Privacy by Design: Best Practices for Using Facial Recognition to Support Safer K-12 Campuses
Selecting the right facial recognition software is an important first step in developing an effective campus security system.
Facial recognition technology is the newest tool K-12 administrators can use to make campus access more secure and convenient. Districts nationwide are successfully incorporating this technology as part of daily life in schools. While leaders in education are concerned about enhancing safety, they are equally vigilant about protecting the privacy of staff, students, and visitors at their schools.
When considering any facial recognition technology for use in schools, it is a good idea to first determine if Privacy by Design was implemented during product development. Privacy by Design asserts that any product or service should be designed with privacy in mind, such that the design proactively supports privacy principles. Products and services that embrace this principle, such as SAFR™ by RealNetworks, should contain a variety of important privacy features, such as data access controls, data encryption, and data management controls.
Selecting the right facial recognition software is an important first step in developing an effective campus security system. Successful implementation of facial recognition technologies requires that Privacy by Design be incorporated at each step of the planning, installation, rollout, and management of the system. There are several key guidelines to follow when implementing a facial recognition platform to support a private, safe, and secure environment.
The first element of proper facial recognition implementation is clear and transparent communication with stakeholders—including parents, staff and students—at the early stages of consideration. Soliciting thoughts and concerns from the community before any systems are installed improves the chances of a smooth and successful deployment.
Once the decision to implement a facial recognition system has been discussed and approved, all stakeholders should be notified, preferably in writing or via email, of the upcoming installation and told precisely what data will be collected and how it will be used.
Schools should take a thoughtful approach regarding camera placement. This includes avoiding putting cameras in areas likely to be considered sensitive, such as restrooms, locker rooms, classrooms, nurses’ offices, or guidance counselor offices. Once systems are installed, notice should be clearly posted wherever cameras are present.
To meet Privacy by Design principles and legal requirements, schools should obtain explicit consent prior to collecting biometric data. A sign stating, “By entering these premises, you agree to being photographed” is not sufficient. Explicit consent means that a person needs to “opt in” or “say yes” before agreeing. If there are parties who are underage, an appropriate guardian can opt in on their behalf.
Explicit consent also requires that the school be clear about what they are doing, why they are doing it and what is being done with the data. Again, signage assuming consent fails to meet this standard. An example of explicit consent could be a signed document reading, “I agree to be recorded so that my face can be matched to a database of people allowed to enter this campus. I understand that my data will not be shared with any third parties and will not be retained for more than one year.” Consent can be revoked when a user deletes his or her account, or sends in a form stating consent has been withdrawn. Upon withdrawal, all data of that individual should be immediately removed from the system and destroyed. SAFR includes features for schools to remove individuals and their data from the system.
When a new security system has been implemented, staff, students, and visitors may expect that the school is taking care to protect their data and privacy. To meet this expectation, schools need to have modern security protections in place.
RealNetworks provides several options to support secure data storage, with options for storage at the school or managed in the cloud. Having multiple options for data security ensures flexibility for the school, and protection for the user. The data is also password-protected, encrypted, and can only be accessed by a select group of authorized users.
To maintain an effective security system, schools should frequently review policies and procedures to ensure everything is up-to-date. Through a proactive approach to security, schools will remain protected and potential issues will be identified early on.
It is best practice to limit the retention of personal data collected and stored by an organization implementing a facial recognition system. Successful school installations require a clear policy for retention and disposal of personal data. Simply put, people should know how long their facial images and personal data will be stored in the system, and when and how the school intends to discard that data.
The storage period should be as short as possible to achieve the intended goal. For example, many schools opt to discard biometric data at the end of each school year. Should a user decide to revoke their consent to participate in the facial recognition program, that user’s biometric data should be discarded immediately. Clear standards of data retention and removal are crucial to any facial recognition program.
As with any software implementation, aspects of the facial recognition system may change or evolve. Schools can earn and maintain support among stakeholders by providing clear, timely, and transparent communication to everyone involved as changes occur.
If there are any changes to data policies, they should be discussed and approved by everyone who would be affected. School policies that are kept up-to-date and readily available for review, in an accessible location, are more effectively adopted and upheld for users. It is also important to notify stakeholders if you have a specific schedule to review your facial recognition system, and present frequent opportunities for feedback.
Lastly, transparency can be increased by ensuring stakeholders are aware of how long their data will be kept and who holds access permissions. When introducing a new technology such as facial recognition, building trust through transparency is key. Well-informed participants will ensure a smoother implementation.
A thoughtfully managed approach to maintaining a campus facial recognition system can have a positive effect on your institution by enhancing the safety of staff, students, and visitors. Campus access can be made faster and more efficient, and staff, students, and visitors can feel safer knowing that entry is dependably controlled. Effective management of a facial recognition system on campus involves continued vigilance around system access, data encryption, review of data policies, ongoing stakeholder involvement, and thoughtful attention to the purpose, use, and retention of personal data.
Successful implementation requires thoughtful planning, a good dose of common sense and of course, the selection of a highly accurate facial recognition technology, such as SAFR by RealNetworks. Following the standards detailed above will not only promote a smooth transition for your organization, but also result in a more connected, empowered, and ultimately safer community.
This article was originally publishing on safr.com at https://safr.com/general/privacy-by-design-best-practices-for-using-facial-recognition-to-support-safer-k-12-campuses/.