Biometric technology is often touted as a more efficient and secure alternative to other security systems. Using facial recognition technology could obviate the need for picture IDs, while voice recognition technology could liberate people from trying to memorize endless combinations of letters, numbers and symbols.

But many people are troubled by the idea that biometric information could be used in the service of Big Brother scenarios. While such fears are often exaggerated, banks must nonetheless take them seriously. Protecting the privacy of consumer and employee information, including preventing its potential misuse, is both explicitly and implicitly expected by clients and employees.

Banks can assuage customers' and employees' fears about biometric information by communicating clearly the purpose behind such activities as capturing and using voice or facial recognition technologies. People will be more likely to feel at ease if they understand how the technology can improve services by easing access to systems, networks and buildings.

Banks can further reduce fears that they will misuse the technology by seeking permission from consumers or employees before collecting their face prints or voice copies. It's also necessary that banks only use the biometric information they have collected for the purpose that employees and customers explicitly consented to. For instance, if a company takes an employee's fingerprints to enable access to a building or a computer system, then that is the only purpose for which the information should be used, unless the company obtains additional consent for another use. These steps are not unusual. Similar procedures are recommended for the use of other types of personal data collected by banks. 

Lastly, banks should ensure that the information they gather stays within their control and is not shared with third parties — either as part of a business development strategy or through security breaches. An exception may occur if regulators and government agencies ask banks to hand over biometric data in relation to investigations. 

At the end of the day, biometric data is really just another type of personal data that banks hold, access and use with the trust of customers and employees. But obtaining consent should not just be seen as merely a bureaucratic necessity. It is part of a process by which banks can maintain and enhance trust — which only becomes more important in the age of big data and virtual relationships. When carefully implemented, biometric security technology can help banks better secure data while improving employee and customer efficiency. This is surely a goal worth pursuing.

Andrew Waxman writes on risk and compliance issues in capital markets. He is a consultant in IBM Global Business Services' financial markets risk and compliance practice and can be reached at or on Twitter @abwaxman. The views expressed here are his own.