There can be many consequences to visiting casinos or gambling institutions. It can be more than the gains or losses to your wallet, depending on how well you play poker. It can be more dangerous than the extra notch on your belt from too many trips to the all-you-can-eat buffet as well. No, it's not the same as your elderly auntie scolding you for visiting a business that she considers filled with those who have lost their way. There is a danger of real consequences for both the casino and for the patron on who data is collected for security purposes.
Data security and data privacy have real consequences for companies that collect and retain the information as well as the consumer on whom the information is collected. Data breaches happen, and knowing what happens with data, where it ends up, and who is using the data for what purpose matters. It matters to the company that originally collected the data, and of course it matters to the person on whom the data was collected because there is a risk to privacy and a risk that the information can be abused.
Most people who go to casinos are going out to have fun, enjoy a dinner and a show. They did not come home from work, get dressed up for a fun night out, to stop and stress about privacy policies and how data is collected on them while they are simply walking around. Most people don’t stop to think about the amount of money being handled by casinos and as such, they may be entertaining, but they are more like financial institutions than a restaurant with a lounge act.
A Different Financial Institution
A casino may look a lot more exciting than a bank lobby, but if you break it down on a transactional level, casinos are also banks. Most states require that casinos follow the same regulations, such as the Bank Secrecy Act of 1970 (BSA). This is a federal law that requires data on transactions, including records of cash purchases. A report must be filed on any transaction over $10,000 daily or any other suspicious activity that they may suspect, like money laundering or tax evasion. The types of events that must be reported are:
- Currency Reports
- Suspicious Activity
- Foreign Banks
- Monetary Instrument Log (MIL)
Violating any of the regulations would cause penalties for casinos and repeated violations may cost their license to remain in business. Data for some of these reports are expected to be maintained for a minimum of 5 years.
Casinos have an obligation to citizens, employees and consumers to also follow data privacy laws that include personal identifiable information (PII). The security for the data that is maintained by casinos must be accounted for and any breaches to security addressed. Privacy laws include many forms of transparency and notifications to the individuals or communities affected by a data breach. Losing trust from the public, means that the public will take their cash somewhere else.
Having the ability to store and secure the data, and redact personal information prior to any qualified release of data, casinos, financial institutions, banks and other enterprises make short work of complying with new fluctuating privacy laws. Casinos have many forms of data that will have to go through a privacy audit, to understand the complexity of redaction needs. Documents and banking records contain credit card and other personal information. A breach would be a liability to the consumer and the casino. If the consumer’s information is used in a negative way through the breach, there could be a lawsuit, which can only bring more negative publicity. Having a quality redaction system that many levels, departments and areas of the casino can be trained on as data is compiled and stored will help significantly lower the risk of loss.
Security & Surveillance
For casinos, much like banks and other financial institutions that handle large amounts of cash, security is an essential part of doing business. There are surveillance cameras that are feeding into security video taken of private citizens, consumers, and employees from the time they are nearing the parking lot. There is a lot of private information that is being fed into the database from these video feeds. If there were an incident, fraud, or other investigation, the casino would need to provide redacted footage to the attorneys, prosecutors, or judge if given a subpoena or court order.
Casinos, and banks as well, have been tapping into another form of video data through the use of their surveillance systems. Many are turning to using facial recognition software to encourage consumers to have a better entertainment experience. There are security uses for it, which makes the software even more viable to the industry.
For casinos there are many functions that could be made easier with the use of facial recognition applications. Some ways in which casinos use facial data while on their premises could be:
- Customer Recognition: Facial recognition applications can use face-scanning technology to welcome customers, encourage vendor use, send invitations for more services. The ease of introduction and suggestions can increase sales in restaurants, bars, gambling areas.
- Security: Upon entering the premises, cameras can use face-scanning technology to cross-reference it with data in a network database or one that is accessed through the services. If someone is found to be a threat to security, calls to the proper authorities can be automated.
- Identification and Tracking: Facial recognition technology will help pit managers with identifying players and tracking their plays. Current methodologies are memory, keeping track of clothing, or other details which could be inaccurate. Identification and tracking also allows VIP players automated access to their benefits.
- Addiction Risks: Machine learning and AI can be deployed through the use of facial recognition technologies to identify problem gamblers or those who have been previously banned from entry.
- User Experience: The biggest benefit for having facial recognition tied into casino databases, is the enhanced user experience. When AI can automatically recognize a player, suggest tables or games, encourage dining and entertainment options, help with access to accounts and rooms seamlessly, the user experience is greatly improved.
Enhancing casino applications by the use of facial-recognition technology also means that casinos, banks, and other financial institutions that may also use this technology will have to commit to data security. When comparing scanned data of consumers, the database that is being used must be kept secure. The amount of time that a casino is legally required to keep data, can be a number of years. Any time that personally identifiable information is stored, used, manipulated, sold, or even released there are issues involving privacy. There is the privacy of the data contained, the privacy rules of new data collected, and authentication of qualified individuals or companies that receive the data.
What privacy laws are at risk with casinos and new facial recognition systems? Currently there is little consensus on what is or is not acceptable levels of invasion of privacy when using surveillance equipment. This is starting to change. European countries have adopted the GDPR or General Data Protection Regulation. California has broadened the scope of the GDPR when it recently enacted the CCPA or California Consumer Privacy Act. More states and countries are following suit. In the end, this makes any video footage a potential privacy risk and personal data violation for casinos, banks and financial institutions. The discussion on how to use the new facial recognition technologies is changing to keep up with new regulations.
One of the best ways for a casino, bank or financial institution to remain a globally responsive business, is to comply with all available privacy laws and standards. Meticulous record keeping, secure data, and solid privacy policies that are given to every consumer on record can help. Another method to protect the business from unnecessary lawsuits, is through the use of redaction software systems.
After having a privacy audit of the different forms of data that the company is compiling, be it documents, video, or audio files, then the next step would be for redaction. An extensive redaction system is one that many levels of the administration can be trained to use and has multiple purposes and uses. CaseGuard video redaction system can be used to redact audio, video, and document files. Depending on the company’s policy, this can be done before long-term data storage, or it can be done on an as needed basis.
In order to compete in the global marketplace, a company must be able to comply with global legislation. Regardless of your company physically being located in New York, if some of your customer base is in California, then any information collected would fall under the CCPA. The same idea applies to the European GDPR.
Often times when a company is issued a subpoena or court order to obtain information there is a limited amount of time in which they are able to redact and release the material. The US courts have already made it clear that the costs and time involved will not be considered an excuse for a company to not comply with producing records of foreign consumers. If you want to be in the global game, you will have to learn the global standards. Some states may not be able to incorporate the new technologies. These states have already passed bans on using facial recognition technologies without the consumer’s consent.
Complying by using redaction prior to the release of any information can be made simple through the additional benefits of machine learning and AI. The same machine learning that assists in the facial-recognition programs can also help improve the redaction process so that personally identifiable information such as faces, phone and computer screens, license plates is removed in just a few clicks. Much of the redaction process can be automated once the data points are entered. If casinos, banks or financial institutions want to remain a contributing part of the business economy, then having the best redaction software system will be a requirement to stay ahead of privacy laws, document and data storage, and data security.