Answer

Biometrics Use in the Public and Private Sector

            The use of biometrics in the public sector dates back to at least a century ago with the adoption of fingerprinting in law enforcement (Walker, 2014). Back then, law enforcement officers could only store information in cabinets and repositories, but due to recent technological advancements, the police are now able to use biometric systems in smartphones to identify a suspect (Walker, 2014). Today, even buildings are fitted with fingerprint biometrics as this technology now permeates multiple public services such as voter registration, border control, and national identification documents. The role played by biometrics in the public sector is critical but it is impossible to overlook the fact that the use of biometrics in the private sector has become just as widespread. This widespread use of biometrics is seemingly driven by the increasing need for reliable security in both public and private sectors, especially when it comes to financial transactions and personal property. The goal of this paper is thus to describe one way that biometrics is currently being used in the private sector and some of the best practices that should be in place to ensure that the biometric data is properly collected, used, and stored rom the angle of the angle of the eight Organization for Economic Cooperation and Development (OECD) Privacy Guidelines.

            The uses of biometrics in the private sector are limitless. Still, the use of biometrics by businesses to protect sensitive data stands out. Businesses in the 21^st century are constantly facing threats of phishing attacks, hence the need for robust authentication systems which biometrics offer. Biometrics has made it possible for businesses to reduce the risk of data breaches, especially where sensitive data is concerned (Walker, 2014). A majority of today’s businesses use fingerprint biometrics in their clock-in systems as well as their point-of-sale machines. Financial institutions such as banks also largely use biometrics to identify users and protect client data. Biometrics is essentially a key part of identification in the modern era.

            Since biometrics have permeated nearly all aspects of our lives today, it is crucial that biometric data be collected, used and stored properly. The use of biometrics is as convenient as it is accurate, but it does come with challenges. Biometrics have access to a lot of sensitive personal data and it is, therefore, important that both public and private organizations guarantee the safety of this data. The goal is to assure people that they can trust these systems with their personal data. As such, there are several best practices that organizations (both public and private) must adhere to when implementing biometrics for identification and security purposes (Fischer-Hbner & Berthold, 2017). These best practices are outlined in the eight Organization for Economic Cooperation and Development (OECD) Privacy Guidelines.

            The first best practice is the Collection Limitation Principle which simply means that organizations can only collect a certain type of data. There is a limit to the access that organizations should have when it comes to biometric information, for instance, banks typically do not ask clients for their pins and passwords. Furthermore, any data obtained through biometric means must be legal (Fischer-Hbner & Berthold, 2017). The person whose data is being collected should be aware that this data is being collected and the data should not be collected without his/her consent.

            Secondly, organizations must adhere to the Data Quality Principle (Gupta, 2017). This principle states that you can only collect data that is relevant to the purpose for which it is intended. Furthermore, the data collected must actually be necessary to the fulfilment of that purpose. The data must be accurate as well as updated.

            The third best practice is tied to the Purpose Specification Principle. The purpose for which personal data is collected must be clear before the data itself is collected and/or used (Fischer-Hbner & Berthold, 2017). Also, the data must only be used for the pre-specified purposes and nothing else. If there is any change of purpose then this too must be specified and the data must be relevant to the changed purposes.

            Fourth is the Use Limitation Principle which prohibits the disclosure of personal information for purposes other than those for which it was originally intended unless it is allowed by the law or the subject’s consent (Greanleaf, 2019). For example, data collected for purposes of verification at a bank can only be used for that purpose unless the law requires the holder of the data to make this data available for a different purpose or the data subject consents to it.

            The fifth best practice is related to the Security Safeguards Principle. It is important to put robust security safeguards in place to mitigate against the loss of sensitive data as well as its destruction and unauthorized access.

            The sixth best practice is openness. Development of policies and practices relating to personal data must be handled openly. There should also be structures in place to determine the nature, purpose and identity of personal data.

            The seventh best practice is Individual Participation Principle which outlines the rights of every individual (Greanleaf, 2019). These rights may include the right to challenge the data collected and have it erased or amended, the right to clear and timely communication about his/her data and the right to clear reasons about any request denied.

            The eight and last best practice is the Accountability Principle which states that the “data controller should be accountable for complying with measures which give effect to the other 7 principles” (Gupta, 2017).