Williams Cloud Technology

All Articles

Customer Check In and Privacy

Customer Check In and Privacy

Protecting customer privacy during digital check in.


When the customer checks in with a self-service kiosk, they must provide a verified ID. The very act of presenting this ID requires a PII compliant kiosk system that can securely transmit the ID to a more compliant system, usually fully HIPAA or PCI compliant. The connectivity must be secure and that connectivity can be audited. If the ID itself is not stored by the kiosk, then the kiosk does not require audit. If it does store the ID, then the kiosk is specifically in scope for security audit. This includes even a temporary storage such as buffered file store or cache.

The information on the ID is typically stored on the office systems. After all, the name, address, and birthdate of the customer is usually relevant to the service being offered. However, there is another means to track an individual that does not require storing this information at all.

It is possible for a third party to generate a unique ID for any individual. This ID is not a name, an address, or birthdate, and yet it can be used to identify the person even more securely the combination of all three of those values. While it is possible a person with the same name to have lived at the same address as someone else with the same name, and for those two people to have the same birthdate as well, it is not possible for two individuals to have the same unique ID.

It falls to the third party generating this unique ID to determine the best, most practical method to determine identity. This could be a combination of factors including parental records, residency, work history, personal references, photographic evidence, DNA evidence, biometric evidence, or similar unique values per person. The point is to aggregate these items such that if any small combination of them becomes invalid, it is still possible to validate the identity of the individual.

For example, if a picture of the face and a retinal scan is included for identity verification, then a disfiguring accident that caused the loss of a person's eyes could result in the loss of their identity unless the system were robust enough to account for the loss of two avenues of identification. It is critical that this be possible while also preventing any half-measures from succeeding in impersonating this individual.

The balance between privacy and secure identity is crucial. Too much personal information can lead to a leaked identity. Too much security can lead to potentially becoming locked out of your own identity. We recommend greater security with a strong stewardship to maintain integrity.