An organization should address ethical issues including privacy before deploying biometric systems. Threats to informational privacy rights related to potential data misuse, function creep, and the data linkage of personal information contained in diverse databases makes possible such unintended consequences as surveillance, profiling, and discrimination. Unlike passwords, biometric data are unique, irrevocable, and variable. Biometric encryption (BE) is highlighted as a prominent example of Privacy by Design, where privacy is embedded as a core functionality in the biometric system. BE binds a digital key to (or extracts the key from) the biometrics. Earlier technical challenges to this new technology, as well as recent advances, are presented. Lastly, an overview is provided of an application using facial recognition (FR) in a watch list scenario, known to be the first and largest successful deployment of BE using FR, in a casino context.