An organization will be testing a beta upgrade version of its employee’s fingerprint matching system. Because it’s difficult to mimic human fingerprints the company used real biometric images, data, and templates to test the beta upgrade. The previous and current versions both contain meta data, and demographic data with each fingerprint that includes the owner’s name, age, sex, race, and date of birth. After a successful upgrade consider the following:
- What data types stored by the system should be considered as PII
- Review the NIST Special Publication 800-122 to determine the impact level. What factors did you include to determine the impact level?
- What privacy safeguards should be considered to protect the PII in the upgrade test.
- Is a Privacy Impact Assessment (PIA) required to complete the upgrade?
- What should be done with the test data after the upgrade?