Behavioral Biometric Data Meets Data Privacy Compliance

Experience shows that passwords are easily compromised. The search for a better authentication method is ongoing, but for the time being, biometrics seem to be a secure and logical login option. In theory, no one should be able to reproduce an individual’s retina or fingerprint. Nevertheless, biometric methods can be hacked, and attention is increasingly turning to behavioral biometrics. The idea behind behavioral biometrics is that, for example, no two people will put their finger on the device in exactly the same manner, or type alike, etc. According to a well-known security blog, “Using just the sensors in your phone, hundreds or even thousands of patterns can be used to continuously authenticate a person.” It sounds foolproof, but the problem for companies is that data privacy regulation is increasing, and no data is more personal than biometrics. It should be considered as sensitive personally identifiable data. The consequences of poor implementation of biometric data storage could end up being as costly as any other type of data breach, especially with respect to protocols like the GDPR, or the California Data Privacy Act.