Biometrics: An Evolving Industry With Unique Risks

Biometrics: An Evolving Industry With Unique Risks

Biometrics can offer better safety and security, but there's also controversy and concerns with privacy.
Biometrics are widespread and expanding – in business, government and everyday life. People can unlock their smartphones with their faces. Banks recognize customers by the sound of their voice. Police identify suspects with automated fingerprinting.
These are just some of the common applications for biometrics.
Biometrics offer many benefits – from convenience and faster service, to better safety and security. But it's also an industry marked by controversy. There are many privacy concerns, and unanswered questions about how to address them.

What Is Biometric Technology?

Biometric technology automatically identifies people based on their unique biological characteristics, like:
  • Physical traits such as face, fingerprints, iris, retina and DNA
  • Behavioral traits, including voice, gait, mannerisms and signature
Most biometric systems work in a similar way. A sensor collects an individual's biometric information and then software translates it into a digital graph or code. Then, it compares it to other records within a database. A match can mean many things, including:
  • Verifying a person is who they claim to be
  • Revealing the identity of an unknown person
  • Singling out someone on a watch list
Because everyone is unique, their biometrics are difficult to fake or steal. This is different from traditional forms of identification, such as a:
  • Licencia de conducir
  • Passport
  • Contraseña
  • PIN
As a result, biometrics can be highly accurate. Along with its speed and ease of use, these benefits are fueling the growing biometrics trend.

How Are Biometrics Used?

Businesses and government agencies are increasingly using biometrics in a variety of applications.
Wherever security is essential, biometrics can play a part. These systems offer a reliable way to identify people quickly and efficiently in crowded places, such as:
  • High-security areas
  • Airports
  • Border crossings
In law enforcement, police can collect DNA and fingerprints at a crime scene. They can also use video surveillance to identify possible suspects in a crowd.
Many companies are also using these systems to replace passwords for computers, phones and restricted access rooms and buildings, such as those storing pharmaceuticals or sensitive equipment. So, instead of typing in a PIN or password, they can scan their face or fingerprint.
Retailers can use biometrics to:
  • Authenticate employees clocking in and out of work
  • Survey the premises for potential shoplifters
  • Deliver personalized shopping experiences to customers who opt into their program
In the era of COVID-19, facial recognition is being adopted globally as a way to track the virus' spread.

Poised for Growth

Biometric technology is rapidly evolving and will likely have a growing role in modern-day life. The need for tighter security in the fight against cybercrime drives this growth.
COVID-19 is also spurring demand for contact-less biometrics for things like:
  • Doors
  • Bathroom fixtures
  • Elevator buttons
Ultimately, biometrics have almost unlimited potential across many sectors. And they offer the convenience of integrating seamlessly into human workflow.

What Are the Downsides?

While there are obvious advantages to biometrics, relying on them does bring risks:
  • Biometrics are inherently public, so someone can duplicate some traits. For example, a criminal could lift a person's fingerprint from a glass tabletop. Then, they can use this information to gain access to a device or account.
  • Hackers can target biometric databases, putting people at risk for identity-based attacks. If this happens, they may not be able to do anything about it. A person can always change a password, but not their fingerprints and eyes.
  • Sharing or selling of biometric data to other organizations without a person's consent. When this happens, their data is no longer under their control. It's also at a greater risk of getting stolen if companies don't have cyber security practices.
  • Tracking someone with or without their knowledge using biometric data from public surveillance.
  • False positives and negatives do occur even though biometrics are highly accurate.

Developing Biometrics Legislation

To date, no overarching laws or standards guide the biometrics industry. However, there are efforts from local to global levels to regulate the collection, use and retention of biometric data.
These measures help governmental agencies and citizens take action if there's a violation of privacy rights.
For example, a recent lawsuit was brought against Clearview AI Corporation, a start-up that sells biometric data to help law enforcement agencies identify perpetrators and victims of crimes. They used facial recognition technology to gather images online to build a tracking database of more than three billion faceprints. They gathered the information without anyone’s knowledge or consent – a clear violation of California and Illinois. In early 2020, The American Civil Liberties Union sued Clearview, declaring the company's surveillance activities to be a threat to privacy, safety and security.1

Biometrics Risks and Coverage

It's clear that biometrics is an emerging technology with huge potential. However, from data breaches to false positives, technology businesses face different liabilities and risks. That's why it's important to get the right types of insurance.
Matching the business' unique risk with the appropriate coverage is critical. Look at your client's contracts for potentially insurable provisions, such as:
  • Waiver of subrogation
  • Additional insured interests
  • Use of binding arbitration or mediation
Other factors to consider when getting your clients the right coverage include:
  • Is the insured providing their solution as Software as a Service (SaaS)?
  • How will coverage respond to loss of connectivity if a cloud service provider goes down?
  • What is the service-level agreement with the Cloud Service Provider (CSP)?

