Video: Biometrics and Privacy Regulations Compliance

Learn more about biometrics and deepfakes at the next SpeechTEK conference.

Read the complete transcript of this clip:

Roanne Levitt: I'm not a lawyer, and if I were a lawyer I wouldn't be your lawyer, so whatever I say is just my opinion, or my point of view. There are a number of things that we've done to take into account these privacy regulations. So GDPR is a European regulation, and it's based on-- they're all basically based on consent.

But in the GDPR there's the concept of a controller, and the concept of a processor. And as long as you're--as a vendor, as a software vendor-- as long as we're providing our technology to our customers on-prem, so they control the systems, we are not a controller, nor are we a processor. And therefore it's really up to our customer to make sure the correct measures are in place. As soon as you provide a service on the cloud, for GDPR, then you become either a processor or a controller, or both, and that's where you have to be very careful.

If you're going to be a processor, then you have to make sure that all of the regulations are taken into account. And the process we have to go through for that, or I have to go through as a matter of fact for that, is our legal counsel would go through what we call a PIA, a privacy impact assessment, and ask a whole lot of questions about what kind of data we are collecting? What are we doing with the data? What's our intent? How long are we gonna keep it? And then produce a whole assessment on risk, and figure out the remediation for that risk. So it's a very, very lengthy process to make sure that we don't make any mistakes and we comply with the laws.

In the US, it's a little bit different. So the three states that I know of that really have specific legislation on this are Illinois, Texas and Washington. Illinois being the most restrictive, so our legal counsel basically said we need to go with the most restrictive and make sure that we're complying with those laws. And there's a concept of biometric information and biometric identifiers, and again I'm not a lawyer and I'm not an expert in the field, but there are a lot of hoops that we have go through to make sure that we're compliant as a processor and/or controller. But as an on-prem service provider, that's really outside the scope of what we need to take care of.

John Amein: I'd like to just say that people freak out over the whole GDPR and everything, and they needed to because it was all brand new. The three basic rules, and there's a lot of details as Roanne was saying you gotta go through, but the three basic rules are, number one, you absolutely need to get consent. If you don't get consent, you're really blowing it. So make sure you get consent, and that's one of the reasons those lawsuits happened in Illinois. Just like the vendors, Six Flags, they were just stupid, they were absolutely just stupid. So get consent, number one.

Second is encrypt or protect the data just like you would secure any important data. And believe it or not, some people don't do that, so just absolutely gotta make sure you encrypt and protect the data. And the third thing is you have to be able to delete the user if they ask. If you can do those three things, you've probably solved the problem, and it shouldn't be really outside the realm of the company's ability to do so.

SpeechTek Covers
for qualified subscribers
Subscribe Now Current Issue Past Issues
Related Articles

How Millennials and Generation Z Are Helping to Drive Voice-Based Solutions for Urgent Customer Support

The fact is, many consumers, and in particular younger ones such as Millennials and Generation Z, prefer voice communications when interacting with organizations for urgent support.

Video: How Conversation Print Helps Fight Speech Spoofing

Nuance Communications Senior Manager, Commercial Security Strategy Roanne Levitt explains how Nuance's Conversation Print addresses speech spoofing in this clip from her panel an SpeechTEK 2019.

Video: How Biometrics Can Detect Deepfakes

Pindrop Director of Product Marketing Ben Cunningham discusses how liveness detection, synthetic speech detection, and other deep voice biometric technologies can fight the threat deepfakes pose in this clip from a panel at SpeechTEK 2019.

Video: Detecting Deception in Speech, Pt. 2: Findings

Interactions LLC NLP Scientist Yocheved Levitan outlines the findings of a recent academic study on detecting deceptive speech and how to distinguish it from truthful speech in this clip from her presentation at SpeechTEK 2019.

Video: Detecting Deception in Speech, Pt. 1: Methods

Interactions LLC NLP Scientist Yocheved Levitan discusses a recent research study on identifying cues of deception in speech, and machine learning-based approaches to classifying deceptive speech in this clip from her presentation at SpeechTEK 2019.

Video: What Is the Minimum Amount of Speech for Authentication?

Pindrop Director of Product Marketing Ben Cunningham discusses best practices for voice authentication in IVR design in this clip from his panel at SpeechTEK 2019.