The rise of Data Controller

As technology becomes ever more intertwined with our daily lives, consumers are entrusting businesses with increasing amounts of their personal data. 

The Data Controller is the legal person who controls and is responsible for the safe keeping and use of a user’s personal data. With the European legislative changes planned for 2014 introducing an obligation for the controller to appoint a mandatory data protection officer (Article 30) – data protection will remain high on the agenda of businesses, consumers and governments.

Regardless of whether it’s online or offline, core to protecting customers is ensuring that any individual trying to access services is actually who they claim to be. Unlike the use of other forms of authentication, such as passwords or tokens, biometric recognition provides a strong link between an individual and a claimed identity. It also offers a unified experience across multiple channels, making it an increasingly popular authentication method.

Biometrics uses an identifier that is unique to each person, that remains with the user at all times and cannot be forgotten, solving many of the problems that currently threaten security. This is why the role of the data controller is becoming even more significant. 

The consequences of not protecting data can be monumental, regardless of the size of the business. The recent Department for Business, Innovation and Skills' 2013 hacking survey found a massive 87 per cent of UK small businesses across all sectors experienced a security breach in the last year, with the average attack causing between £35,000 and £65,000 worth of damage. Alongside the cost implications there’s the potential damage to reputation and trust from customers.

When it comes to biometrics, there’s some best practice guidelines that all data controllers should follow to ensure the privacy of personal data, and it’s something we’re real advocates of at Natural Security: 

Don’t store biometric information on a database

Understandably the idea of submitting their most intimate physical data into a potentially accessible database strikes fear into most people. But there are biometric solutions that don’t require any information to be stored in a database. For example, Natural Security is based on a secure element on which the user’s biometric data is stored. Unlike typical database-led biometric solutions, this gives users complete control over their biometric data, be it a fingerprint, finger vein or iris scan, and removes the risk of stored data being accessed by unauthorised parties.

The user also has to carry the device on their person for a transaction to be completed, again making it impossible for one user to be mistaken for another, and making stealing a device fruitless for any criminal. 

Forbid all network tracking

Prioritising privacy means tracking customers or employees is a big no-no, users should be able to choose when and how they are interacted with- it goes a long way to building trust. With intelligent advertising- often location based- bombarding consumers from all channels, it’s no wonder we regularly feel uneasy at the idea of being under surveillance. Yet, removing tracking doesn’t mean loyalty schemes become redundant. Customers like to be rewarded so will often opt-in to loyalty schemes, allowing companies to gain the same information on behaviour and preferences.

Removing the tracking function altogether means Data Controllers also ensure that location-based information can never be misused intentionally or otherwise, giving maximum security to users.

Don’t misuse data

Extracting data from its stored location, acquisition of data in transition and unsolicited tracking of customers are all misuses of data – even if it’s accidental. Where data is concerned, it’s the Data Controller’s responsibility to ensure new technology is properly implemented and used, so no unauthorised persons have access and no data is stored unnecessarily.

The Data Controller is an essential member of a modern business’ IT and Security team, supporting the selection of technology systems and improving the storage, use and protection of personal data. By making privacy a priority, Data Controllers can also prove to be very cost efficient, ensuring businesses avoid data breaches that can incur hefty fines.  As data protection remains high on the international political agenda, those businesses with a good Data Controller already in place will most likely stay one-step ahead.