HR Data Privacy in the New Age of Biometrics

Article main image
Nov 22, 2019

In July 2019, the U.S. public learned of the largest settlement to date in a data breach incident. Equifax, a credit reporting service, was ordered to pay up to $700 million in settlements to the Federal Trade Commission, the Consumer Financial Protection Bureau, 48 states, DC and Puerto Rico. The data breach, which occurred in 2017, resulted in personal information – including social security numbers and home addresses, among other sensitive data – of more than 145 million Americans (more than half the U.S. population).

Implementing human capital management solutions with integrated HR systems that store highly confidential, personally identifiable information has become common practice for organizations. Most already have a preemptive and proactive cybersecurity plan in place, which often includes maintaining their policies, training and IT precautions needed to keep data safe. But as technology advances are made, unfortunately so are the hacking techniques used to capitalize on highly valuable and sensitive employee and supply chain data.

Therefore, it’s imperative that HR professionals are constantly aware of the latest trends in sensitive HR data collection, the methods used by hackers to obtain information and the techniques organizations can employ to prevent those hacking attempts.

Security of biometric data

Whether an organization is considering implementing fingerprint or whole hand identification, retinal/optical scanning, or full facial recognition, biometric data is a new and promising frontier in identity assurance and location tracking – and devices that leverage this technology are readily available. However, just as skimmers are used at pay-at-the-pump gas stations to hack card details, most experts agree it is only a matter of time before users can find ways to defeat the latest biometric security innovations. What can be done to keep this from occurring?

IT experts recommend that biometric data should never be stored in any database in raw form – even if encrypted – but rather only in algorithmic conversions, a hash of numbers produced by a unique conversion equation. Additionally, this algorithmic conversion should have three distinct properties:

  • Non-invertibility — The algorithm must be robust enough to make it impossible or computationally very difficult to “reverse engineer” the original biometric input (facial features or fingerprint) from the resulting hash value. In other words, the interloper cannot convert the hash string back to its unique equivalent of fingerprint or facial characteristics without also knowing all the parameters of the conversion algorithm being used.
  • Revocability — Simply stated, this is the ability to replace one algorithm template with another without impacting previously calculated hash values. Best practice may dictate that the IT department or the developer of the software involved make frequent changes to the algorithm, along the same lines of reasoning by which we require employees to change their self-service passwords at regular intervals.
  • Acceptable performance — Since, in the case of clock-ins and clock-outs, the conversion operations occur with high frequency and throughout the day, the False Acceptance Rate and the False Rejection Rate of the biometric login using the hashed conversion values must not be greater than that of using the original biometric input as unhashed. Otherwise, an organization’s operations may be slowed to an unacceptable degree and frustration among employees attempting to clock in and clock out will rise.

Employers using biometric data have to also anticipate the potential sudden and unexpected impound of that same data by US governmental interests. This has the potential to impact worker and workplace privacy.

The case of US governmental seizure of data appears more theoretical than actual at this point. For the last two decades, the authority of the Foreign Intelligence Surveillance Act and the powers conferred on various enforcement agencies by the US Patriot Act in 2001 have combined to create the distinct likelihood that employee data may be seized by federal law enforcement agencies in the future.

In fact, some multinational employers have expressed such high concerns over US Patriot Act/FISA-based governmental activity, they are taking precautions to ensure that all, or certain portions, of their HCM database information is stored outside the jurisdiction of the United States. This move is also due to the conflict such actions could create with European privacy rights developed under the 2018 General Data Privacy Regulation.

Employers can protect themselves from the negative consequences of data theft and breaches by developing a best practice strategy through close consultation with HR, HRIS, IT professionals and legal. Policy characteristics such as these should become required elements of any employer’s approach to retention of personally identifiable biometric information. In fact, they should become the minimum acceptable criteria when acquiring new technology to incorporate into an organization’s human capital management infrastructure.