Navigation
This form does not yet contain any fields.
    Login
    « Definition of a good client. | Main | 15 more minutes of fame. »
    Tuesday
    Nov182008

    Security done right.

    DateTuesday, November 18, 2008 at 03:42PM

    So I'm on a short-term engagement with %client%, where %client% is located in a secure building. Access to the building is controlled by swipe cards plus fingerprint reader, so I needed to sit for a photo and to have my fingerprint taken. I asked the following question of the security guy who was taking my picture, not really expecting an answer:

    "What's your data retention policy on fingerprint information? I'm on an 8-week contract and don't really want my fingerprint on storage here until time immemorial."

    Without even missing a beat, security guy responds "SOP is that your fingerprint data is scrubbed from the database as soon as we receive the request to terminate your building access."

    I'm telling you, you could've knocked me over with a feather. Talk about being on the ball.

    AuthorLaura E. Hunter | Comment2 Comments |
    in

    Reader Comments (2)

    Now whether or not it is done.... That is another matter entirely... How do they audit the cleanup? How do you validate their audit?
    November 30, 2008 | Unregistered Commenterjoe
    Oh sure, I'll concede that point in a New York minute. I was just impressed that I even got the initial response, rather than the blank stare I was expecting. :-)
    November 30, 2008 | Registered CommenterLaura E. Hunter

    PostPost a New Comment

    Enter your information below to add a new comment.

    My response is on my own website »
    Author Email (optional):
    Author URL (optional):
    Post:
     
    All HTML will be escaped. Hyperlinks will be created for URLs automatically.
    Alert
    Comment Moderation Enabled
    Your comment will not appear until it has been cleared by a website editor.

    Notify me of follow-up comments via email.