As computing power and technology have improved, a new way to identify individuals by their innate physical, or “biometric,” information has entered the market and appears on the cusp of becoming more widely adopted. A core question is: what biometric information needs to be protected?
Companies seeking to employ biometrics to expand product offerings or increase data security or authentication might be surprised at the restrictions that apply in the different jurisdictions where they operate. Here we review existing restrictions in the United States, Europe, Canada, and Asia to provide a sense of potential pitfalls presented by use of biometrics in the global marketplace.
Any organization that is engaged in or considering the collection or use of biometric information, particularly for identification purposes, should:
- Assess whether that information could be considered biometric;
- Consider which laws may be applicable (some may have a broader reach than they appear to have);
- Determine whether any privacy laws of general applicability or specific to biometric information may be applicable; and
- Monitor developments in this area as the laws related to it are expanding.