Anorganization will be testing a beta upgrade version of its employee’sfingerprint matching system. Because it’s difficult to mimic humanfingerprints the company used real biometric images, data, and templatesto test the beta upgrade. The previous and current versions bothcontain meta data, and demographic data with each fingerprint thatincludes the owner’s name, age, sex, race, and date of birth. After asuccessful upgrade consider the following:
- What data types stored by the system should be considered as PII
- Review the NIST Special Publication 800-122 to determine the impact level. What factors did you include to determine the impact level?
- What privacy safeguards should be considered to protect the PII in the upgrade test.
- Is a Privacy Impact Assessment (PIA) required to complete the upgrade?
- What should be done with the test data after the upgrade?