Biometrics: Turning Science Fiction into Reality in Private Industry

By Christina Ferrari

IN BRIEF

The use of biometrics as a tool for achieving stronger security or improved customer experience is becoming increasingly common. Before your business integrates biometric technologies into its platforms and processes, it is important to understand the risks that they pose to customers’ personal privacy and the legal ramifications of using such technologies.

Biometric technologies are becoming commonplace and can be useful tools to incorporate into your business model, so long as you are educated about the challenges and risk that these technologies pose.

What are biometrics?

Biometrics are no longer gadgets that you just see in science fiction as tools “of the future.” The future is now and you probably encounter biometrics several times a day, as you login to your phone, do online banking, pay for a cup of coffee, enter your workplace, or even turn on your car. Biometric technologies are used to verify a person’s identity at a high rate of speed by examining a person’s physical characteristics, such as their eyes, fingerprints, or voice.

While biometrics have been used for decades by the public sector, such as by monitoring individuals’ activities to detect suspicious acts or by retrospectively identifying perpetrators of crime, private industries are adopting biometric technologies to provide increased security, by replacing traditional passwords, and to enhance consumer experiences and transactions. Today, biometrics are being used in consumer banking, healthcare, hospitality, transportation, and by various mobile applications. Private employers are also integrating biometrics into the workplace to monitor employee activity and to safeguard employment information.

Examples of types of biometrics technologies that are in use today in the private sector include:

• Fingerprint ID technology
• Facial feature recognition software
• Voice analysis
• Medical measurements, such as glucose levels or heart rhythms

What are the legal ramifications of collecting and using biometrics?

As biometric technologies become more commonplace, concerns arise as to how individuals’ personal data will be stored, used, and protected. Before adopting and using biometric technology, several questions must be considered:

• Can an individual be compelled to provide biometric information?
• How and where is biometric data stored? Can individuals remove themselves from a database?
• How do entities protect against false non-matches and ensure that an individual’s access is granted appropriately and efficiently?
• Who “owns” biometric data, the individual from which it comes or the entities that collect it?
• If an individual’s biometric data is improperly used or stolen, who is legally responsible and how can be breach be resolved?
• Is biometric data admissible in litigation as evidence? What are the standards and limitations to this?

These are complicated questions and it is important to develop policies and best practices for using biometric technologies in advance, so as to minimize any risk of privacy and data security issues.

Presently, the body of law and policy regarding the use of biometrics is developing. No federal laws directly apply to biometric technologies, although some federal agencies, such as the Federal Trade Commission, may have enforcement authority broad enough to encompass the use of biometric data. Only a few states have enacted, or are in the process of enacting, legislation to address biometric technologies. In the New England region, New Hampshire, ME, and Vermont have enacted statutes that govern the collection and use of biometric data. However, Massachusetts, Connecticut, and Rhode Island have included biometric data in their statutory definitions of personal information. Class actions regarding the alleged improper use of biometric data have already been brought and are currently in process in courts around the country. Due to this evolving and uncertain legal landscape, it is crucial that entities using biometrics are well-versed in all aspects, including the prediction of future litigation.

What’s Next

If you are contemplating the use of biometric technologies in your business, or if you are already using biometrics, please contact me to be sure that you are implementing biometric technologies in a proper way that benefits all involved, minimizes risk, understand the benefits and challenges of biometrics and to navigate the legal and regulatory landscape. Contact Christina Ferrari at cferrari@bernsteinshur.com or 603 623-8827.