Purpose

Biometric identifiers are digital representations of immutable and unique bodily features such as fingerprints, hand or face geometry, iris, retina, and voice patterns used to identify individuals. The immutable quality of the data creates a lifelong risk to the subject individuals should that data be used inappropriately. Thus, the storage of this data presents a significant liability to the university. It is also important to note that biometric identifiers can be used to verify the identity of a person but are not sufficient to authenticate a user and grant authorization to access physical or logical assets. 

Scope

This policy applies to all instances in which the university collects, stores, or otherwise processes biometric identifiers for identification or authorization purposes. Devices which use biometric identifiers to grant access to an individual device where the identifiers are only stored in an inaccessible form on the device, are not within the scope of this policy. 

Policy

  1. Biometric identifiers are only used to identify individuals when granting access to selected high-security facilities. Such facilities are primarily used by faculty and staff with limited numbers of students involved in special study, research or employment requiring such access.
  2. Biometric identifiers are only to be used as an identifier and must be used in combination with additional identifiers and authenticators (ex: ID card, PIN or password) to grant access to approved facilities and resources.
  3. Biometric data and systems storing, processing or transmitting it will be secured in a manner equivalent to UF Restricted Data.
  4. Only the following biometric identifiers may be used at UF:
    1. Any record of friction ridge detail
    2. Fingerprints
    3. Palm Prints
    4. Footprints

Responsibilities

  1. The Vice President and Chief Information Officer, or designee, and Chief Privacy Officer, or designee, are jointly responsible for approving all uses of biometric technology. 

Authority

UF Regulation 1.0102 Policies on Information Technology and Information Security   

Effective date

February 6, 2020 

References

FS 119.071 (g) General exemptions from inspection or copying of public records