November 3, 2014 -
The Natural Security Alliance, an authentication standards association, has created a set of privacy rules that will help companies implement biometric security best practices and comply with data protection laws.
According to its announcement last week, the Natural Security Alliance’s new Privacy Rules help biometric authentication systems dictate an organization’s obligations when collecting and handling personal data.
The basis for the Privacy Rules can be attributed to the “accountability principle” established by the Article 29 Working Party, an independent advisory body established by the European Parliament to investigate concerns of personal data and privacy, as well as concepts around the application of biometrics from the EU’s National Data Protection Authorities.
Essentially the new Privacy Rules helps ensure that biometric data is secure and confidential, minimizing the risk of misuse, and that the data subject (ie. the person whose data is stored) has consented to the data collection and that they have some control over their data and its use. Also, it encourages organizations to only use the minimum amount of data necessary for authentication – often involving the conversion of raw data into templates – and discarding the raw data. This also helps limit misuse of data because, if obtained, if could be in a form that wouldn’t be useful to a scammer.
Additionally, the Alliance has developed two instruments: the certification and the mark, which ensure that products and organizations integrating the Natural Security Standard comply with the technical specifications. Certified products are deemed “genuine”, and able to communicate with other certified products as part of a genuine Natural Security environment. The Natural Security mark shows data subjects that the organizations that handle their data comply with the Natural Security Standard.
The Natural Security Alliance has been around since 2008, and last year launched an alliance for wireless biometric payments, which was recently joined by Germany’s Certgate, a major provider of mobile security solutions.
In March, the Natural Security Alliance released its strong authentication specification for payment and access to services which includes various local biometric verification procedures, devices and wireless technologies.