Data-shielding and recordkeeping needed for US military biometric devices — report
An inspector general report evaluating U.S. Defense Department control of biometric data found room for improvement. Defense officials agreed to update the department’s biometrics policy.
The evaluation, which predates an October presidential executive order that includes better federal protection of biometric data, examined accountability practices required for biometric devices.
The devices included biometric automated toolsets, secure electronic enrollment kits, the Javelin and the Biosled.
Two military commands – Services and combatant — obey DoD and their own accountability policies procedures for the devices, according to the report.
But some devices didn’t have the ability to encrypt the data they held. That’s because the Defense Department doesn’t apply information security standards to them or doesn’t require encryption on the devices.
“Additionally, the DoD did not consistently provide certification of destruction or sanitization of biometric data when biometric devices were turned in for disposal,” the report states.
The inspector general recommended updating the relevant device policies. That includes requiring device owners and custodians to do the sanitizing and complete sanitization records. Those practices are inconsistently performed right now.