Biometrics is a promising and reliable way to identify a person. There is no need to present unnecessary documents or cards – the personal presence of the person himself is enough. Biometric systems are built into phones and are beginning to be used in banks. However, there are risks because the leakage of biometric data will give attackers full access to operations on behalf of the victim. Therefore, the storage of this information is subject to particularly stringent requirements. In the article, we will analyze the legislative framework relating to biometrics.
The primary law regulating the storage and processing of personal data, No. 152-FZ, appeared in 2006. Since then, it has been significantly supplemented ( Last edition of 07/02/2021 ). Thus, Article 11 of this law stated that biometrics is information that characterizes the physical (subsequently, an addition appeared: “and biological”) features of the subject, which make it possible to establish his identity.
Further, a clarification appeared that operators could process biometric data only with the written consent of a person. Although there is an exception, permission will not be required if the person is a terrorist.
It was agreed that biometrics should be protected from:
Further, there was a standardization at the world level. She touched on fingerprinting, DNA data, as well as facial imaging. In 2008, a resolution appeared on the approval of requirements for physical carriers of biometric PD and technologies for their storage outside information systems.
Voice data and images of citizens’ faces can be used to identify them. State bodies and banks have the right to collect and process biometric data.
Thanks to this, a person who once visited, for example, a bank branch and registered his biometric samples (face and voice) in the future can be identified by them without presenting additional documents.
The collected data will be stored for up to 50 years, but it can only be used to identify a person for the first three years. After the expiration of the storage period, they will be updated.
The data collection is carried out in the personal presence of the subject, and they will be stored in a single PD information system.
The storage of biometric data should minimize:
To avoid this, you must:
F fines and other penalties are provided for non-compliance with the rules for working with PD.
Organizations involved in the collection, processing, and storage of biometric data are subject to the following requirements:
Many more requirements are complex for companies to implement on their own. However, you can use the services of providers offering a secure cloud that complies with FZ-152.
Also Read: All About Data Engineers And Tools They Use
Unlock Audio Effortlessly With The Best YouTube Audio Ripper Tools Description: Discover how to use…
If you enjoy Dungeons & Dragons (D&D), you have come across many tools to improve…
The existence of several accounts in miscellaneous social networks allowed me to understand that one…
Introduction Access to new technologies and artificial intelligence has become vital in today's digital era.…
Google Chrome is the most used browser today due to its speed, reliability, and versatility…
Staying relevant in the dynamic digital environment is impossible. Besides influencers, small business owners, and…