Biometric data – obviously not in just the movies anymore. It is alive, well, and increasingly being used in our everyday society. But, on September 23, 2015, when the Office of Personnel Management revealed that fingerprint data of nearly six million individuals had been compromised in a cyber-security attack, fear came home to roost. Let’s address the journalistic questions:

Who: Who is asking for your biometric data? Everyone! You must ask whether you feel comfortable providing this data just because it’s being requested. There is no need to list the voluminous examples of data hacking because it is in every form of media.

What: What information is involved? It is your most precious identifiable information whether it be your eyes, thumbprints, faces, voices, or palm prints. As people have pointed out, it is easy to change the numbers, symbols, and letters in a password, but it is fundamentally impossible to replace your individual distinct body parts.

Besides the government, private industry has been asking for biometric information as well. Hospitals want palm scans so they may identify a patient upon every visit. Banks want thumb prints, and other industries are working with facial and vocal recognition, and retina scanning.

Where: Everyone in today’s society faces these issues. What is the proper response? Do you object? Do you hesitate? Do you even know for what the information is utilized?

When: It’s happening now. On September 28, 2015, Massachusetts General Hospital proposed to pay $2.3 million for failing to report drug diversions to the Drug Enforcement Agency (DEA). The diversion of close to 16,000 pills was primarily caused by thefts from automated dispensing machines. The hospital’s response, in addition to forming an internal drug liaison team, included requiring finger print identification for access to the automated medication dispensing machines. Will such biometric data accumulation become a standard part of employment requirements?

Why: One can question whether all future security for an individual may be suspect because the biometric data is on a database somewhere that has been hacked. Is there any assurance that that person is truly “secure” going forward? Can employers discriminate against “hacked” biometric data victims? What greater breach than your personally identified finger prints and eye scans? Apparently, only a handful of states explicitly include biometric data in their definitions of personally identifiable information and data breach notification laws. Is that enough knowing what we know?

How: How do we protect ourselves? In this ever changing hacking world security experts recommend multiple levels of security, and particularly when the personally identifiable information is at issue, and question whether, and to what extent, the personally identifiable information should be utilized knowing the vulnerabilities of all systems.

So, the next time someone states “what beautiful eyes you have . . .” think twice as to whether you want them scanned or not.

For any questions on this blog, please contact the author.