Fingerprint and retina scanner identification. Technology once considered futuristic concepts have become a reality, evolving quickly to become common identity authentication methods.
More industries are migrating to these advanced technologies to increase security, speed, and resistance to cyber breaches. While the benefits of using biometric authentication are notable, these advances in security also present risk to users and companies. Let's take a look at the benefits and risks of collecting and using biometric data.
Benefits of using Biometric Authentication
1. Higher Security: Much harder for hackers to breach than knowledge based authentication such as passwords with security questions. 2. Enhances User Experience: More efficient and instantaneous. 3. Non-transferrable: Passwords can be shared, fingerprints and iris scanning are more challenging to replicate.
Risks of using Biometric Authentication
1. Privacy and Security: There is a fine line between enabling quick and secure access and intruding on individuals' privacy. It is recommended that users be provided with the opportunity to opt out and companies secure consent before biometric data is collected or used 2. Misuse of Data: Unlike changing a compromised password, once biometric data is compromised there is no way to undo the damage. 3. False Negatives: Disruption may result when a biometric system fails to recognize an authentic individual and access is blocked.
Privacy regulation is on the rise, biometric information is now regulated under several state privacy laws. Increased regulation leads to the higher chance of a lawsuit that could result in a sizeable judgement. Most recently, it took a jury only one hour to find defendant BNSF Railway Company liable for reckless and intentional violation of the state of Illinois privacy law. The violation, requiring employees to scan their fingerprints to gain access to the BNSF premises without first securing the BIPA (Biometric Information Privacy Act) required written release, resulted in a $228M civil judgement ($5,000 statutory damage per violation to each of the estimated 45,600 violations.) In 2021, Walmart was hit with a $10M settlement following a BIPA class-action suit involving 21,677 employees who used a palm scanner when handling cash register drawers without being asked for consent. These judgements send a clear message to businesses that collect or use biometric information about the importance of biometric compliance policies and procedures.
Strategies to Protect Users and Biometric Data
1. Require multi-factor authentication. 2. Use software that automatically encrypts stored data. 3. Implement notice, consent, and security protocols when collecting and using biometric data to avoid expensive lawsuits. 4. For users, only share data that you are comfortable being made public. Read the terms and conditions and privacy policies of the businesses you share this data with, making sure their practices are secure before sharing any information.
Biometrics are not immune to attack and theft, but be aware of the risks and evaluate your data collection practices. Get explicit consent from employees to decrease potential legal exposure. Put safeguards in place to protect the data you are collecting. Biometric data law violations are costly, don't compromise your reputation or bottom line.
The Koppinger & Associates team can help in developing biometric compliance strategies.
Working together, we'll find the best solution, removing the worry allowing you to focus on what matters most, running and growing your business.