Privacy Impact Assessment Summary: Use of biometrics on Smartphones

Privacy Impact Assessment Summary: Use of biometrics on Smartphones

New Smartphones are being distributed at the Office of the Auditor General and this is introducing the possibility to use biometrics as a method of authentication, more specifically, fingerprints.  The use of fingerprints to ‘auto-complete’ the complex password is deemed more secure and more efficient when using a mobile device. Although more secure, it is not mandatory to use the fingerprint scanner in lieu of typing a complex password; both are acceptable.

Biometrics authentication and verification can be one of the most secure ways to control access to restricted systems and information. Unlike authentication based on traditional passwords, authentication using biometric data, which is unique to an individual, is easier to use in practice. However, as a result of its uniqueness and how intrinsic it is to a specific individual, biometric data is particularly sensitive.

As such, additional effort must be made to ensure that the data is secure. It remains the employee’s choice whether or not they enable the feature, and they are informed of how they may disable or delete the data on the device.