I was recently interviewed by a major news publication about biometric data devices like palm readers, fingerprints, and facial recognition. In our discussion, we explored how people weigh the trade‑offs between convenience, privacy, and security.
Interestingly, according to a report from the Identity Theft Resource Center, 69% of consumers are concerned that biometric data could be compromised by insiders, and 60% feared repurpose for non-verification activities (check out more stats here).
For example, I’m not convinced I would use a palm reader to check out at the grocery store versus just using my credit card. Of all the biometrics, my research leads to palm readers being actually a fairly safe option and the best of all the biometrics. The risk of my credit card being a problem at a major grocery store is also not worth it to me to pick a biometric. To learn a bit more about palm reader technology, read here.
Then, right after that interview, news broke that TSA Pre-Check would be temporarily closed. My immediate thought was that people will sign up for Clear, hand over sensitive personal information, all to bypass long airport lines.
In fact, I was mentally preparing this newsletter in my head. I now think in privacy content pieces (and while I’m supposed to be calm doing yoga) … I digress.
Then we had the reversal of the TSA Pre-Check closure, so I didn’t think much of it and was working on a different newsletter.
Today, my husband shared Clear’s clever marketing campaign, which I thought was just a matter of time, and so now we’re back to my original newsletter idea.
Now, someone who might not have been OK giving sensitive and biometric information to a private company might value more not standing in an airport security line for 3 hours.
I don’t have Clear yet for these very reasons. I haven’t felt I really needed it, and TSA Pre-Check has been good enough. With spring break on the horizon and security lines that really can be hours, I might very well have to face this decision myself.
How would a privacy pro review a company like this?
For anyone else curious, you’ll see at least my perspective as I evaluate this company. This is likely the same path a customer looking for privacy information would be looking for.
I had already visited their website (and didn’t quite feel like finding a new browser/reset etc.), so I can’t show you the cookie banner. I did like that it didn’t have a dark pattern, had reject all and manage settings available.
I can show you what the manage settings looks like, and I like that no cookies are already set and that they have the reject all button. Note, I’m in Georgia, and if you’ve ever heard me speak, you know that I always say I have no privacy rights. I don’t even need this cookie banner or settings. I like that I am presented with it.
Now I want to know how they use my data, so I am searching for the privacy policy or a trust page. I see various links to privacy policies at the bottom. I also see Privacy Commitment – a defined term that is listed under the “Who We Are.” This is a clue that they value privacy and that it’s not just a legal requirement.
When I click Privacy Commitment, here’s what I get – a big bold page explaining what my biggest concerns are. Will you share or sell my biometric information? They answer no. Can I control that information? Yes. Do they explain it clearly? Yes.
This is the rest of that page … and I like that I, someone who lives in Georgia where there is no comprehensive state privacy law, have the option to delete my data. The company has opted to offer privacy rights to all their customers, not just where legally required to do so.
There’s also a clear link from this page to read the full privacy policies. Most people signing up for this product care about a few things: sensitive data, how it’s used, and control, including deletion and security.
I continue on my journey, and under support and FAQ, there are more questions that are like what I just listed above. They have approached sharing information based on likely customer concerns.
If I could offer Clear some advice, I’d recommend building a comprehensive Trust Center that encompasses privacy, security, and AI. When I searched in the support box for AI or artificial intelligence, it came up empty. I don’t know if they are or aren’t using AI. In today’s world and with the sensitive data they have, I think customers are curious what companies are or are not doing with it.
I believe the future is in trust centers.
Trust centers give customers a single, transparent place to understand how their data is collected, used, protected, and governed. This builds confidence across privacy, security, and AI practices. They also help organizations demonstrate accountability by clearly outlining controls, safeguards, and responsible AI measures in a way that is easy for people to access and evaluate.
If you want to learn more about trust centers, be sure to subscribe to the She Said Privacy/He Said Security podcast, where we have an upcoming episode with a Chief Privacy Officer talking about implementing a trust center at her company. It releases in March!
Now I’m off to read the actual privacy policy. I like that it has hyperlinks to the left (and there’s more than this screenshot shows) as well as in the main policy. Hyperlinks are helpful to the reader and are very customer-friendly. It makes it easier to find the topic that the customer is most interested in.
Bonus points that it was just updated this month!
In this section, they are clear about what types of data may and may not be used in advertising.
While I’m not a Washington state resident, if I want to learn more about what they are doing with the information, I can read the Washington Consumer Health Data Policy that is required to comply with the Washington My Health My Data Act.
Looking at the effective date, it appears that they haven’t updated this particular privacy policy in nearly 2 years. It’s possible nothing has changed; however, it’s good industry best practice to update it annually.
Any privacy pros curious about what needs to be in this type of privacy policy, I highly recommend reading Mike Hintze’s, Privacy Partner at Hintze Law, blog post on this very topic. He actually has an amazing series on the entire law, which I encourage you to check out.
For those wondering about security measures, they can be checked out in the FAQ section seen below. Honestly, I’d like to have seen a bit more detail on this.
What do other security and privacy friends say?
Years ago, I remember a CISO who has worked at many big brands and responsible for a LOT of sensitive data, saying yes, he trusted them. He also had Delta Digital – a similar concept just for flying Delta.
Many other security and privacy friends have evaluated it just like me and they have moved forward with it. I also have others who refuse to use the facial recognition cameras at the airport and do manual screening.
So basically … to each their own.
Is the convenience worth providing this level of data?
Based on my review of their privacy policy, the transparent answers to my concerns about sensitive information and sharing, and their security statement, it appears that my information would be as safe as it could be, since nothing is ever completely safe or risk-proof.
I would benefit from standing in a shorter line at the airport on busy days. I also could get that cool blue check on LinkedIn, so everyone knows I’m real and not a pretend AI bot posting content (and that’s pretty valuable to me).
It comes down to this question:
Do I trust the company’s statements?
And that is the pinnacle of a privacy program.
I can’t actually audit the company.
I have to go based on what they tell me, reputation and gut instinct.
This is how what’s collected, how it’s used, how it’s protected, who the company is and privacy are interconnected.
Check out next week’s newsletter to learn if I do or don’t sign up.
What would you do? Reply and let me know what gives you comfort or still concerns you. I’d love to know and can share your (anonymized) thoughts in next week’s edition!
Jodi
💡 When you’re ready, here’s how we can help:
⚙ Privacy Advisory & Implementation: We help companies navigate privacy requirements with confidence. Our advisory support covers strategy, operations, and real-world implementation.
⚙ Fractional Privacy Services: We provide fractional privacy leadership tailored to your needs and pace. From program development to day-to-day support, we help you build and sustain a strong privacy program.