Re: Developing a Privacy Framework (Docket No. 181101997 ...
Privacy and Biometrics: A Developing Case Study
description
Transcript of Privacy and Biometrics: A Developing Case Study
![Page 1: Privacy and Biometrics: A Developing Case Study](https://reader036.fdocuments.us/reader036/viewer/2022062811/56815f82550346895dce88ec/html5/thumbnails/1.jpg)
Patrick J. Gossman, Ph.DDeputy CIO
Wayne State UniversityDetroit, MI
![Page 2: Privacy and Biometrics: A Developing Case Study](https://reader036.fdocuments.us/reader036/viewer/2022062811/56815f82550346895dce88ec/html5/thumbnails/2.jpg)
OverviewPresent a short case study, still in
development, to illustrate the “power” of privacy concerns around biometrics
Discuss key questions that may be raised in any campus deployment
Lead into an in-depth review of the law
11/18/10 Wayne State University 2
![Page 3: Privacy and Biometrics: A Developing Case Study](https://reader036.fdocuments.us/reader036/viewer/2022062811/56815f82550346895dce88ec/html5/thumbnails/3.jpg)
The SituationA large urban campus, 100 buildings200 custodial staff, unionizedCentral check-in inefficient, error-proneDesire distributed readers so staff can report
directly to their work locationRemote check-in easily spoofed with
magnetic stripe card readers
11/18/10 Wayne State University 3
![Page 4: Privacy and Biometrics: A Developing Case Study](https://reader036.fdocuments.us/reader036/viewer/2022062811/56815f82550346895dce88ec/html5/thumbnails/4.jpg)
Perfect SolutionBiometric readers inside all buildings for
check-in and check-out of custodial staffBiometric readers well-proven technologies,
not easily spoofedInitial up-front cost, but reasonable
maintenance costs
11/18/10 Wayne State University 4
![Page 5: Privacy and Biometrics: A Developing Case Study](https://reader036.fdocuments.us/reader036/viewer/2022062811/56815f82550346895dce88ec/html5/thumbnails/5.jpg)
So, why are we installing CARD readers?Privacy became a key issueConcern about dealing with privacy led to
many other questions:Does the technology solve our problem?Introduce other problems?Worth the cost?Maintenance questions?
11/18/10 Wayne State University 5
![Page 6: Privacy and Biometrics: A Developing Case Study](https://reader036.fdocuments.us/reader036/viewer/2022062811/56815f82550346895dce88ec/html5/thumbnails/6.jpg)
Biometrics - Privacy ConcernsHow secure are the data?Hosted solution, added concerns?Who has access?What data are we gathering?If released, how might it be used?How long do we keep it?What will be done with it?
11/18/10 Wayne State University 6
![Page 7: Privacy and Biometrics: A Developing Case Study](https://reader036.fdocuments.us/reader036/viewer/2022062811/56815f82550346895dce88ec/html5/thumbnails/7.jpg)
SecurityStorage is in highly secure environmentsSAS 70 security auditAccess to data is strictly controlled by
password and roleAll data are transmitted via VPN
11/18/10 Wayne State University 7
![Page 8: Privacy and Biometrics: A Developing Case Study](https://reader036.fdocuments.us/reader036/viewer/2022062811/56815f82550346895dce88ec/html5/thumbnails/8.jpg)
What Data?Biometric identifier vs. tracking dataBiometric identifier considered was hand
geometryPhysical images would not be storedHand geometry technology is encrypted on
both ends (storage and reader) and of no use if decrypted otherwise
11/18/10 Wayne State University 8
![Page 9: Privacy and Biometrics: A Developing Case Study](https://reader036.fdocuments.us/reader036/viewer/2022062811/56815f82550346895dce88ec/html5/thumbnails/9.jpg)
How Will Data Be Used?Management reports onlyReports using biometrics would be no
different than if card readers or manual entry of attendance data were deployed
11/18/10 Wayne State University 9
![Page 10: Privacy and Biometrics: A Developing Case Study](https://reader036.fdocuments.us/reader036/viewer/2022062811/56815f82550346895dce88ec/html5/thumbnails/10.jpg)
So why are we installing CARD readers?No guarantees (are there ever?)Technology sounds complex, obtuseDon’t trust what you don’t understandDon’t trust technology and administration Deployment plan with biometrics would close
some loopholes, but not allTherefore, start with less intrusive process
11/18/10 Wayne State University 10
![Page 11: Privacy and Biometrics: A Developing Case Study](https://reader036.fdocuments.us/reader036/viewer/2022062811/56815f82550346895dce88ec/html5/thumbnails/11.jpg)
In Our Case. . . More WorkCard readers are accepted and address the
first problem of efficiency – staff go directly to work assignments
Biometrics would help eliminate spoofing and problems with lost cards
Neither solves absence between check-in and check-out
Building access is a related issue
11/18/10 Wayne State University 11
![Page 12: Privacy and Biometrics: A Developing Case Study](https://reader036.fdocuments.us/reader036/viewer/2022062811/56815f82550346895dce88ec/html5/thumbnails/12.jpg)
In Your CaseProblem analysis is critical.Biometrics are just tools.Processes are critical.Total plan must be solid, ROI analysis solid,
need for biometrics solid, particular technology well chosen.
Campus culture cannot be ignored.
11/18/10 Wayne State University 12
![Page 13: Privacy and Biometrics: A Developing Case Study](https://reader036.fdocuments.us/reader036/viewer/2022062811/56815f82550346895dce88ec/html5/thumbnails/13.jpg)
ClosingChoose least intrusive technology Make it simple to understandTransparency is requiredConsider broad participation in decision
process to aid adoptionDifferentiate between what is required by law
and what is required by your culture
11/18/10 Wayne State University 13
![Page 14: Privacy and Biometrics: A Developing Case Study](https://reader036.fdocuments.us/reader036/viewer/2022062811/56815f82550346895dce88ec/html5/thumbnails/14.jpg)
Patrick J. Gossman, Ph.D.Deputy Chief Information OfficerWayne State UniversityDetroit, MI 48202
[email protected](313) 577-2085
11/18/10 Wayne State University 14