Technology Errors and Omissions

Biometrics technology is costly. Customers pay a lot for the hardware, software and consulting expertise. But what if expectations aren't met? A new installation may have bugs. Or the customer could suffer different issues as biometric software gets installed, like:
  • Network delays
  • Lost income
  • Increased costs
That's where technology E&O insurance can help. This coverage helps protect businesses from:
  • Errors
  • Omissions
  • Negligence
  • Product failures


Data breaches are increasing in frequency and severity. The public has a heightened concern regarding identity theft which is why companies using biometric data must proceed with caution. This is true even if the state their business is in doesn't have biometric privacy laws.
Cyber insurance helps your client's business if it loses private customer data. Biometric companies should consider both first- and third-party protections. These coverages help cover costs related to:
  • System failures
  • Network interruption
  • Voluntary shut downs
  • Forensics
  • Cyber terrorism
  • Cyber deception/social engineering fraud

Unauthorized Collection of Personal Information

Privacy is a key risk of biometric technology that is evolving along with biometric laws. When evaluating coverage needs, look at where and how the company obtained all of their information. There are two ways biometric companies can gather data:
  • Voluntary enrollment has a lower privacy risk and should include signed written consent.
  • Involuntary collection can violate state laws that require explicit consent. An example of involuntary collection is pulling data from social networks.
Companies that host a customer's data also take on this privacy risk. That’s why it’s important to look at how the company stores and protects the data.
Insurance that can respond to these kinds of risks include:
  • Liability for unauthorized collection of personal information
  • Coverage for fines and penalties related to a cyber breach

Products Liability

A biometrics enterprise can be held liable for products that are deemed faulty or don’t perform to expectations. For example, customers may sue if the biometrics technology they purchase for security purposes:
  • Delivers a false negative that allows a known bad actor to access a safe space, or
  • Fails to detect a shoplifter who steals expensive merchandise.
Products liability insurance can help cover the legal and court costs of defending any such claims.

False Arrest

Facial recognition can mistakenly identify suspects and provide a false accusation, potentially leading to a false detention and arrest. A general liability insurance policy can help your client's business if this happens. You may also need to extend their coverage to address the consequences of a false negative or positive identification resulting from a cyber breach.

Insure With an Experienced Provider

The Hartford is an insurance company with over 200 years of experience. We understand every business is unique and each industry faces different risks. That’s why we learn the ins and outs of each one, so we can offer products and services to help protect every unique business. Our innovative coverage offerings include technology E&O y cyber insurance.
You can work with your biometrics clients to tailor these policies. Policyholders can also enjoy our Cyber Services Portfolio to help reduce cyber risks. The portfolio includes:
  • Best practices
  • Recursos
  • Employee training
  • Estudios
Connect with us today and learn how we can help your biometrics clients.
About The Hartford Underwriting Companies: The coverage(s) identified in this general product description may be underwritten by one or more of the property and casualty insurance companies of The Hartford Financial Services Group, Inc. In Arizona, California, New Hampshire, Texas and Washington the insurance may be underwritten by Hartford Accident and Indemnity Company, Hartford Fire Insurance Company, Hartford Casualty Insurance Company, Hartford Lloyd’s Insurance Company, Hartford Insurance Company of the Midwest, Navigators Insurance Company, Navigators Specialty Insurance Company, Maxum Casualty Insurance Company, Maxum Indemnity Company, Trumbull Insurance Company, Twin City Fire Insurance Company, Hartford Underwriters Insurance Company, Property and Casualty Insurance Company of Hartford and Sentinel Insurance Company, Ltd.
Links from this site to an external site, unaffiliated with The Hartford, may be provided for users' convenience only. The Hartford no controla o revisa estos sitios. La provisiòn de cualquiera de estos enlaces no implica la aprobación o asociación de The Hartford con dichos sitios. The Hartford no es responsable y no ejerce ningún tipo de representación o garantía relacionadas con los contenidos, integridad, precisión o seguridad de cualquier material publicado en dichos sitios. Si usted decide ingresar a sitios que no pertenezcan a The Hartford, lo hace bajo su propia responsabilidad.
The Hartford Financial Services Group, Inc., (NYSE: HIG) operates through its subsidiaries, including the underwriting company Hartford Fire insurance Company, under the brand name, The Hartford,® and is headquartered in Hartford, CT. For additional details, please read The Hartford’s legal notice at
Andrew Zarkowsky
Andrew Zarkowsky
Andrew Zarkowsky is the Head of AI Underwriting at The Hartford, focused on building responsible AI enhanced underwriting tools to improve efficiencies and effectiveness. He is also responsible for assessing the insurance risk and risk management controls for creators and users of AI.