Original post from: Northland Controls

https://www.northlandcontrols.com/blog/guest-blog-2022-trends-for-biometrics-privacy-compliance

By Julia Webb-Twoomey, VP Marketing & Alliances, BioConnect, Feb 22, 2022

In this month’s guest blog post, BioConnect talks about privacy and compliance trends as it relates to biometrics.

Biometrics have helped secure physical access to critical infrastructure for over 30 years and innovation in 2022 continues to bring great options to enterprises including mobile based access and touchless solutions. Organizations looking for identity based cyber-physical protection of their facilities should consider the proportional biometric solution to their use case to address privacy concerns. Fines for lack of compliance relating to privacy claims around biometric information processing are predicted to be north of $8 billion by 2025. To avoid fines while using the best biometric tools to protect their assets, organizations need to be proportional, intentional, and transparent.

So, what does being proportional mean?
You are securing access to a meeting room for a new community of hot desking employees and would like to have a biometrically verified audit log of who used the meeting space, a trusted mobile credential with on device facial recognition would be sufficient. For this use case, the employee has provided consent upon enrollment on their mobile device and subsequently the biometric data never leaves their device but is connected to a valid mobile credential to access the room.

You are tasked with 10 securing server rooms that contain access to critical data across 5 different locations. In this example you have a strong legitimate use case for using fixed facial authentication readers that sync with your Physical Access Control (PAC) platform, ensuring your policies for access are implemented at scale and the enterprise manages the source of truth for validating the identity of the person permitted access during the enrolment process. Within the US, privacy regulations vary on a state by state basis so it is important to work with a biometric vendor who offers expertise around the nuances in each state and has a privacy and compliance tool kit built into their offering.

And what about being intentional and transparent?
In addition to working with a vendor that has expertise in privacy and compliance, refrain from using the biometric data you gather for any purpose other than the initial legitimate use that it was collected for. Being intentional means once initial purposes are achieved the biometric data should be deleted, as an example if an employee leaves the organization and no longer requires access to the critical infrastructure the biometric enrollment should be deleted.

Lack of transparency around collecting biometric data can result in fines, ensure employees understand how the biometric data will and won’t be used before collecting their consent (if required). Ensure consent is freely given (no pre-checked boxes) and give the option where suitable for the employee to withdraw their consent.
To learn more, Northland Controls and BioConnect will have a privacy and compliance expert on hand to answer your questions about new or existing biometric deployments at ISC West in March or Virtually (Book Here)

About BioConnect:
Since 2010, BioConnect has been providing biometric access control solutions to verify a person’s identity and protect an enterprise’s most valuable assets. The company has been recognized in recent Security Industry Association (SIA) New Product Showcase Awards for Best Convergence Platform (2021) and Best Emerging Technology (2020) with BioConnect Link. BioConnect was the first to bring to market a biometric mobile authenticator for physical access, allowing the enterprise to secure their physical doors and spaces with the use of biometric identity verification right from a mobile device.

When BioConnect introduced the Trust Platform, it enabled the enterprise to finally connect all of their existing access control systems, biometric readers, mobile authenticators and small-space access control into one unified system that spans the entire organization.

In 2021, BioConnect purchased MedixSafe, a long time BioConnect partner and supplier of solutions for secure access to Narcotics Safes, Cabinets and Lockers.

BioConnect is uniquely positioned to offer solutions to the toughest security problems that an organization faces to protect their critical infrastructure, providing security at scale that establishes a strong level of trust by unifying a person’s identity across physical, IoT and digital applications.