From: The Next Web
***
Protect yourself: Current regulations such as Sarbanes-Oxley (SOX), the Health Insurance Portability and Accountability Act (HIPAA) and Gramm-Leach-Bliley Act (GLBA -General Data Protection Regulation) and, last but not least, PSD2 (payment service directive) require security and access controls for customer and employee data – but not necessarily for authentication credentials.
There are three criteria for securing biometric data. First, it should be gathered on a secure device that only passes data to your system, without storing it. Second, like any other authentication credentials, it should be transmitted with encryption and never in clear or plain text. Third, it should be stored and encrypted in a secure directory service, such as AD or LDAP.
Leave a Reply