On 17 January 2024, Biometric Update hosted a webinar discussing some basic questions regarding biometrics solutions in organizations. The conversations ranged from finding the correct solution for a given problem to the importance of policy creation in solutions.
Here are a few stand-out moments from the webinar:
Ask yourself why you are using biometrics. Is it necessary? Biometric data collection, handling, and storage are no easy tasks. Before implementing a biometric solution, one must do exhaustive research to decide whether biometrics is the best solution for your given use case. TLDR: Biometrics is difficult. Don’t go through the headache of using it unless you 100% have to.
Compliance does not equal security or best practices: It is important to reconcile the minimum legal requirements with best practices regarding biometric solutions. An organization may implement controls that supersede legal requirements to ensure their solution falls within a tolerable risk category. TLDR: See the law as a minimum requirement. If you can do better, do better.
Due diligence is key: The FTC has been taking a much more active role in auditing biometric solution due diligence documentation. Organizations must ensure that proper actions and documentation occur before, during, and after biometric Solutions are set in place.
Policy is important: Organizations must budget for creating policies surrounding biometric solutions. If all resources are directed to the technology behind the solutions and policy is neglected, there will be an increased likelihood of litigation over time. The flow of biometric solutions design should follow this graphic created by the Biometrics Institute.