The European Union’s directive on privacy, the General Data Protection Regulation (“GDPR”), has forced nearly every company on the planet to update and re-issue privacy policies. Voice Biometrics Group is no exception. We have updated our policies and are notifying clients. The key point to note about our implementation is that the amount of private data in our platform is limited. Unless a customer fails to use basic security measures to obfuscate a user id, nothing about a person’s identity other than the voice. Of course, a person’s voice and what they might be saying could be extremely personal!
That’s why all content you submit to our platform must be protected by TSL encryption, and all voice data that we store is encrypted using AES-256 level encryption. This makes VBG’s platform secure. We also run our cloud services in facilities that meet SOC 2 compliance, so the environment where we run our software is also secure. So whether you use VBG from our Cloud or on your premises, you know you have a secure and compliant solution.
What you also need to know about GDPR is that GDPR treats biometrics as a special case. In fact, it prohibits biometrics of all types except in a specific set of instances. Out of those instances, most do not apply to commercial users of voice biometrics. The one exception where biometrics is allowed is when the user opts in. Therefore, if you are subject to GDPR, whether because you’re in the EU or because applicable law requires you to adhere to something close to GDPR, you will need to have an opt-in process and system.
For your convenience, VBG is implementing an opt-in system. Look for it in Q4 of this year.