I think the whole information technology industry needs to take a close look at what responsibilities an organization assumes upon collecting any personal information or data. This is especially important in the case of biometrics because they're so personal -- digital encoding of our unique physical traits. Movies often make dramatic use of the numbered tattoos used by the Nazis to identify prisoners at Auschwitz. We have many cultural references to the dangers of being marked -- I'm thinking of The Scarlet Letter as a prime example from American literature. It surprises me that more people aren't alarmed by potential for abuse of biometrics.
But the issue is more broad than biometrics. I really want to get to a point where I hold the keys to all of my personal information and no one gets access to that information without my explicit permission. It's quite likely that I'll never get there personally -- my information is already out there and probably can't be taken back. But for my son there may still be hope of providing him more privacy and personal security than I will enjoy. I imagine being able to keep encrypted copies of that information accessible through a service on the 'Net. Anyone who needs my information can have their systems request information from my system. I could choose to grant limited access to specific bits of information. I might choose to delegate some authority to my doctor to disclose some information, providing I trust my doctor and his technology systems.
I know I'm an alpha-geek. Many people wouldn't want to be bothered with the granting or limited delegation of permissions. But it seems profoundly important that people be able to choose the degree to which they control their personal information. Right now, it's all in the hands of unrelated businesses and the government and a person has to go to extreme lengths to have any real anonymity or privacy in our networked world.