This is why legal governance is important. One could argue it's the customer's choice to enter into a theme park, so they could choose not to go instead if they don't want to give up their biometric data. But imagine you get in a car with friends to go to a theme park for the day and then you arrive and they want your fingerprints. That's a tough choice to say no, and most consumers won't say no. However, then when Six Flags sells or breaches the data later and folks have to deal with identity theft fallout they will suffer.On the other hand, as long as we use biometrics as identifiers but not authenticators then it's not problematic if the data becomes public. Indeed, having a fingerprint might be a good option if that can allow for then not storing any other PII data. I think once companies really start to understand that PII is a liability, not an asset, we'll slowly see a shift in the industry back towards pseudo-anonymity.
No comments yet.