Background Check
    • SWFT Applicant System
    • FBI Fingerprinting – Live Scan
    • NFA Fingerprinting – Live Scan
    • FINRA EFS
    • FDLE Live Scan
    • Fingerprint Background Check
    • SWFT+ Compatible Devices
  • Fingerprint SDK
    • Touch N Go
    • Griaule Fingerprint SDK
  • Single Sign-On
  • Fingerprint Scanner
    • USB Scanners
      • SecuGen Hamster Pro
      • SecuGen Hamster Plus (HSDU03P)
      • Nitgen Fingkey Hamster DX
      • Lumidigm M301 (M30x)
      • Lumidigm M311 (M31x)
      • Lumidigm V302 (V30x)
      • Lumidigm V311 (V31x)
      • Nitgen Fingkey Hamster II
      • Nitgen Fingkey Hamster III
      • Verifi P5100
      • IB Curve
    • FBI Certified Readers
      • SecuGen Hamster Pro 10
      • SecuGen Hamster Pro 20 (HU20)
      • SecuGen Hamster IV (HSDU04P)
      • Unity 20 Bluetooth
      • Integrated Biometrics Watson Mini
      • Integrated Biometrics Columbo
      • Suprema BioMini Plus 2
      • Suprema RealScan-G1
      • Suprema BioMini Slim 2
      • Suprema BioMini Slim 2S
    • Ten Print Scanners
      • Integrated Biometrics Kojak
      • Suprema RealScan G10
      • Integrated Biometrics FIVE-0
    • Dual / Two Print Scanners
      • Suprema RealScan-D
      • Integrated Biometrics Sherlock
      • Integrated Biometrics Watson Mini
      • Nitgen eNBioScan-D Plus
    • Scanners + Card Readers
      • SecuGen iD-Serial
      • SecuGen iD-USB SC/PIV
      • SecuGen ID USB SC
      • Hamster Pro Duo CL
      • Hamster Pro Duo SC/PIV
      • Suprema BioMini Combo
    • OEM Modules
      • SecuGen SDU03P
      • SecuGen SDU04P
      • Lumidigm M300 (M30x)
      • Lumidigm M310 (M31x)
      • Lumidigm V300 (V30x)
      • Lumidigm V310 (V31x)
  • NFA Fingerprinting
Aug 14

What are Risks of Storing Biometric Data and Why Do We Need Laws to Protect It?

  • Danny Thakkar
  • Biometric Data Security, Biometrics Comparison, Cyber Security, Privacy

Ever since the rise of biometric applications, there is a major concern looming over this recognition technology: risk of storing the biometric data. The way things are going, it is safe to say that biometrics is the future of human identification, however, this future will stay uncertain unless there are stringent methods employed to protect it against any misuse or security incidents. If people’s biometric data is threatened or stolen, they may start losing confidence in this recognition technology.

In the subsequent sections, we will discuss about biometric data protection approaches, different laws and GDPR.

face biometric dataImage: Social networks can capture face biometric data just by using your images

Types of biometric data

Regardless of the modality or technology used, all types of biometric acquisitions end up generating some type of biometric data. Biometric data is also a digital data, which can be stored on information systems and processed by biometric systems. Unless saving the raw images of biometric identifiers, processed biometric data is often stored in an encrypted format to safeguard it against any manipulation. When encrypted biometric data is of no use for any entity trying to access it, unless it has decryption keys. Encryption makes sure that only eligible entities can read the data.

Types of biometric data are dependent on types of biometric identifiers used. However, all types of data eventually end up generating digital bits that are stored on secure servers.

On the basis of different biometric characteristics following can be the types of biometric data:
  • Fingerprint templates
  • Iris and retina templates
  • Voice print
  • 2D or 3D facial structure map
  • Hand, finger geometry map
  • Vein recognition template
  • Gait analysis map
  • DNA profiles
  • Behavioral biometric profiles

There can be several other types of biometric data depending on the modality, technology and approach used. In security centric applications where multi-modal biometrics is used, type of data will be the combination of the modalities used. Biometric identification is a constantly evolving field and different approaches are worked upon all the time. For example in many behavioural biometric tactics, there are several measures are taken into account to create a user profile. There are even unconventional biometric methods that may go mainstream at some point in the future.

Biometrics and data protection

What would be the worse-case scenarios with your government issued ID card you carry with you all the time? Probably losing it when you need it the most and someone finding it and misusing your identity. However, this sequence of events can be stopped once you acknowledge that you have lost your ID. You can have it cancelled by the issuing authority and get a new one reissued. The same is the case with digital form of identity authentication, if you forget your password, you can create a new once (which automatically turns the old one ineffective).

