Biometrics have helped secure physical access to critical infrastructure for over 30 years and innovation into the 2020s will continue to bring great options to enterprises including mobile based access and touchless solutions. Organizations looking for identity based cyber-physical protection of their facilities should consider the proportional biometric solution to their use case to address privacy concerns. Fines for lack of compliance relating to privacy claims around biometric information processing are predicted to be north of $8 billion by 2025. To avoid fines while using the best biometric tools to protect their assets, organizations need to be proportional, intentional, and transparent.
Proportional Biometric Solutions
You are securing access to a meeting room for a new community of “hot desking” employees and would like to have a biometrically verified audit log of who used the meeting space, a trusted mobile credential with on device facial recognition would be sufficient. For this use case, the employee has provided consent upon enrollment on their mobile device and subsequently the biometric data never leaves their device but is connected to a valid mobile credential to access the room.
You are tasked with 10 securing server rooms that contain access to critical data across 5 different locations. In this example you have a strong legitimate use case for using fixed facial authentication readers that sync with your Physical Access Control (PAC) platform, ensuring your policies for access are implemented at scale and the enterprise manages the source of truth for validating the identity of the person permitted access during the enrollment process. Within the US, privacy regulations vary on a state by state basis so it is important to work with a biometric vendor who offers expertise around the nuances in each state and has a privacy and compliance tool kit built into their offering.
Being Intentional & Transparent
In addition to working with a vendor that has expertise in privacy and compliance, refrain from using the biometric data you gather for any purpose other than the initial legitimate use that it was collected for. Being intentional means once initial purposes are achieved the biometric data should be deleted, as an example if an employee leaves the organization and no longer requires access to the critical infrastructure the biometric enrollment should be deleted.
Lack of transparency around collecting biometric data can result in fines, ensure employees understand how the biometric data will and won’t be used before collecting their consent (if required). Ensure consent is freely given (no pre-checked boxes) and give the option where suitable for the employee to withdraw their consent.
Biometric Solutions from the ISG
If your organization isn’t already looking at biometric solutions, you may already be behind in security and convenience for your employees, visitors, and students. Stay ahead of the curve and ensure your identification and access control systems are up to date with biometric identity authentication.
The ISG offers trusted biometric solutions from leading partners for access control, mobile credentials, biometric tracking, integrated campus services and so much more.
Contact us today to talk to your local ISG expert about using biometrics as part of your organization’s security plan.
Original article written by Julia Webb-Twoomey for BioConnect.
