• Cecilia Soria

Is a signature sensitive personal information?

What I love about privacy work is that I constantly get asked “what if?” questions that require me to rethink things that I’ve always taken for granted. The other day’s question was: “Is a person’s signature biometric information?”

Apparently, part of the documents inadvertently sent to the wrong person were signed forms. This person asking me was in the process of determining whether the inadvertent disclosure is covered by the National Privacy Commission’s (NPC) requirement for mandatory breach notice.

The first question in making the determination is: “Is the personal data involved sensitive personal information (SPI) or other information that may enable identity fraud?”

So I thought to myself, “is a signature biometric information?” Because if it is, then a signature is SPI. And this case hurdles the first requirement for breach reporting.

A quick Google search told me that a signature is not considered SPI. However, the manner in which a person signs is biometric data and, ergo, SPI.

Why is this little nugget of information important? Well, the use of signature pads have become commonplace these days. If the signature pad used by your company records not only the signature of the customer but the manner in which the signature is done (i.e., how a person signs) then your company will be subject to the more stringent requirements of the 2012 Data Privacy Act in collecting and processing sensitive personal information. More importantly, if such biometric information is part of personal data that is subject of a data breach, then you will be required to comply with the data breach notice requirements of the NPC.


Notes on the Present Future


Thursday, 15 October 2020

I found an old favorite Medium post on the complications of enforcing the General Data Protection Regulation. If you'd like to nerd out o...

Tuesday, 13 October 2020

Interested in learning more about privacy, security, and data governance? You can still catch the few remaining hours to register for Tru...

Sunday, 30 August 2020

This is off-topic but I am sharing this tweet and urging you to check out the whole thread on Twitter. In the midst of all the debate, it...

©2020 by Cecilia Soria