The Privacy Problem & BiometricsVeridium Author | November 21, 2017
You can use your thumb to check banking statements, unlock cars, and pay for purchases.
Obviously, you own your thumb. But do you own your thumbprint?
Thanks to the lack of clear legislation around biometrics and privacy, that’s currently up for debate. Recently, consumers and employees have been trying to settle the question in court, stating that companies need to clarify how their biometric data is being used. Some companies haven’t been great about doing that.
This can lead consumers to believe that biometrics and privacy can’t coexist together, but they can. It’ll take vigilance from both users and companies to guarantee that everyone benefits from this powerful technology.
We’ve turned to biometric technology to make many tasks more efficient. For example, there’s the biometric information we submit to pay for items and to log into online accounts. But businesses are also using this technology with greater frequency. More companies are starting to use fingerprint scanners so that employees can punch in and out of work or access sensitive information.
When they entrust organizations with their biometric data, it’s natural for people to be afraid of organizations misusing it. This could happen if a company has some unscrupulous actors or if the company’s data isn’t protected well enough. Moreover, it’s difficult to get a sense of where exactly that data is going or where it’s being stored.
Again, this doesn’t mean that biometrics and privacy are incompatible. It means that everyone has to pay attention to how biometric data is stored. When we entrust an entity with our biometric data, storing biometric data properly is of the utmost importance.
The State of the Union
Legislation regarding the digital sphere is fragmented at best, and laws regarding biometrics are no exception. Predictably, there isn’t a federal law on biometrics in the US. However, there are certain laws at the state level that offer guidance regarding biometrics.
Illinois has some of the most robust laws regarding the management of biometric information. The state operates under the Biometric Information Privacy Act (BIPA). This law keeps companies from collecting consumers’ biometric data without their consent. Most importantly, BIPA doesn’t allow companies to sell that data and stipulates that companies must destroy it by a certain point. Each violation could net consumers up to $5,000 from the offending company.
That being said, Illinois is an outlier. Although there are a smattering of laws across states that provide guidance on certain instances where organizations use biometrics, there isn’t a clear roadmap for the country.
The Login You Can’t Lose
Having guidelines on storing biometrics is important, specifically because one of biometrics’ unique strengths is also one of its pitfalls. Proponents of biometrics tout the fact that biometrics are immutable and determine without a shadow of a doubt that you are who you say you are.
That’s a real problem if your biometric data gets stolen, or even sold. If the data is sold to a company with sloppy security practices, the data is in danger of being stolen and co-opted for nefarious purposes. And then, of course, you can’t change your fingerprints (or at least not really).
That being said, if companies store data responsibly, people can comfortably use biometrics and we can all enjoy the benefits. End-to-end encryption can keep the data safe, and if companies take cybersecurity seriously (and don’t sell your data to entities that don’t), we have a shot at using this technology with minimal risk. Biometrics can make all of our lives better, but only if we take the privacy as seriously as we take technological progress.