People should not have to sacrifice their privacy in order to use and benefit from technology. This is the basis of “Privacy by Design” in its most basic concept.
Any amount of data can unintentionally reveal sensitive personal identifiable information (PII), which can land in the wrong hands. The principles of Privacy by Design provide a framework for how technology should be approached to reduce this risk. This includes a goal to minimize the amount of personal data that is processed and stored, and also takes into consideration all potential data access points.
Nymi has been practicing Privacy by Design since the inception of the company. The very nature of employee authentication requires technology to process some amount of PII, but Nymi’s approach reduces risk while delivering safety and productivity to users. Our mission has prioritized security and privacy, so we minimize storage of PII to the least amount required in order to deliver a workplace solution. The result is powerful technology that is balanced towards the end user’s interests and protects their right to privacy and autonomy.
Biometrics on the Nymi Band
When scanning a user’s fingerprint, the Nymi Band sensor will capture an initial fingerprint image that is then used to generate a mathematical template based on its unique features. The initial image is discarded in the trash and the mathematical fingerprint template is stored within protected memory. It never leaves the Nymi Band.
Similarly, a user’s heartbeat (aka ECG) is not stored on the Nymi Band. Two sensors confirm that the user’s ECG signals match, but the Nymi Band does not record or store the user's heartbeat.
Visibility & Transparency
A key component to designing a solution with privacy by design principles is also providing visibility and transparency to the end user. This provides a means for users to check that companies are handling their personal information in a secure and trusted manner, aligned with privacy policies.
At Nymi, we work with companies to ensure there is visibility and transparency about what, how, and why any PII is processed or stored. Furthermore, our wearables work in some of the most highly regulated environments and within strict GDPR guidelines.
In essence, Nymi Lynk provides a convenient and simple way for users to navigate their own data and analytics. They can interact with Nymi’s applications (physical access, logical access, digital signing, contact tracing) in a visual medium that’s transparent and easy to understand. Finally, as an added privacy control, Nymi Band users can wipe all their biometric information and personal data through Nymi Lynk at any time.
There are significant benefits to employee safety, security, and productivity when connecting workers to their digital systems. However, it is challenging to design a solution whose benefits are commensurate with the amount of privacy that the user must relinquish.
While there are many ways to approach designing a workplace wearable that balances these trade-offs, Nymi has always recognized user privacy as a design requirement as fundamental as other more obvious requirements, like security, compliance, and usability. In the end, we’ve designed a solution that mitigates risk to the end user and puts employee interests first in principle and in practice.