Virtual CONSULT Program from 10/27/20
Protection of cardholders' personal data, photo, DOB, license number, work and vacation schedule, etc, contained in access control systems is often overlooked – and can easily be violated. Facial recognition has its own set of concerns. Those with appropriate privilege levels may theoretically abuse their privileges and view the access control transactions and personal information of cardholders for non-security-related purposes. Further, how is cardholder data entered, managed, stored, and secured? Video also plays a role in access control by providing verification and, in some cases, recognition. How is cardholder consent to the use of their data being obtained? Can privacy laws work to diminish security? With the prevalence of GDPR, CPPA, NY-Shield Act, and many others coming forward in the future, how would these privacy laws impact access control? Requirements are broad and wide and many fail to understand that these privacy laws also include any digital signature in these systems. How do you fuzz, encrypt and otherwise protect this data so it still falls under these requirements, yet maintain security?
View the Session Video
Privacy Session Slides