Biometric data: How Congress wants to prevent companies from selling personal info

How much do you know about what happens to your biometric data – like your fingerprint or your facial scan – when you use it online? Experts say the laws governing what happens to that information needs to be improved now.

Download the FOX 5 DC News App for Local Breaking News and Weather

Although we change passwords constantly, our fingerprint and facial scans stay the same, and they are the most personal biometric data we share every day.

Data security experts warned Wednesday that the rules governing what companies can and can't do with your biometric data are a patchwork that depends on the honesty of who is collecting that data.

Many FOX 5 viewers say it's a growing concern.

"At a certain point I know that the world is evolving, and it’s becoming more tech-based, and I’m assuming the tech companies aren’t going to sell that," said one viewer.

Congress is considering the America Competes Act, aimed at "future-proofing" biometric data. However, Peter Shankman of BluShark Digital says the government may already be late to the biometric data party.

"You have to ask yourself: ‘Who is the company in charge of this?'" says Shankman. "And, more importantly, ‘Are they following proper security? Are they following good security hygiene? Are your fingerprints, your iris prints safe?’"

What happens to biometric data is also a big concern for experts testifying before Congress on Wednesday who warned if lawmakers don't tighten the rules on how long and how secure biometric data is stored, new technologies are coming online that could exploit vulnerabilities and use the data in ways it was never intended to be used.

"There’s certainly a number of risks associated," says Candice Wright from the Government Accountability Office. "There’s certainly the issue of data security. Are the systems being used secure?"

"An anonymous face image can be linked to one or more face images in a curated data-set, potentially the identity of the anonymous face," says Dr. Arun Ross from Michigan State University.


Federal officials also warned on Wednesday that 13 out of 14 government agencies they surveyed did not have information on the use of biometrics, how long that data is held or even what kind of information employees were collecting.