How is data protected?
Patronscan uses a variety of security technologies and procedures to help protect patrons' personal data from unauthorized access, use or disclosure. Patronscan stores all personal data on computer servers with access controls and that are located in controlled facilities. When, transmitting sensitive data over the internet Patronscan protects it through the use of encryption software such as software adhering to the Secure Socket Layer (SSL) protocol. Patronscan also encrypts all data stored on its database server.
Patronscan only uses certified data centers to store all data collected. The data centers are SSAE16 SOC 2 certified, security reviewed facilities with existing infrastructure of industry standard server and security technology. Procedures are in place to restrict logical access to this data center and client systems.
Who has access to the data?
The venue owner and management staff have limited access to this data for a short period of time. If the venue needs to log an incident and place a patron on the flagged list for example, the venue can reference a photo and data such as name, age, and gender. For an added layer of protection, Patronscan has enabled different user types, with limited access. Only users with administrative access can view patron personal data (usually management and/or security).
Patronscan combines all non-personally identifiable data points such as postal/zip codes, age and gender to create summarized totals reports. This information is cross-referenced with publicly available census data. The summarized totals reports contain aggregate data such as scan counts for the night and never contain any personal information about any specific individuals.
In case of a major incident concerning public safety, law enforcement may obtain access to a venues data, but only when an official investigation has been launched. The three conditions in which law enforcement may request Patronscan information include:
- The law enforcement agency has identified its lawful authority to obtain the information.
- The law enforcement agency has indicated that the disclosure is requested for the purpose of enforcing a law in its jurisdiction, carrying out an investigation relating to the enforcement of any such law, or gathering intelligence for the purpose of enforcing any such law.
- The law enforcement agency has provided an investigation number or any other uniquely identifiable number that can be traced back to the purpose of the disclosure request.
What data is stored & how long for?
Unless a patron is flagged, data is retained for a limited period of time before being permanently deleted. This period allows crime victims sufficient time to report a crime and for law enforcement to review patron records to identify the alleged assailant(s). It is common for victims to report crimes several days to weeks later. Data is permanently deleted after 30 days in Australia and New Zealand
The only data that is saved beyond the above time frames is specific to patrons that are on the flag list.
We are very happy to answer any questions you have relating to PatronScan, or any other matter. Please get in touch using the form below
or call us directly.
