The Impact of Privacy Laws on Access Control
Moderator:Forrest Gist, Global Technology Lead – Security, Jacobs
Panelists:Kathleen Carroll, Managing Partner, Seven Seas Strategic Communications
Min Kyriannis, Managing Director, EMD|JMK
Rick Focke, Senior Product Manager, JCI/Tyco Security Products
Brenda Leong, Senior Counsel & Director of Artificial Intelligence and Ethics, Future of Privacy
Protection of cardholders' personal data, photo, DOB, license number, work and vacation schedule, etc, contained in access control systems is often
overlooked – and can easily be violated. Facial recognition has its own set of concerns. Those with appropriate privilege levels may theoretically
abuse their privileges and view the access control transactions and personal information of cardholders for non-security-related purposes.
Further, how is cardholder data entered, managed, stored, and secured? Video also plays a role in access control by providing verification
and, in some cases, recognition. How is cardholder consent to the use of their data being obtained? Can privacy laws work to diminish security?
With the prevalence of GDPR, CPPA, NY-Shield Act, and many others coming forward in the future, how would these privacy laws impact access control?
Requirements are broad and wide and many fail to understand that these privacy laws also include any digital signature in these systems. How do you
fuzz, encrypt and otherwise protect this data so it still falls under these requirements, yet maintain security?
- List common privacy laws and discuss what led to them.
- Understand the impact of privacy laws on security system products and access control in particular.
- List types of data that may be subject to privacy laws.
- Understand the precautions security manufacturers and provides must reasonably take to protect the privacy of personal data contained within their systems.
- Describe how privacy and security may have different or conflicting objectives.
- List means of protecting data to keep it private.