Biometrics are Subject to Privacy Protection

October 24, 2022

Privacy is one of those topics that causes senior leadership to glaze over and lose focus. And yet, the stakes for not treating personal data correctly could not be higher. In case the definition of what comprises personal information isn’t dizzying enough, enter biometrics. Your fingerprints, iris, palm prints and facial characteristics are all biometrics and a part of your personal data.

Illinois’s Biometric Information Privacy Act has led to some harsh lessons on the importance of the proper collection and handling of fingerprints and other biometric data. When a jury awarded $228 million from railroad giant BNSF Railway Co. to truck drivers whose fingerprints were scanned without proper consent, it highlighted how important it is for organizations to align how they are capturing biometric capture with their privacy compliance programs.

Processes like security access control system intended to restrict access to secure facilities or using facial recognition to unlock an app on a smartphone are no different than collecting someone’s social security number when it comes to the need to obtain consent, provide notice and properly secure and store biometric information. It starts with an organization’s training and raising awareness on the importance of data privacy and the potentially devastating consequences of privacy violations.

Like many categories of compliance, it is important to have a clear understanding of the risks that are nuanced to the organization in order to mitigate those risks, In data privacy, its about what personal data is being collected, from whom, why it is being collected, what rights to these individuals have and what steps the organization is taking to secure it.

Once that information has been gathered and examined in detail, it can then be assimilated into the privacy compliance program. Like most categories of compliance, communication and training is central to the goal of the program taking root and influencing organizational behavior. Many compliance programs give short shrift to training and communications on privacy compliance. In order for a compliance program to be effective, it’s key messages need to be communicated clearly, through a variety of communication channels and frequently in order for those messages to have any positive impact on behaviors.

Read Also

From Systemically Corrupt to Above Reproach: Examining Siemens’ Remarkable Turnaround

When the settlement of the Siemen case was announced in 2008, law enforcement didn’t pull any punches. Matthew W. Friedrich, the acting chief of the Justice Department’s criminal division, called corruption at Siemens “systematic and widespread.” Linda C. Thomsen, the S.E.C.’s enforcement director, said it was “egregious and brazen.” Joseph Persichini Jr., the Assistant Director […]

Corporate Gift-Giving and Avoiding Incarceration

Many holidays and celebrations involve the exchange of gifts. Gift-giving traditions are an equally important part of the business landscape across the world. Unfortunately, the solicitation and payment of bribes is also a tradition that goes back for centuries. That is what makes gift-giving traditions and practices fraught with risk. Gifts are “something of value” […]

Investigating the Investigators

In the forensic accounting world, there’s a little-known area commonly referred to as “shadow investigations”. A shadow investigation is when accounting firms oversee internal investigations being performed by outside counsel and their forensic investigations counterparts. The primary objective is to ensure that the investigative scope is likely to provide sufficient information for the audit partner […]

Biometrics are Subject to Privacy Protection

Read Also

From Systemically Corrupt to Above Reproach: Examining Siemens’ Remarkable Turnaround

Corporate Gift-Giving and Avoiding Incarceration

Investigating the Investigators

Leave a comment Cancel reply

Contact