Unless you have been residing in a dark cave for the past 12 months you can’t help but have read about the challenges facing companies when it comes to protecting personal data. The fact of the matter is, whether we like it or not, data is growing faster than ever. It is estimated that by next year a staggering 1.7MB of data will be created every second for every person on earth. This means that a data breach is a distinct possibility and can end up costing a company millions in fines and lost revenue. However, it is important to know that there are solutions that exist right now that can protect you…
To give some background context, I want to talk first a bit more about the various laws and explore the challenges they present, starting off with consent. BIPA (Biometric Information Privacy Act), a law passed by the Illinois General Assembly, regulates the collection, storage, use, and destruction of biometric identifiers and biometric information, referred to collectively as ‘biometric data’. Biometric identifiers specifically include voice, fingerprint, face and hand geometry, as well as scans of the retina or iris. It’s not just in Illinois that PII has become a legislative issue, also Washington State and Texas. With several more states tabling it as well. For a number of years we have been working with our partners to capture consent and the retention of biometric information and other PII. By automatically informing and capturing consent at the source of enrolment this not only ensures compliance, but also reduces both cost and administration time.
The next challenge I want to focus on is retention. BIPA states that the person or entity in possession of biometric data should publicly provide all available policies and guidelines for retaining and destroying biometric data. BIPA also specifies that the data must be destroyed when the purpose for collecting the data is satisfied, or within three years of the last interaction with the consumer, whichever occurs first. Again, working in partnership with our customers we have been able to build an application on-device which will stamp biometric enrolments at the source with a timestamp that is stored and transmitted inherently with the data. This way retention policies can strictly be enforced at all storage points, with deletion processes removing the sensitive information before consent expires.
Moving onto protection and specifically that of personal identifiable information (PII), where it is not only extremely important but also a legal requirement within various data privacy laws, whether it be in transit or at rest. BIPA for instance requires data to be stored, protected and transmitted using methods that are the same as or more protective than the methods used to protect other confidential and sensitive information, such as passwords, account numbers, and social security numbers. The solution we are able to offer our customers is to build an application where biometric data is encrypted in the database using 256-bit encryption; which in real terms means that it would take an attacker millions of years to try and crack. In fact, if we were to factor in an RSA private key, this would take 6.4 quadrillion years to try and calculate. Nobody has that sort of time. When in transit we use HTTP or MQTT over TLS to provide secure end to end protection. Our on-clock matching algorithm methodology ensures data is stored in our devices and only on biometric sensors transiently as each request is made. The benefit to this is that our customers know exactly where and how their data is stored, therefore ensuring adherence to current legislation.
So, what does the future hold?
Well, the use of smartphones in the workplace presents many opportunities to solve the ever-evolving PII challenges in more innovative ways. Applications where biometric credentials never leave their personal device and are authenticated locally to produce a token that communicates to secure Bluetooth beacons and provide the authentication needed is one viable solution. Also, we are currently developing a brand-new converged platform to offer estate management, remote support, middleware, biometric and PII secure distribution and storage, reporting, analytics and dashboarding.
Security has always been at the very heart of our development process, with rigorous penetration testing there to check and patch vulnerabilities. These methods along with ensuring your IT infrastructure is secure with sensible policies for network segmentation reduce your attack surface. With many customers using our cloud management solutions to drastically reduce their total cost of ownership, cloud security therefore is essential.
Working in close partnership with our customers is, and always will be, key. We’ve been doing it for over 30 years and enables us to deliver precise, rapid solutions to address their specific business needs. It’s this experience, commitment and ability to innovate that, I believe, qualifies us as the ‘go-to vendor’ for secure data capture, transmission and storage. To find out more about how we can reduce your total cost of ownership and solve your PII data compliance issues contact us today.
Head of Embedded Platforms