Basics of Biometric Data. Part 1.

Digital identity verification is a necessary process for all industries, and companies face increasing challenges when selecting methods to verify their customer identities.

As technology continually adapts and security breaches at some of the world’s largest organizations make headlines, safeguarding data while creating a seamless user experience has become one of the great tests of minimizing risk.

Many companies have turned to biometric data as a solution to offer a streamlined and secure authentication process for customers.

Biometric data falls under 3 main categories:

• Physical: fingerprints, facial and eye recognition, and hand geometry.
• Behavioral: signature recognition, voiceprint, walk, and keyboard strokes.
• Biological: DNA, blood, saliva, urine, and odor.

Biometric data is extremely efficient - it doesn’t require users to memorize a username or password. It’s a convenient alternative for users to bypass a complicated login process by simply pressing their index finger to their device or allowing a photo of themself to be taken and compared to a photo archive.

However, biometric data too, is not a perfect solution and systems that leverage biometric data can increase potential risk exposure. Unlike other forms of personally identifiable information, it is indelible and once lost, it cannot be changed or recovered. You can change your password, but your finger-print is with you for life.

For that reason, the use of biometric data creates a unique set of security implications, legal and technical, each of which are best dealt with early in a technology’s life cycle

Biometric data-driven Artificial Intelligence (AI) innovations are already heavily integrated into our daily lives.

For example:

• Smartphone and laptop logins require a fingerprint to unlock the device.
• Apple’s Face ID identifies and verifies a person by comparing select facial features captured in real-time with data contained in a reference database.
• Two factor authentication can use a person’s step, keyboard strokes, or voice print, to enable access after the individual has successfully passed a separate verification process.
• Amazon Prime members have the option to use a palm-print as their primary method of payment at most Whole Foods locations.

These innovations require a user to authorize the collection, storage, and use of their biometric data. Most people consent to a company’s use of their biometric data out of convenience it offers and not necessarily due to having a comprehensive understanding of the company's data and privacy policy.

Due to the vulnerable nature of this type of data collection, it is subject to rising regulations and scrutiny which differ across state, federal, and international laws. That said, if you plan on using biometric data, you need a legal strategy in place to ensure that you have adequate consumer protections in place, before you launch.