November 4, 2021 |

Basics of Biometric Data. Part 1.

Creating Efficiency In Identity Verification

Digital identity verification is a necessary process for all industries, and companies face increasing challenges when selecting methods to verify their customer identities.

As technology continually adapts and security breaches at some of the world’s largest organizations make headlines, safeguarding data while creating a seamless user experience has become one of the great tests of minimizing risk.

Many companies have turned to biometric data as a solution to offer a streamlined and secure authentication process for customers.

Biometric data falls under 3 main categories:

  • Physical: fingerprints, facial and eye recognition, and hand geometry.
  • Behavioral: signature recognition, voiceprint, walk, and keyboard strokes.
  • Biological: DNA, blood, saliva, urine, and odor.

Biometric data is extremely efficient - it doesn’t require users to memorize a username or password. It’s a convenient alternative for users to bypass a complicated login process by simply pressing their index finger to their device or allowing a photo of themself to be taken and compared to a photo archive.

However, biometric data too, is not a perfect solution and systems that leverage biometric data can increase potential risk exposure. Unlike other forms of personally identifiable information, it is indelible and once lost, it cannot be changed or recovered. You can change your password, but your finger-print is with you for life.

For that reason, the use of biometric data creates a unique set of security implications, legal and technical, each of which are best dealt with early in a technology’s life cycle

Integration of Biometrics in Daily Life

Biometric data-driven Artificial Intelligence (AI) innovations are already heavily integrated into our daily lives.

For example:

  • Smartphone and laptop logins require a fingerprint to unlock the device.
  • Apple’s Face ID identifies and verifies a person by comparing select facial features captured in real-time with data contained in a reference database.
  • Two factor authentication can use a person’s step, keyboard strokes, or voice print, to enable access after the individual has successfully passed a separate verification process.
  • Amazon Prime members have the option to use a palm-print as their primary method of payment at most Whole Foods locations.

These innovations require a user to authorize the collection, storage, and use of their biometric data. Most people consent to a company’s use of their biometric data out of convenience it offers and not necessarily due to having a comprehensive understanding of the company's data and privacy policy.

Due to the vulnerable nature of this type of data collection, it is subject to rising regulations and scrutiny which differ across state, federal, and international laws. That said, if you plan on using biometric data, you need a legal strategy in place to ensure that you have adequate consumer protections in place, before you launch.

Read Part 2 to learn how regulations are evolving and differ per jurisdiction.


Use of, access to, and information exchanged on this web page or any of the e-mail links contained within it cannot and does not create an attorney-client relationship between Han Santos, PLLC, and the user or browser. Please do not post any personal or confidential information. You should contact your attorney to obtain advice with respect to any particular issue or problem. Contact us for additional information. One of our lawyers will be happy to discuss the possibility of representation with you. The opinions expressed at or through this site are the opinions of the individual author and may not reflect the opinions of the firm or any individual attorney.