Biometric data refers to an individual’s physical attributes such as fingerprints, facial recognition, or Iris scans for the purpose of identification. This type of data is currently being used by many government agencies for identification, authentication, and security purposes. This type of data collection certainly arises in the context of companies who contract with the government to provide services or process this type of data. Legal requirements and regulations in the area of the collection, storage, and use of biometric data are rapidly developing and must be followed.
While biometric data is rapidly being employed across several industries including finance, health care, hospitality, retail, gaming, and the focus of this article, government. Currently, we see biometric data being used for passport identification, voter registration, border control, and defense systems and operations. Some of the potential negative consequences of biometric data are related to privacy concerns. Biometric data reveal very personal information about individuals and there is potential for its data to be misused. Biometric data is especially sensitive and subject to the risk of data breach. There could be disastrous consequences if a bad actor were able to infiltrate and access biometric data which could have disastrous consequences for the affected individual.
Additionally, the current technology is imperfect and may result in a false positive or false negative that can lead to an incorrect action being taken which may lead to disastrous consequences for an individual or company. There are also concerns that the collection of biometric data can lead to unintended discrimination by being used disproportionately against certain groups. Lastly, biometric data can result in the stigmatization of certain groups of people especially if the holder of the data uses it punitively for example if an employer uses biometric data to track attendance or monitor workers those who have a higher rate of absence may be viewed as an “unproductive” employee.
When we consider the relationship between the government, or a government agency, and a contractor there must be expressed authorization by the government agency to collect and store this type of biometric data. A contractor must follow all terms and conditions set forth in the contract and adhere to all applicable laws and regulations. The most notable laws are the Privacy Act of 1974 and the Biometric Information Privacy Act. While there is no specific federal-level statute called the Biometric Data Privacy Act, there are several state laws, with the most notable in the State of Illinois, the Biometric Information Privacy Act (BIPA).
In general, the Biometric Information Privacy Act governs the collection, storage, and use of biometric data. It is required that companies obtain written consent from individuals before collecting their private biometric data. It also requires that companies provide a publicly available written policy that outlines their practices for handling such data. BIPA also includes provisions for individuals to sue companies that violate the law.
At the federal level, biometrics are regulated by the Department of Homeland Security who oversees the use of biometric data and security and border control. The National Institute of Standards and Technology, a division of the U.S. Department of Commerce, has published specific standards and guidelines for biometric data collection, storage, and authentication.
Government contractors are required to take security measures to ensure that biometric data remains confidential. This includes implementing physical and technical safeguards, such as encrypted data storage and secured data transmission, and it is also important to restrict access to the data limited to authorized personnel.
Government agencies are mandated to conduct appropriate oversight in monitoring the contractor’s handling of biometric data to ensure compliance with the applicable laws, regulations, and terms of the contract. Where a contractor is collecting, processing, or storing biometric data on behalf of a government agency strict requirements and regulations must be followed.
The future use of biometric data is wide-ranging. It is expected that this type of data will be used for authentication, access control, identification, and monitoring. A future where there is no need for PINS or passwords, reducing incidents of identity theft and fraud. Biometric data may be used in the healthcare sector to improve care by monitoring patients and tracking vital signs based on personal treatment plans. It will be a valuable tool for law enforcement in the investigation and identification of criminal suspects. This data will be used for advertising purposes as companies will be able to track consumer behavior and promote products based on an individual’s preferences. It will be important to recognize and protect the privacy and security of biometric data and balance the regulations with the protection of the individual’s rights.
[View source.]
