Skip to main content

Personal Data Security

BioStar X stores user credentials, biometric templates, and personally identifiable information. Without database encryption, a breach exposes this information in plaintext, leading to identity theft, legal liability, and regulatory violations. This document explains how to enable personal information database encryption and minimize biometric image storage to protect sensitive data.

Encrypt personal data on database

Enable Encrypt Personal Data on Database to ensure all sensitive user and credential information is stored in an encrypted state.

Scope of encrypted data

When enabled Encrypt Personal Data on Database, the following items are encrypted at rest:

  • Profile images

  • User ID, Name, Phone number, User IP, Email addresses

  • Login ID and Login password

  • Face templates, Fingerprint templates

  • Card ID, Smart card layout keys

  • Custom information for users and visitors

  • Image log files

Personal data encryption key

  • Becomes configurable once Encrypt Personal Data on Database is set to Use.

  • The key must be 32 characters, using letters, numbers, and symbols.

  • Changing the key triggers re-encryption of all existing data.

Best Practice

Generate the key using a secure random generator. Store it in a password vault. Rotate periodically (e.g., annually) or immediately if compromise is suspected.

Step-by-step

  1. Log in to BioStar X with an Administrator account.

  2. Go to SettingsSystemSecurity.

  3. Set Encrypt Personal Data on Database to Use.

  4. Optionally, click Change under Personal Data Encryption Key, enter a new encryption key of 32 characters.

Caution

Changing the encryption key will re-encrypt all existing personal data. Schedule during maintenance windows. Losing the encryption key may make encrypted data unrecoverable.

Store visual face image

Disable Store Face Image unless there is a strict operational requirement to retain actual facial images.

  • Templates vs Images: Templates are mathematical representations of biometric data and are harder to reverse-engineer into a recognizable face.

  • Many privacy regulations (GDPR, PDPA, etc.) treat biometric images as highly sensitive data.

  • Storing images unnecessarily increases legal risk and attack surface.

Step-by-step

  1. Go to SettingsServerServer.

  2. Set Display expert settings to Use.

  3. Under Expert Settings, configure Store Face Image.

    • Default: Use

    • Recommended: Not Use

Best Practice

  • Retain only templates, not images, for biometric authentication.

  • If images are required for audit purposes: store in a separate secure repository with strict access controls and short retention periods (30–60 days).

  • Periodically review settings after upgrades to ensure the value hasn't reverted to default.

Was this page helpful?