Biometric categorisation is the classification of people using biometric data, such as face, voice, iris, gait, or fingerprint signals, into sensitive categories or groupings. These categories may be explicit, like age group or identity, or inferred, like emotion, health-related traits, or membership in a protected class. Because the result is based on physical or behavioral characteristics, it can reveal more than simple identification and can be highly sensitive.
In cyber security, biometric categorisation matters because it creates privacy, abuse, and governance risk. Attackers may steal biometric datasets, reuse them for profiling, or feed them into systems that infer sensitive attributes at scale. Defenders need to limit collection, encrypt templates and logs, restrict access, and test for bias and misuse. Strong provenance, audit trails, and user notices help organizations prove when such systems are in use and prevent hidden categorization from becoming a surveillance or discrimination tool.