HID logo

The Risk of Identity Theft Does Not Stop with Biographic Data

As the world increasingly moves towards assuring each individual’s identity, so does the need to collect and manage more biometric data as a means to uniquely enroll and identify individuals. But sharing our biometric data means that we are exposed to the same identity theft risks as when we share other important data, such as financial account data, address history, employer history and more. Several data breach laws around the world have already been enacted requiring companies to report on breaches after the fact. But those measures are reactive and come into effect after the damage is already done. They do not allow individuals to control who has their data or what is done with it after the company has no further need for it.

The EU as a Protector of Their Citizen’s Data

As a result, several regulatory measures have been put in place to give individuals control over the data that a company collects, whether you are a consumer of goods or services, or even as an employee of a company that requires the collection of biometric data for background checks. The first broad protections came as a result of the European Union’s General Data Protection Regulation, otherwise known as the GDPR. The provisions of the GDPR came into effect two years ago, providing rights to EU citizens and permanent residents about how their data is used. The regulations were put into place to prevent citizen data from being shared without consent. That also includes EU citizens that do not live within the European Union, making this a global concern.

The GDPR and other acts, such as the California Consumer Privacy Act, specifically make provisions for the protection of biometric data. This means that companies collecting biometric data must take measures to protect it in the same fashion that they would any other personally identifiable information. Each individual may also be given rights, such as:

  • The ability to have access to the data (understand and view the data that has been collected)
  • A way to request that it be removed (otherwise known as the right to be forgotten)
  • The ability to receive a copy of their data so they may re-use it (if applicable)
  • The right to determine how the data can or cannot be shared
  • The right to be notified in the event of a data breach or misuse of their data

Companies and organizations must now be prepared to deal with those requests as defined by the individual regulations or be prepared to deal with stiff fines.

Reviewing Biometric Data Usage

As biometrics plays a bigger role in each individuals’ routine transactions, organizations making use of that data will need to address and adopt new policies and procedures in relation to these regulations at the national and local levels to determine how best to meet the requirements. Reviewing each regulation and how it applies is incumbent to managing and executing a successful and sustainable system. More and more countries around the globe are taking notice, and developing their own regulations based on these ground-breaking privacy laws. Together governments, public and private organizations as well as individual citizens recognize the need to better protect our unique, individual data, particularly biometric data with its greater capacity to identify us and make it easier to safely and conveniently play a bigger role in our day-to-day transactions.

Learn how our tenprint readers perform best-in-class biometric captures for accurate background checks.