We live in a world in which the concepts of privacy, security and convenience are often in opposition to each other. When conflicts occur, both consumers and companies can suffer greatly. One of the best examples of this paradox was Netflix’s infamous years-long contest to create a recommendation algorithm.

Launched in 2006, the goal of Netflix’s contest seemed logical enough: use customer viewing and review data to personalize recommendations that would create happier customers and improve customer retention. Sounds like a win/win, right?

Unfortunately, the contest – which had more than 50,000 contestants – ended in a privacy scandal that might have sunk a less robust company. Netflix took a wrong turn when it sent more than 100 million “anonymous” (but real) customer movie ratings, subscriber identification numbers and more data to all its contestants to play with. The idea of releasing such a massive database out into the world raised eyebrows even before the ensuing privacy lawsuit, Doe v. Netflix, was filed.

In 2007, two researchers from The University of Texas at Austin identified individual Netflix customers by matching the data sets with film ratings on IMDb. The plaintiff in the lawsuit was an in-the-closet lesbian mother who claimed that the data had not been sufficiently anonymous. Netflix settled, paying $9 million to a fund that benefited privacy groups. The company also agreed to change its data retention policies. Years later, after the company transitioned to a mostly streaming platform, and Netflix wisely added additional features that allowed customers to delete viewing history, thereby enabling them to self-govern their own data.

The lesson in this story is that customers want convenience, but only if reasonable precautions are taken to protect privacy and security. For instance, facial recognition (which is becoming increasingly popular in public settings to increase security or even on your smartphone to unlock without typing) can make boarding a plane faster and with less hassle at the gate. However, travelers will want to know where and how their face images are being stored, and what they can be connected to later, before they opt in. 

In the digital age, the concept of privacy is dynamic and increasingly difficult to define. So how can companies deliver amazing experiences on demand without violating privacy?

A new set of rules is needed for any company doing business in the 21st century. I propose a new set of guidelines called TRUST:

  • Training
  • Responsible Data Handling
  • Un-Enrollment
  • Self-Regulation
  • Transparency

The TRUST model is general and flexible enough to be adapted by virtually any business, but it’s especially fit for companies handling biometrics and personally identifiable information.


Every situation is different, but companies should adopt ongoing privacy training just as they have for topics like sexual harassment and fire safety. When people aren’t trained properly in the use of powerful technologies, the door for abuse is left wide open. When applicable, this should also include compliance with local, state, federal – and in the case of things like GDPR – recommended global practices.

At my own company, we have adopted a set of best practices for proper training and responsible data-handling for anyone who uses facial recognition services. Compared to databases used by insurers, hospitals, banks or even many marketing departments, biometric databases contain relatively little sensitive personally identifiable information. With that said, we take the storage of biometric data seriously. All customers undergo extensive training on proper data handling, including how to set up data security permission-levels in the system and how to audit the database. We also provide customers with a knowledge base containing educational content about proper data handling.


The nightmare scenario for any consumer is what happened to some Uber customers when employees, in 2016, used location data to routinely spy on them, including certain politicians and even Beyonce. When creating data handling policies, companies should begin by asking themselves these questions: how many people truly need access to customer data? How can we create data layers that can further restrict access to certain types of information to a very specific set of employees? Once these policies are decided, then technological firewalls need to be put in place to make enforcement possible.

But every situation is different. For facial recognition, we have, through product design, attempted to prevent discriminatory profiling by race, age, gender or national origin. Customers using the product for security purposes are unable to report on demographics, by design.


While not enforceable outside Europe, GDPR has raised awareness about the importance of the total deletion of personal data upon request. This has caused a lot of anxiety for companies, since virtually any tracking technology, ranging from websites to Internet browsers, tracks “anonymous” visitors and attempts to eventually marry this data with personally identifiable information. While this data is sometimes helpful, it is typically not critical, and could be used to identify someone eventually.

In facial recognition, we refer to all non-matched “unknown” individuals on camera as anonymous. We automate the routine purging of this type of data, as often as nightly, depending on the circumstance. This is an example where the technological delta between old-school video surveillance and face recognition actually makes it possible to make surveillance less intrusive for ordinary citizens.


When industries don’t adequately respect consumer privacy, government steps in with regulations. To date, for example, there is very little government oversight of social media data handling, principally because to some degree, the largest providers have gradually rolled individual controls into the platforms. While even Mark Zuckerberg admits that some government regulation may still be needed, the industry has already done a lot to lead by example.

My company and companies like ours are working in a cross-industry capacity with law enforcement, retailers and other security vendors to establish reasonable data security standards, including a certification process. Considering that only three states and one Canadian province currently have biometric surveillance regulations, this isn’t just good stewardship – it’s also very practical work that benefits both the community and industry.

By the way, self-regulation isn’t always in lieu of government regulation. There are times when government is absolutely needed. However, industry can often lead the way by beginning governance efforts before regulations are put into place.


More corporate privacy scandals are due to a lack of transparency than any other reason. A recent example is MoviePass, which shocked its customer base when its CEO announced that the company was using its mobile app to track user activities before and after movies. When it comes to everyday consumer applications, going transparent is far easier than it is for the security industry.

With that said, whenever practical, organizations should disclose the use of biometric surveillance. We recommend customers to disclose that face recognition is in use to safeguard the public, including signage and help with public disclosures, to help encourage this in actual practice. However, in some very unique cases, such as government intelligence, security issues prevent overt signage. Certain conditions may prevent those tasked with protecting public spaces from disclosing that they are using biometric surveillance, as a clandestine approach may make it easier to catch dangerous criminals.

Still, we believe that it’s vital that all of us – in every industry – help lead our customers into a state of greater transparency. I’m convinced that our society is moving toward transparency, as brands like Jet Blue, CaliBurger and many more have announced their use of face recognition. Outside the biometric industry, Whole Foods is set to become the first grocery retailer to offer full GMO transparency, while Zappos invites customers into its headquarters, and at times, even into departmental meetings.

Whatever business you find yourselves in, if possible, encourage transparency. Building a in a black box, especially in regards to data handling, inevitably leads to consumer backlash. At the end of the day, the best way to encourage brand loyalty is through an authentic social contract built on TRUST. It’s the right thing to do.