Re: "Biometrics." It's a security "feature"
I've worked on biometrics.
Rule 1 is to NEVER, EVER even transport the raw data - you pre-process at the point of collection.
You hash and encrypt before transport, if possible salted, and salt the storage yet again. That way, only your local interpretation of the biometrics can ever leak, and that cannot be used to reconstruct the raw source data for use somewhere else. Anyone doing it differently should get hit with the maximum possible fines, something that will make new incoming EU privacy laws extra interesting.
That goes for fingers, eyes, face geometrics, rectal scans, gait analysis* - the works. Not mentioning voice prints because they're too easy to replicate to be of any use (natural variation alone already mandates significant forgiveness in what you accept, rendering it pointless).
* No, gait. Not goat. That's still "something you have" :)