Privacy & Compliance Management
BioConnect’s Trust Platform captures and tracks end-user consent in an easy and auditable way, across both traditional and mobile access control devices. The privacy and compliance module in the Trust platform is regularly updated to stay current with the latest regulations from various industries including:
HIPAA, SOC2, NERC-SIP, PCI-DSS, GDPR, BIPA, CCPA, DEA, SHIELD, PIPEDA, etc.
What You Get
Consent Tracking (add-on)
Capture and track user consent for enroll and use of their biometric data in an auditable manner. Prevent biometric enrollment of users who have not completed the due diligence by providing consent. This feature covers both traditional biometric as well as mobile platforms.
Receive real-time alerts for specific trigger events like device tampering, authentication failures. Alerts can be sent over email as well as instant internal communication apps like Slack, & MS Teams.
Tamper Detection of Biometric Readers
Detect any attempt for tampering the device in real time and receive immediate alerts through various channels.
Be compliant with various regulations by tracking any maintenance activities undertaken on the devices such as firmware upgrades, taking them offline for repairs and putting them back online.
Track and monitor user management activities – creation, updates, deletion of user records.
Provides all the records of user access/authentication events – details of the modality used, time of authentication/access, door used at, etc.
Retains all critical data and information for auditing purposes. Easily manage user’s biometric data records based on your company’s internal policies. Delete information to comply with data retention and digital privacy laws.
Our zero-trust security architecture and patent-pending cryptographic technology ensures that your critical data remains in your facility and your users’ pockets.
Data Portability (coming soon!)
With our open API and developer support, ensure seamless migration of data, build customized integrations to facilitate internal reporting and retrofit into your existing software where applicable. Allow your users to migrate their critical information from one mobile device to another seamlessly and securely, improving their user experience.
The BioConnect Trust Platform includes an open API and developer support that allows our devices and biometric engines to be easily accessed and validated for performance.
Do the looming privacy regulations threaten your business?
In the past couple of years, the Biometric Information Privacy Act (BIPA) has resulted in a slew of lawsuits against companies resulting in multi-million-dollar fines or settlements. Here is a snapshot of the lawsuits filed along with the corresponding fines and settlements.
Data-privacy and biometric-privacy regulations are evolving rapidly, both on a state-by-state level and internationally. They are meant to protect the rightful ownership of the biometric data as well as prevent their misuse without appropriate user consent. However, for businesses, it increases audit complexity and poses the risk of significant fines as seen above. Not being compliant with biometric related privacy regulations can cost your business significant sums of money, loss of reputation and negative reputation.
What is consent tracking for biometric systems?
Within the next three years most enterprises will be operating in jurisdictions that require consent from users before biometric enrollment, following in the footsteps of Europe (GDPR), Illinois (BIPA) and California (CCPA). Traditional point-to-point integrations can easily create gaps in your operational controls that can result in breaches and fines.
Gather User Consent for Biometric Capture
To comply with biometric privacy laws in various parts of the world, the BioConnect Trust Platform enables you to capture user consent for enrolling biometric data. To support both online and offline modes of operation, a unique alphanumeric value is provided following active consent by the enduser to provide their biometric information. This alphanumeric value is further validated at the time of enrollment and the enrollment is allowed to take place only if the validation is successful. The date and time of consent and enrollment is captured for auditing purposes.