Biometric Data Privacy
The policies, technical controls, and legal obligations governing the collection, storage, processing, sharing, and deletion of biometric data in compliance with applicable law.
In India, DPDPA 2023 classifies biometric data as sensitive personal data requiring explicit consent, purpose limitation, and secure handling.
Frequently Asked Questions about Biometric Data Privacy
What law governs biometric data privacy in India?
The Digital Personal Data Protection Act (DPDPA) 2023 classifies biometrics as sensitive personal data requiring explicit consent and purpose-limited processing.
Can employees request deletion of their biometric data?
Yes. Under DPDPA, individuals have the right to erasure. Organizations must have a documented process for template deletion upon employee request or offboarding.
What security measures are required?
AES-256 encryption at rest, TLS in transit, role-based access control, audit logging, and defined retention limits are standard requirements for compliant biometric data handling.
