Biometric identifiers

Identifies documents containing references to biometric identifiers in international contexts. This information type is classified as personally identifiable information under applicable data protection regulations.

Type

regex

Engine

boost_regex

Confidence

medium

Confidence justification

identifier/document-structure anchored regex with constrained context replaces phrase-only detection. Added context gating and exclusion rules improve precision and reduce incidental matches.

Detection quality

Mixed

Jurisdictions

global

Regulations

GDPR

Data categories

government-id, pii

Scope

wide

Platform compatibility

Purview: Compatible, GCP DLP: Compatible, Macie: Compatible, Zscaler: Compatible, Palo Alto: Degraded, Netskope: Unsupported

Pattern

(?is)\b(?:biometric\s+identifiers)\b\s{0,80}\b[A-Z0-9][A-Z0-9\-/ ]{4,24}\b

Corroborative evidence keywords

biometric identifiers, biometric, identifiers, personal, identity, demographics, biometrics, biometric data, biometric information, biometric template, biometric identifier, ID, identifier, number, reference, code, index, serial, account, file number (+20 more)

Proximity: 300 characters

Should match

• Biometric identifiers — Exact phrase marker match
• biometric identifiers — Case-insensitive phrase match
• Biometric identifiers — Normalized whitespace phrase
• structured record with identifier and contextual anchors — Structural anchor sample

Should not match

• unrelated generic text — No relevant phrase context
• placeholder value 12345 — Random text should not match phrase marker
• generic narrative without identifier/document anchors — Should not match plain mention
• template example placeholder record identifier — Template/sample context should be excluded even when anchor words are present

Known false positives

• Common words and phrases related to biometric identifiers appearing in policy documents, training materials, HR templates, or compliance guidelines without actual personal data. Mitigation: Require corroborative evidence keywords within the proximity window to confirm sensitive data context rather than general discussion.
• In English (as the primary international business language), similar terminology used in formal or administrative contexts (education, professional documentation) that does not constitute sensitive data collection. Mitigation: Layer with additional contextual signals such as structured identifiers, form fields, or database column headers to distinguish sensitive records from general references.
• High-frequency pattern matches in large document corpora due to broad regex anchors. Expected match rate is significantly higher than specific identifier patterns. Mitigation: Tune confidence thresholds for bulk scanning. Consider using this pattern primarily as a pre-filter with secondary validation.

References

• https://eur-lex.europa.eu/eli/reg/2016/679/oj
• https://www.oaic.gov.au/privacy/your-privacy-rights/your-personal-information/what-is-personal-information