Using the IRAC System (Issue/ Rule/ Analysis/ Conclusion)….
You are the Chief Information Security Officer for a global financial services company. You have read the attached report regarding a recent lawsuit against the NYPD for records pertaining to their use of a facial recognition tool. You are concerned as you read this because you know that the technology department is working in conjunction with the marketing departments and business department to create a tool wherein clients faces are recorded and analyzed as they view financial products to determine how effective the sales pitch is. You know that recently biometric data has come under scrutiny and you wonder if the tools the technology department are developing may include bio metric data.
You decide to call a meeting with the Chief Compliance Officer, Chief Ethics Officer and Chief Privacy Officer to discuss this new tech tool. From the perspective of each officer, please identify what their concerns may be and include your own as the Chief Information Officer. [Get creative here and think about what the concerns would be] and refer to any laws or policies that you think may be applicable. The more relevant laws you can cite to the better.
Based on the concerns discussed at the meeting, please try and come up with a template WRITTEN POLICY for the marketing program which uses facial recognition. Try identify 7-10 items that you would like to see included. The template codes and policies in the back of your textbook can act as a general guide as you consider this. Policies are always written from the perspective of – how can this program be abused and what do we need to write down to guide and protect it. Use of words and terms like “prohibited”, “Subject to approval” and “in limited circumstances” will help the policy seem more real.