In this paper, we investigate the fundamental limits of the chief executive officer (CEO) problem in which physical and biometric identifiers are treated as information sources. In order to make the information leakage of the identifiers to the eavesdropper via helper data negligible, private keys, uniformly and independently chosen, are bonded into measurements of the identifiers at the encoders to generate the helper data. The CEO problem is renowned for the difficulty of characterizing the tight rate-distortion region, which is still an open question for the general case. In this study, we characterize the tight rate-key-distortion regions of such problem under two specific distortion measures, namely, logarithmic loss (both discrete and Gaussian settings) and quadratic distortion measures. Also, we provide numerical calculations of the characterized regions, and the calculated results show that when a larger distortion is permitted, smaller storage and private-key rates are achievable. As special cases where the constraints of private-key rates and negligible leakage are not imposed, our characterizations naturally reduce to the rate-distortion regions provided by Courtade and Weissman (2014) for logarithmic loss distortion, and Prabhakaran et al. (2004), Chen et al. (2004), and Oohama (2005 for quadratic distortion measure.