Sponsored by the National Institute of Justice (NIJ), U.S. Department of Justice (DOJ); the U.S. Department of Homeland Security (DHS); and the Federal Bureau of Investigation, the Biometrics Catalog is a free-to-use database of public information about biometric technologies. It includes an Introduction to Biometrics and a subsection entirely focused on Biometrics Privacy documents and impact assessments.
Biometrics are neither a protector nor an enemy of privacy; instead, the type of deployment determines the relation between biometrics and privacy. The BioPrivacy Application Impact Frameworkis a valuable tool in determining the potential privacy impact of a biometric deployment. Assessing a biometric deployment through the BioPrivacy Impact Framework illustrates the areas where greater risks are involved, such that appropriate precautions and protections can be enabled.
Just as each type of biometric deployment can have a different impact on privacy, each biometric technology bears a different relation to privacy. Some technologies have almost no privacy impact and could scarcely be used in any privacy-invasive fashion. Other technologies are much more likely to be associated with privacy-invasive usage, either because of their core operation or their extrinsic factors. The BioPrivacy Technology Risk Ratings assess the privacy risks of leading biometric technologies in four key areas: Verification/Identification, Overt/Covert, Behavioral/Physiological, and Availability of Searchable Databases. Technologies are rated low, medium, and high in each of these categories.
This awareness primer is intended for administrators and policymakers who have the responsibility for overseeing the use of biometric technology. These individuals may be unaware of the major privacy and information quality issues that can arise at different points in the collection and use of information derived from biometric tools or how best to implement policies and procedures to avoid such risks. A highlight of this primer is the inclusion of two useful quick-reference charts (or frameworks)—one for privacy and one for information quality. These charts are designed to allow an agency considering biometric procedures to quickly gauge whether there is or will be a privacy or information quality risk and to determine where that risk falls within a spectrum—low to high—not just at the point of collection but throughout the entire agency biometric process. Additionally, the primer makes the case for privacy and information quality policies and procedures in the collection, sharing, and storage of biometrics; provides a synopsis of biometric technologies and their use in the justice system; summarizes biometric privacy and information quality issues; includes illustrative scenarios of biometric use; and contains guidance and a listing of resources for addressing these complex issues.
The Privacy Technology Implementation Guide (PTIG) offers assistance to technology managers and developers in understanding privacy protections as they design, build, and deploy operational systems. Offered pursuant to the DHS Chief Privacy Officer’s responsibilities under Section 222 (1) of the Homeland Security Act of 2002, as amended, to ensure that the use of technologies sustains privacy protections related to the use, collection, and disclosure of personally identifiable information. Page 9 includes a partial list of privacy-sensitive technologies, such as biometrics.