Biometric identifiers

Identifies documents containing references to biometric identifiers in Australian contexts. This information type is classified as personally identifiable information under applicable data protection regulations.

Type

regex

Engine

boost_regex

Confidence

medium

Confidence justification

identifier/document-structure anchored regex with constrained context replaces phrase-only detection. Added context gating and exclusion rules improve precision and reduce incidental matches.

Detection quality

Mixed

Jurisdictions

au

Regulations

HRIPA (Cth), IPA 2009 (Qld), My Health Records Act 2012 (Cth), NDB Scheme (Cth), Privacy Act 1988 (Cth)

Frameworks

ISO 27001, ISO 27701

Data categories

government-id, pii

Scope

wide

Platform compatibility

Purview: Compatible, GCP DLP: Compatible, Macie: Compatible, Zscaler: Compatible, Palo Alto: Degraded, Netskope: Unsupported

Pattern

(?is)\b(?:biometric\s+identifiers?|biometric\s+(?:data|template|record|sample|enrolment|authentication))\b

Corroborative evidence keywords

biometric identifiers, biometric, identifiers, personal, identity, demographics, biometrics, biometric data, biometric information, biometric template, biometric identifier, field, column, row, entry, record, value, form, register, database (+20 more)

Proximity: 300 characters

Should match

• biometric identifiers — Exact phrase match
• biometric data — Biometric data phrase match
• biometric template — Biometric template phrase match
• biometric authentication — Biometric authentication phrase match

Should not match

• unrelated generic text — No biometric terminology present
• identifier number 12345 — Generic identifier without biometric context
• record reference A12345 — Generic anchor terms no longer match

Known false positives

• Common words and phrases related to biometric identifiers appearing in policy documents, training materials, HR templates, or compliance guidelines without actual personal data. Mitigation: Require corroborative evidence keywords within the proximity window to confirm sensitive data context rather than general discussion.
• In Australian English, similar terminology used in formal or administrative contexts (education, professional documentation) that does not constitute sensitive data collection. Mitigation: Layer with additional contextual signals such as structured identifiers, form fields, or database column headers to distinguish sensitive records from general references.
• High-frequency pattern matches in large document corpora due to broad regex anchors. Expected match rate is significantly higher than specific identifier patterns. Mitigation: Tune confidence thresholds for bulk scanning. Consider using this pattern primarily as a pre-filter with secondary validation.

References

• https://www.oaic.gov.au/privacy/your-privacy-rights/your-personal-information/what-is-personal-information
• https://www.oaic.gov.au/privacy/your-privacy-rights/your-personal-information/what-is-sensitive-information
• https://www.oaic.gov.au/privacy/australian-privacy-principles-guidelines