Skip to content
Thav Global Solutions
All insights
Data Governance26 May 20266 min read

Biometrics you are relieved to have deleted

A face or a fingerprint is the one credential a person can never reissue. The responsible way to handle it is to hold it for the shortest possible moment, never in its raw form, and to make deletion automatic.

Data Governance Practice

Most data, if it leaks, is a problem you can remediate. A password can be changed, a card reissued, an account number rotated. A biometric is different: a person cannot be issued a new face or a new set of fingerprints. That permanence is exactly why a system should want to hold biometric data for as little time as possible, in as reduced a form as possible, and to forget it without being asked.

Capture, use, discard

A biometric capture exists to answer one question at one moment: is this the person in front of us, or the person this document describes. Once that question is answered, the raw capture has done its job. So the raw image is never persisted. It is processed for the single purpose it was collected for, and then it is gone, with the platform retaining at most the minimal derived result the workflow actually needs.

Deletion is the default, not a chore

Retention that depends on someone remembering to run a cleanup is retention that will eventually be forgotten. So short-lived data carries an automatic purge: it expires on a schedule the system enforces, not on the diligence of an operator. The safest state for a sensitive capture is deleted, and the system is built to return to that state on its own.

  1. 01Never persist the raw capture. Process it, derive only what the task requires, and discard the original.
  2. 02Bind the data to its purpose, so it cannot be repurposed beyond what it was collected for.
  3. 03Set an automatic expiry, so high-sensitivity data is purged on a schedule rather than by hand.
  4. 04Log the deletion, so the institution can prove the data is gone, not merely claim it.

The data you have already deleted is the only data that can never be stolen from you.

Less to protect, less to lose

Handling biometrics this way is not only kinder to the person; it is easier on the institution. A capture that was never stored cannot be breached, subpoenaed, or mishandled by a future operator who never knew it existed. By treating the most sensitive data as something to be relieved of rather than something to accumulate, the system carries less risk every single day it runs.

More insights

Security6 min read

The audit log that cannot be quietly edited

Who read this record, who changed it, and when. A system that holds sensitive data has to answer that honestly, which means the people with the most access need the least ability to rewrite the answer.

17 June 2026
Delivery7 min read

The system advises, the officer decides

Software can sort, surface, and flag faster than any person. What it should not do is make the final call on a human being. Keeping a trained official in the decision is both an ethical line and an engineering one.

10 June 2026
Engineering6 min read

Giving the browser less to give away

Security-relevant logic never ships to the client, but the client is still worth hardening. Stripping a production build and locking down the page does not keep secrets. It raises the cost of every other attack.

2 June 2026

Planning a new system, or need an independent assessment?

Whether you are modernizing a legacy platform or testing the one you already run, we will tell you plainly what it takes and where the risk is.

Start a conversation