But your HR and IT departments may have overlooked that fact since biometrics data doesn't look, act or feel like
other personal information. Before allowing user access to a system, the various elements captured by a biometrics system -- fingerprints, voice prints, iris patterns or facial features -- all have to be converted to digital data that can be read by authentication hardware and software. Such digital data is often stored in directories like Active Directory, holding authentication profiles of users that are invisible and inaccessible to HR and IT staff.
Biometrics aren't foolproof though. If the digital data representing a biometric profile is stolen, or sniffed off an insecure network, it can sometimes be copied and reused, similar to how a stolen user ID and password is used. Malicious hackers can then gain access to the system.
On the other hand, biometric data is considered an authentication credential, like a user ID and password, and may not legally be considered personal information equivalent to a Social Security number or account number. You may want to consult your legal or compliance departments to get a precise read on pertinent legislation, like the Sarbanes-Oxley Act (SOX) or the Gramm-Leach-Bliley Act (GLBA), that affects employee records.
Dig deeper on Biometric Technology
Related Q&A from Joel Dubin, past SearchSecurity.com expert
The security of RFID chips and smart cards may not be fully mature, but there are best practices to keep facilities safe. Identity and access ...continue reading
Picture passwords for mobile device security aren't a new idea, but they have been recently improved. Identity and access management expert Joel ...continue reading
Hacked smart cards are a large potential threat to enterprises that utilize them. Learn how to thwart smart card hackers.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.