SEOUL, Dec. 13 (Korea Bizwire) – New standards to ensure the security of biometric data are set to be introduced by the government in the near future.
The set of rules will require fingerprint and facial recognition data among others to be deleted after use, and for all biometric data to be encrypted when being transmitted and stored.
The Korea Communications Commission and the Korea Internet and Security Agency announced on December 12 that the two organizations were in the process of drafting the document.
The guidelines will explicitly define in legal terms what biometric data is and the protections an individual is guaranteed under the law in regard to his or her biometric information.
Unlike PINs and passwords, leaked biometric data represents a far more complex problem, since one’s irises or fingerprints are nowhere nearly as modifiable as an email account passcode. In addition, along with physical measurements, data leaks may carry other sensitive details that convey one’s gender, race or medical background.
The six core principles of the standards are: proportionality; transparency; limited personal data collection and usage; (collection and usage of data) for specified purposes only; guaranteed ownership and control of personal data to the individual; and development and operation of systems centered on biometric data security.
The guidelines will apply not only to the operators of ICT systems, but to entities through whose systems biometric data may pass through. This includes smartphones and other “smart” device manufacturers, app developers and businesses that receive biometric data.
The finalized document will include in detail the steps entities should take to encrypt, transmit, and delete biometric data.
Lina Jang (email@example.com)