In an age where technological personalisation beats privacy, individuals willingly give their data in return for a bespoke experience. Individuals are more likely to share their data when they know there are clear benefits to themselves or society. The opportunity cost in handing over personal data in return for a personalised experience can open the door to privacy breaches and criminal activity. Forming part of personal data is biometric data, which includes facial features, iris and retina, voice, and heartbeat. However, in Australia, a uniform legislated definition of biometric data does not exist. Every day, open sources grow with biometric data. A better understanding of the ways in which biometric data can be used and a best practice definition is key. This essay seeks to highlight, analyse, and ultimately resolve the legal and policy risks of not having a legislated definition of biometric data for privacy purposes.