However, this is where things go differently in case of biometric identifiers: Unlike your government ID, biometrics cannot be reissued or changed if compromised.

Biometric technology works by capturing anatomical or behavioral patterns found in human beings. Each individual’s biometric patterns are different and biometric technology can find this minute difference in these patterns using technological, mathematical and statistical means. Biometric recognition technology has proved its superiority over traditional and other recognition methods; however, permanence of human biometric patterns becomes the strength as well as the weakness of this technology. Your fingerprints or iris patterns are unique as well as permanent, it is a good things when your biometric data is secure, and a very bad thing when it is not.

Information security incidents are another risk of storing biometric data. If hackers somehow reach the repository of biometric data, they can copy it to their storage. Till now there is no reported incident in which hackers of security experts were able to reverse-engineer the biometric data, i.e. creating the original biometric pattern using the biometric templates.

Risks associated with storing biometric data

Like any other personal or sensitive digital information, biometric data can also be exposed to the threats faced by present day information systems.

Risk of data breaches and cyber security incidents

News of data breaches captures the headlines every now and then. Cyber criminals steal account information and even passwords of millions of users every year and despite the repeated events and improved cyber security measures, these incidents keep happening. When a data breach is identified, organizations intimate its users to change their passwords and update account recovery information; however, in case of biometric data, these countermeasures will not help. Biometric templates are secured with encryption and they cannot be reverse-engineered to generate the biometric patterns, however, history tells that all information security countermeasures fall short at some point of time.

Risk to privacy and preferences

What if you stand by a digital display at a shopping mall and it starts showing you ads of a product you search online in the morning? You would probably think it to be a complete coincidence; however, looking at today’s technology, it may not be a coincidence. We have seen online advertisements following us on the web, all it takes is a search on a shopping website to make the products follow you. This approach was not possible for offline world, but now biometrics like face recognition is going to fill this gap.

The digital display you stood by, may have a small camera with face recognition tech and your shopping website may have partnered with your social media service provider to get your facial scans, so that they can show you ads, even when you are not on your PC or phone. Savvy?

The scenario discussed above is one of the many privacy risks that users may face due to uncontrolled use of biometric data. This is why we need privacy laws specially framed for biometric data to curb the uncontrolled storage and processing of biometric data of users or customers.

Biometric data privacy laws

We have discussed above why security of biometric data is of prime importance and how it can affect the user privacy. Soon commercial and business outfits will be collecting more than ever biometric data of users, which can lead to uncontrolled use of this data for commercial purposes. Business outfits may also choose to store or process this data with inadequate data safety measures to save cost. This is one of the many examples where things may go wrong. To ensure security of biometric data and its usage, we need laws specially framed for biometric data. Unfortunately, there are no separate laws for biometric data around the world, and it is processed under the laws written for personal data and user privacy.

In the United States, there is no comprehensive law particularly framed for collection, storage and processing of biometric data of users / customers. However, U.S. states are in the process of enacting BIPA (Biometric Information Privacy Law), which, as the name suggest is the legal framework for biometric information privacy.

While the laws of biometric information privacy are struggling in the U.S., European Union has already made GDPR (General Data Protection Regulation) effective on May 25, 2018. The regulation put biometric data in sensitive category and mandate compliance with it.

GDPR and biometric data

GDPR (The General Data Protection Regulation) EU 2016/679 is a regulation in the European Union region. GDPR aims to protect data and privacy for all individuals within the European Union (EU) and the European Economic Area (EEA). On May 25, 2018, the new European privacy regulation called The General Data Protection Regulation (GDPR) came into effect. All the companies doing business in EU and EEA region and collecting / storing personal information (including biometrics) of their customers need to comply with this law. According to GDPR, personal information can contain your name, email address, photo, contact details, bank information, medical data, location, IP address, updates made on social networks etc.

When it comes to biometric data, GDPR puts it in “sensitive” category of personal information and mandates robust protection. As per GDPR, biometric data is:
“Personal data resulting from specific technical processing relating to the physical, physiological or behavioural characteristics of a natural person, which allow or confirm the unique identification of that natural person, such as facial images or dactyloscopic (fingerprint) data”.

Under GDPR requirements, companies will have to justify the need of collecting and processing biometric data of its users or customers. They will also require explicit consent of users or customers for the collection of such data. The GDPR also requires that data processors must implement appropriate “technical and organisational measures” to keep data secure.

