Technology for MSMEs: Have you ever wondered how Facebook suggests you to tag someone when you post an image of a person, automatically? That is because it works on a facial recognition system that maps facial features from the image or video and compares it with the database of facial biometric data with them to identify a person and suggests tagging. Similarly, Google Photos uses this system to tag and sort/categorise images based on various pre-defined tags. While this eases out the process of tagging someone when you post on social media or sorting images based on the image content, it raises questions on privacy and handling of such data since Biometric data stands to be very sensitive today with its extensive use as an authentication method for accessing devices, authenticate digital transactions and more.
Need for Strict data collection, usage policy
So far social media giants like Facebook do not share such a sensitive data with third-party players like the ones who use their advertising platform and is confined its use to photo and video tagging only, allowing you to opt-out of such a feature while Google will not enable it until you opt-in. There is a need for a strict collection and usage policy, understanding the sensitivity and application possibilities, the use of such data must be well controlled and monitored while the collection of such data should be with total consent of the user.
The facial recognition system has seen increased adoption across various platforms to bring ease of authentication, image tagging and more. Its widespread has both commercial and surveillance applications. The facial recognition system is said to grow to $7.7 billion market by 2022. This will bring a lot of small players and startups increasing its adoption for it to be used in various development directions. It only asks for stringent security and data handling policies and this role can be divided into two entities, first being the companies that collect and handle such data and the other being government authorities to bring in laws within the biometric data space.
Companies should have a self-driven biometric privacy policy and can simply start with the consent of collection of such data followed by ethical use of the collected data, meaning, to store them in a secured infrastructure, have data security solutions and policies in place along with a well-defined SOP for handling such sensitive data within the organization, a defined lifespan of storing such data and mention them in the consent in a simpler language for a well-informed consent along with a right to forget facility.
Restricted Access
Along with these internal usage policies, when working along with third-party players in certain areas, the companies can bring in a non-disclosure clause and ensure the replication of their data handling policies within the third party players too to ensure that there is no misuse of such data while the details of sharing should be informed to the users in clear simplified terms. Considering the need to not disclose such data, companies must strictly restrict its access and keep the data safe and secure, beyond any intention and unintentional reach and constantly monitor the reach and data access limits of any third-party integrations.
While we speak for the consumers’ biometric data, we ignore the most common collection centre of our biometric data being our own work office. Offices collect these data to use it as a token of authentication for allowing access to our office premises. As this stands as a necessary step to keep unauthorised access away from our office premise, being aware of how this data is stored, processed, protected and encrypted if this is shared with the biometric solution provider? etc. are of utmost importance. Companies must implement data security policies to prevent data leaks and gain complete visibility and control of its outflow as leakage of such critical and sensitive data may result in a disastrous outcome.
There are several laws like GDPR and Indian Data Protection Law that lays a foundational layout on how such sensitive data must be used, stored and handled. Startups and small business players can refer to these laws to create a base for their data handling procedures and policies and set up a data security policies atop this to ensure that they meet all the aforementioned privacy laws and security standards.
Sonit Jain is the CEO of GajShield Infotech. Views expressed are the author’s own.
Get live Stock Prices from BSE, NSE, US Market and latest NAV, portfolio of Mutual Funds, calculate your tax by Income Tax Calculator, know market’s Top Gainers, Top Losers & Best Equity Funds. Like us on Facebook and follow us on Twitter.