Navigating Biometric Data Security Risks in the Digital Age
COMMENTARY
Although it wasn’t called biometrics at the time, a rudimentary form of the technology emerged in 1901 when Scotland Yard adopted fingerprint classification to identify criminal suspects. Biometrics has come a long way in the more than 120 years since then.
Public and private sector organizations now use it to identify and authenticate individuals to grant access to computer systems, such as laptops and tablets, and enterprise applications such as human resources or customer relationship management systems. Apple adopted biometrics to unlock the iPhone in 2013, and today face ID is a common feature on mobile phones. The Mastercard Biometric Card combines chip technology with fingerprints to verify the cardholder’s identity for in-store purchases. Healthcare organizations also use biometrics to verify individuals to determine access to medical care. This is particularly useful if the patient can’t produce other forms of identification.
With biometric devices part of the growing body of data-bearing devices deployed across multiple sectors, including government agencies and the military, organizations looking to use this technology must make sure their data security solutions protect what may be a new goldmine for hackers.
DoD Details Biometrics Data Risks
The US government is now fully aware of the potential danger of biometrics data breaches: The Inspector General (IG) of the US Department of Defense (DoD) released a report in November 2023 revealing significant gaps in security and management of biometric data within the DoD. These gaps may pose risks to personnel and potentially threaten clandestine operations. According to the IG’s report, the DoD’s use of biometric data has been extensive, particularly in areas of conflict where accurately identifying individuals is critical for security operations. The report found many of the DoD’s biometric collection devices lacked data encryption capabilities and a clear policy for destroying or sanitizing biometric data.
While commercial enterprises don’t face the same challenges as the DoD, the threat of biometrics data breaches to business operations are also a serious concern. Some of the top threats to private sector…