Conclusions

Recent surge in biometric applications and their widespread adoption have made it clear that this technology is here to stay. Biometric technology powered identification and authentication is taking over all other forms of establishing or verifying human identity. However, it has also raised the security concerns of the large amount of biometric data adding up every day.

Why we need to protect biometric data? For the same reason we need to protect any other form of identity authentication tool from a potential misuse, e.g. a government issued ID or a password. Since biometric data is stored on connected information systems, it is always a good idea to reinforce the information security efforts to secure data. Modern biometric systems use encryption that further secures the storage and transfer of biometric data. With in-built encryption and best information security practices in place, biometric data can be as secure as it deserves to be.

  • Facebook
  • Twitter
  • Reddit
  • Pinterest
  • Google+
  • LinkedIn
  • E-Mail

About The Author

Mary Clark is Product Manager at Bayometric, one of the leading biometric solution providers in the world. She has been in the Biometric Industry for 10+ years and has extensive experience across public and private sector verticals.

Comments are closed.

Have any questions? We will be happy to answer.

Sidebar Contact

Shop online for high quality fingerprint readers

Hamster Pro 20

hamster pro 20
Buy Online

Unity 20 Bluetooth

unity 20 bluetooth
Buy Online

Hamster Plus

hamster plus
Buy Online

Columbo

columbo
Buy Online

Fingerprint applications we offer

Fingerprint SDK

Simple and Intuitive API, NO biometrics programming experience required. Get sample code in C++, C#, VB, Java etc.
Take a Tour

Live Scan

Live scan fingerprinting allows quick and cost effective background checks of individuals.
Take a Tour

Computer Logon

Logon to Windows, Domain, Websites and Applications using fingerprints & create a ”password free” environment.
Take a Tour

Search the Blog

Categories

  • Access Control
  • Archive
  • Automotive Biometrics
  • Background Check
  • Big Data
  • Biometric ATMs
  • Biometric Authentication
  • Biometric Data Security
  • Biometric Device
  • Biometric Identification
  • Biometric Immigration
  • Biometric National ID
  • Biometric News
  • Biometric Passport
  • Biometric Payment
  • Biometric Research
  • Biometric Screening
  • Biometric Security
  • Biometric Spoofing
  • Biometric System
  • Biometric Technology
  • Biometric Terminology
  • Biometrics as a Service
  • Biometrics Comparison
  • Biometrics Examples
  • Biometrics in Banking
  • Biometrics in Education
  • Biometrics in School
  • Border Control
  • BYOD
  • Cloud Communication
  • Cloud-based Biometrics
  • Covid 19
  • Cyber Security
  • Facial Recognition
  • Finger Vein Recognition
  • Fingerprint Attendance
  • Fingerprint Door Lock
  • Fingerprint Recognition
  • Fingerprint Scanner App
  • Fingerprint scanners
  • Fingerprint SDK
  • Fingerprint with Phone
  • Future of Biometrics
  • Guest Blog
  • Hand Geometry
  • Healthcare Biometrics
  • Home Security
  • Hospitality Industry
  • Integration Guideline
  • Internet of Things
  • Iris Recognition
  • Law Enforcement
  • Live Scan Fingerprinting
  • Mass Surveillance
  • Membership Management
  • Multi-factor Authentication
  • Multimodal Biometrics
  • Network Security
  • NFA Fingerprinting
  • Palm Vein Recognition
  • Patient Identification
  • Privacy
  • Public Safety
  • Retail POS
  • Retinal Scan
  • SecuGen RD Service
  • Secure Data Center
  • Signature Verification
  • Single Sign On
  • Smart Card
  • Time and Attendance
  • Two-factor Authentication
  • Vascular Biometrics
  • Visitor Management
  • Voice Authentication
  • Voter Registration
  • Windows Biometrics
  • Workforce Management

About Bayometric

Bayometric is a leading global provider of biometric security systems offering core fingerprint identification solutions. Learn more

Products We Offer

  • Touch N Go
  • Single Sign-On
  • Biometric Access Control
  • Biometric Security Devices
  • Fingerprint Scanners
  • FBI Certified Readers
  • Live Scan Systems
  • OEM Modules

Contact Us

Footer Contact
Sending

Recent from Blog

  • How Does NFA Obtain Your Criminal History Record? February 4, 2023
  • ATF Final Rule (2021R-08F) – Attached Stabilizing Braces January 30, 2023
  • Can Live Scan Detect Masked Fingerprints? January 5, 2023
© 2007 - 2022 by Bayometric | All Rights Reserved.
  • Best Seller
  • Cart
  • Checkout
  • Policies
  • Industries
  • Knowledge Base
  • Sitemap