The Digital Governance Standards Institute (DGSI) has urged stakeholders to participate in its maintenance review of “CAN/DGSI 120:2024 – Use of Biometrics for Authentication,” a national standard providing guidance for the responsible and secure use of biometric technologies.
According to the DGSI’s news release, the standard highlights the following:
- clear and accessible biometric data disclosures
- voluntary and informed individual consent
- strong privacy and security safeguards
- proportional and minimal data collection
- transparent compliance and audit practices
The national standard offers guidance on biometric authentication. The standard also lists the requirements for remote identity verification using biometrics and the collection, use, disclosure, and protection of biometric data.
Recent Articles
The standard identifies different attack types on remote biometric systems, discusses how they can subvert the biometric verification process, and provides possible methods for detecting, invalidating, or mitigating the attacks to safeguard customers and organizations.
The national standard seeks to maintain digital trust across sectors and ensure the implementation of biometric tools – including facial recognition and fingerprint scanning – is transparent, accountable, and privacy-conscious as everyday services continue to incorporate these tools.
DGSI’s Technical Committee 15 on Biometrics developed the standard, which a balloting group then approved. The standard was originally published in March last year. The committee consists of more than 20 regulators, industry and thought leaders, and experts in device and system cybersecurity.
The 90-day maintenance review process aims to ensure that the standard reflects the latest technologies, challenges, and public expectations and is accurate, relevant, and effective in addressing users’ needs and protecting individual rights.
In the DGSI’s news release, the institute invited not only stakeholders but also members of the public to read the standard and share their insights. The maintenance review period lasts until July 14.
Pros and cons
The standard said biometrics are both simple and beneficial. Specifically, biometrics are the most inclusive and accessible security method, subject to proper implementation. Biometrics do not require memorizing a password or carrying a device or access token.
However, the standard stressed that biometrics can also enable the surveillance and control of citizens and fraudulent and corrupt measures while being invisible to most people. The standard said the laws and regulations seeking to protect against the misuse of biometrics need to catch up with the advancement of biometric technologies.