Demand for increased security and privacy mechanisms has never been greater. With companies having access to increasing amounts of valuable and often personal information about their customers and employees, businesses and individuals want reassurance that their data is protected.
At Nymi, the focus has always been a high degree of security whilst ensuring user privacy. Here, the company’s Quality Systems Manager, Danielle Harrison, explains why the Nymi BandTM strikes the right balance between security, privacy and ease of use, making it the most attractive biometric solution on the market.
Q: Why is security and privacy important for companies looking to connect groups of active workers?
Not only is it the duty of companies to protect their employees’ privacy, for companies that handle lots of data there’s often a huge financial incentive to comply with security and privacy regulations too.
The cost of non-compliance can be significant. In the EU, for example, GDPR proposes that companies that breach the rules should pay back up to either €20m or 4% of their global annual turnover, whichever is higher.
The demand is growing for companies to provide greater security and privacy generally. As the world becomes more technologically advanced, companies are increasingly trusted to hold and protect valuable and confidential information, on patents, for example, or personal information about their customers and employees. As a result, customers and employees are rightly demanding that their personal data stay secure.
Meanwhile, governments are also demanding more from companies, especially those related to healthcare or pharmaceuticals that hold on to lots of patient data and customer information.
When we talk about data security in the pharmaceuticals industry, we need to remember that the priority is about stopping data from coming off the network.
What’s great about Nymi is that zero trust security is built right into the platform – it’s this constant thought of ‘trust nothing’. For example, the Nymi Band continuously authenticates the user and operates with an “always on” notion, meaning that workers only need to authenticate once at the start of their shift, and will not need to present their biometric again thereafter. Additionally, there is end-to-end encryption built in the Nymi Band and unlike other devices, it does not connect to a USB so there is no way to extract data or personal information from it.
A risk for the pharmaceutical company is maintaining data integrity across the organization while maintaining data security. The Nymi Connected Worker Platform (Nymi CWP) can improve compliance in both aspects. By simply authenticating to the Nymi Band at the start of the day, employees can sign off on steps of a batch record while dressed in PPE, gain access to a secure room, or automatically lock out of their computer when they walk away. The platform connects the worker throughout the organization in all aspects (physical and logical) to make data integrity and compliance second nature. In essence, as long as there’s data integrity there is data security.
Q: What are some common data security and privacy challenges?
When we think of data security and privacy rules for companies, there aren’t many that are universal. The biggest regulatory structure globally is GDPR, but that focuses mainly on Europe. When you look at a country like the US, the rules are different even between states. Regulations for businesses in California can be very different from those in Florida or New York, for example.
Governments around the world are now implementing new regulations when it comes to data privacy making it a top priority for multinationals working across global markets, and with global networks. In many cases, it will mean that data can’t be transferred over that global network because of new, enhanced data security and privacy laws making the landscape difficult to navigate for multinationals.
Among new regulations, employees are becoming increasingly aware and protective of the personal information they share with their employer. Employees now, more than ever, are more concerned with the information that companies collect, have access to, and store on their networks. People can be particularly mistrustful of biometrics, because it almost seems like a ‘piece’ of them is taken when your fingerprint or retina is scanned. Employees are uncomfortable that companies store this information on some network or server, and they can’t control how it’s used.
Nymi can improve trust levels amongst employees because of the comprehensive privacy controls (privacy by design principles) that are built right into the platform. When employees are informed and understand exactly how their data is used and stored, they become more receptive to wearing the band because they understand that not only will they have full control over their biometric data and personal information, but that the band can provide value throughout their work day.
Q: How does the Nymi Band’s biometric technology improve security and privacy for customers?
When an employee is enrolled, a fingerprint template is captured, meaning the technology captures specific points from the fingerprint, never storing an image of their biometric information. The fingerprint image is immediately destroyed leaving the residual capture points to allow authentication of the band for future use. The biometric data is never transferred, shared to a server, network or cloud within the organization. The biometric, seen as personal information by employees, remains safe and secure.
Secondly, connected workers are empowered through opt in and opt out privacy controls to manage their information. “Privacy by Design” is built into the platform so that users can remove their biometric data from the band permanently, or by simply removing the band completely to which de-authenticates the band and in essence making it useless until it is reauthenticated. To ensure data integrity and security remains, when the biometric data is removed, by placing the band on the charger and pressing a button, the band will need to reenter the enrollment process to continue using the connected worker platform.
With Nymi, it’s a ‘one band, one user’ approach that makes the technology strong and secure. Users enroll the band through biometric capture that is used for all future authentication, making it impenetrable to use by other users. There is no fear of data integrity or privacy issues from an organizational or user perspective as the band cannot simply be picked up and used by someone else. We’ve built the Nymi platform so that controls can be tailored and finely tuned by both administrators and users, which boosts its universal appeal. Company privacy policies tend to vary widely between countries and regions. In Germany, for example, there are very strict rules on what employers can do with their employees’ data.
The Nymi Band has been designed from the ground up to help organisations operate more efficiently. There is no location tracking technology in the Nymi Band, and its end-to-end encryption is completely secure. Nothing from outside the Nymi network can be installed on to the platform. Our firmware is completely separate from the rest of the world, and the band cannot connect to public infrastructure, or be affected by information in the public domain. It’s a platform built with privacy, security, and a natural user experience top of mind.