Behavioral Biometrics Supports Strict Regulation and Offers Better Data Privacy Protections
New report from Biometrics expert, Goode Intelligence draws insights from BehavioSec and law firm Osborne Clarke to analyze how behavioral biometrics technology can be successfully implemented in compliance with GDPR, CCPA, and similar regulations
BehavioSec, the industry pioneer and technology leader for behavioral biometrics and continuous authentication, today announced new findings that organizations and consumers can feel more comfortable with wider use of behavioral biometrics to safeguard their online digital experiences and identities.
Following a year of digital transformation on a societal level, the demand for better online user experience and a stronger level of digital identity protection has become essential. With a year when the world has seen a combination of personal data theft with new rulings and proposed legislation, like the EU Schrems II in July 2020 and the US National Biometrics Information Privacy Act in August [US Senators Merkley, D-OR and Sanders, I-VT], the need for expert guidance has never been higher. BehavioSec shares this research and a company milestone to highlight how behavioral biometrics can be adopted transparently with clear benefits, and in compliant fashion with comprehensive data protection laws. These include measures like the European General Data Protection Regulation (GDPR), the European Commission’s PSD2/SCA and its Open Banking mandate, the US California Consumer Privacy Act (CCPA) and similar, anticipated requirements of regulations proposed in other regions.
To validate the safe use of behavioral biometrics at a time when headlines are full of allegations about technologies like facial recognition and “deep fake” simulations being abused, BehavioSec sponsored the report, “2021 Global Data Privacy Regulation of Physical & Behavioral Biometrics” by respected industry research firm Goode Intelligence. In the report, Chief Analyst Alan Goode dives into the relevance of current and proposed global privacy and data protection legislation on the successful and compliant adoption of biometrics technology for authentication and identity verification, and addresses the key questions organizations and consumers are asking:
- Where do the next wave of behavioral-based technologies fit?
- How do they impact our delicate balance between security, privacy, and regulation?
- Are they covered under existing and proposed regulation?
- Will behavior-based technology make matters worse – or much better?
Leveraging global bank customer input, extensive research, and legal opinion from attorneys at international law firm Osborne Clarke, the paper outlines how enterprises can confidently use behavioral biometrics while complying with some of the strictest privacy and data protection laws in the world, including GDPR, industry payment regulations like PSD2 SCA, and 3D Secure 2.0 technology.
“As we move more of our personal and business tasks online, it is becoming increasingly important to secure digital channels,” says Goode. “Mobile security is more important than ever before and behavioral biometric technology has proven itself as a vital tool in enabling secure access to digital services, preventing fraudsters from gaining access, all while remaining compliant to GDPR, among others.”
A US-based webcast, “Biometrics & Digital Identity Verification – 2021 Data Protection & Privacy Regulation Insights” will be broadcast on May 25, 2021 featuring a presentation by Alan Goode on his report’s findings and offer further insight on data privacy, digital transformation and fighting fraud and cybercrime using biometrics. Viewers can register to watch the webinar hosted by BehavioSec and IDG including a discussion between CSO’s Bob Bragdon, Alan Goode and an expert panel including Dr. Shane Shook, Financial Crimes Investigator and Venture Consultant at ForgePoint Capital, Jordan Blake, BehavioSec Vice President of Products, and Jake Bernstein J.D., attorney at Focal PLLC and former Washington State Assistant Attorney General.
“It is crucial to proactively stir these debates now on how new technologies define identity and authentication, before assumptions and lack of transparency – even if unintended – irrevocably shake public and policymakers’ trust,” added Jake Bernstein, who specialized in prosecuting consumer protection cases during his time in the U.S. Washington State Attorney General’s office. “The boundary between improving digital trust and triggering privacy and identity crises does not have to be a slippery slope where biometric-based systems are concerned. Yet, perceived missteps and alleged abuse of facial-recognition and other innovations to-date show us what stakeholders, including businesses, have to avoid.”
Additionally, on May 26th at 3:00pm BST/4:00pm CEST, Goode will host a second webcast, “2021 Global Regulation of Physical & Behavioral Biometrics for Digital Identity Verification”, to present his research on the impacts of privacy and data protection regulation on the implementation of biometrics by businesses, particularly across the European Union. As the Founder, CEO, and Chief Analyst of Goode Intelligence, Goode is a respected expert in information security and biometrics and will offer insights on how businesses may be able to consider their specific use cases and possible exceptions for explicit consent according to GDPR regulation. Goode will be joined by BehavioSec and international law firm Osborne Clarke, who BehavioSec commissioned to advise on the regulatory impact to customer deployments of the BehavioSec behavioral biometrics platform, specifically within the German banking sector.
“There’s no question that technology vendors need to continue to work collaboratively with government and business to ensure better protection and experience for consumers and employees while staying fully compliant,” said BehavioSec CEO Neil Costigan. “As the pioneer in this space, we’re offering this research to the market to open the dialogue, and we’re also demonstrating and modeling compliance as a company. Beyond our ongoing support of GDPR and security best practices, we are happy to share our recent SOC2 Type1 certification, and our active program for Type 2 and ISO 27001.”