Data Privacy: Frequently Asked Questions

Data Privacy -Frequently Asked Questions

What specific detainee or inmate health data is collected and tracked by your biometric bands?

Our biometric bands collect key biometric readings including heart rate, heart rate variability, blood oxygen level, skin temperature, as well as ambient environment temperature and physical activity level. This data provides a comprehensive view of a detainee's or inmate's health and well-being.

How is sensitive detainee or inmate data stored and protected from unauthorized access or breaches that could violate privacy?

Detainee and inmate data privacy and security are our top priorities. All data is encrypted end-to-end, from the biometric sensor to the gateway, to the cloud, and to the web portal and mobile app. Access is tightly controlled through multi-factor authentication and role-based access control, so users can only access the minimum data required for their job functions. We adhere to the highest standards of data protection.

How long will detainee or inmate biometric data be retained in your records?

Each agency we work with sets its own data retention policies. The system allows data to be automatically deleted immediately after a monitoring session ends or after a set retention period. When data is deleted, it is permanently erased across all backup instances. We recommend agencies retain data for a reasonable period to support incident investigations, as biometric data has helped agencies defend against lawsuits related to in-custody incidents in the past.

Will detainee or inmate health data be shared with outside organizations without a detainee’s or inmate's consent?

No, 4Sight Labs never shares detainee or inmate data with outside parties under any circumstances. Detainee and inmate privacy is protected.

Could detainee or inmate data be subpoenaed for legal cases or investigations without their approval

Like any company, 4Sight Labs is legally required to comply with valid court orders and subpoenas. However, even in those cases, biometric data has limited uses. Under HIPAA regulations, the data can only be used to protect the health and safety of the individual, not for prosecutorial purposes against them.

What detainee or inmate recourse exists if their biometric data is misused or impacts their legal cases negatively?

HIPAA places strict limits on the permitted uses of biometric data. It cannot legally be used in court cases against detainees or inmates. It can only be used to protect their health and well-being while in custody. If a detainee or inmate’s data were misused, they would have substantial protections under existing medical data privacy laws.

How will you prevent detainee or inmate health data from influencing sentencing recommendations unfairly?

The permitted uses of detainee or inmate health data are clearly defined under HIPAA. Using the data to inform sentencing would be a direct violation of the law. 

Additionally, our systems have robust audit logging and access controls to prevent and detect any improper access to detainee or inmate data that could enable misuse.

What security reviews have been done on storing detainee or inmate health data in the cloud rather than more secure on-premise servers?

Third-party experts have conducted extensive security reviews and penetration testing of our cloud-based storage systems. Our InfoSec documentation provides the full details of our comprehensive security practices. Secure cloud storage provides high levels of physical and digital protection while enabling real-time alerting and data sharing across multiple facilities.

Does the EULA allow 4Sight Labs to access, utilize, or profit from the biometric data it collects from detainees or inmates?

No, the EULA clearly specifies that all data remains the property of the agency, not 4Sight Labs. We cannot access the data for any purposes beyond providing the solution service the agency has purchased. The data cannot be shared with or sold to any other parties. Our business model is providing a paid software service to agencies, not monetizing detainee or inmate data in any way.

Have you completed privacy impact assessments to identify risks related to collecting and managing detainee or inmate health data at this scale?

Thorough privacy impact assessments have been completed and are available in our InfoSec documentation. We have put extensive safeguards in place to protect detainee and inmate data at scale, including encryption, access controls, audit logging, and more. Protecting the privacy and security of detainee and inmate data is our top priority and central to the design of our systems.

What specific consent does the detainee or inmate give regarding how agencies can use their biometric data?

The specifics of detainee or inmate consent are determined by individual agency policies, which we do not set. Under HIPAA, detainee and inmate medical data can be collected without consent to provide medical care and ensure health and safety. However, some of our agencies still choose to obtain explicit detainee or inmate consent. The exact consent process is up to each agency.

Are detainees or inmates allowed to opt out of having their biometric data tracked while in custody? What alternatives exist?

In facilities that allow it, detainees or inmates can opt out of biometric tracking and have that refusal documented. In those cases, detainees or inmates still have to be monitored for safety through manual checks. 

Agencies could also potentially use the system with the biometric sensors turned off, using only the physical activity tracking to identify movements that could indicate a safety issue and trigger an in-person check. Each agency sets policies around opting out.

How could tracked detainee or inmate mental health issues from the collected monitoring data negatively impact their sentencing?

Under HIPAA, using a detainee’s or inmate's medical data, including mental health information, in sentencing decisions would be illegal. Biometric data can only be used for medical care and protecting detainee or inmate safety, not for any punitive purposes or court proceedings against them. The law is very clear on this.

What independent oversight exists to protect detainee or inmate data privacy as this system expands to more facilities?

In the U.S., we have attempted to regularly reach out to groups like the ACLU, Southern Poverty Law Center, and other civil rights advocacy organizations to engage them in developing appropriate guardrails and oversight for this emerging technology. So far, they have not engaged with us, but we continue to invite their collaboration. 

We believe biometric monitoring will follow a similar path to body cameras - initially treated with caution but eventually recognized as a tool for accountability and safety with the proper policies in place. We are proactively working to develop those policies and oversight mechanisms.

How will detainees or inmates be notified if their private health data is breached or misused?

Our breach notification policies are clearly outlined in our InfoSec documentation. Any affected detainees or inmates, along with the relevant authorities and regulatory bodies, would be promptly notified. However, we have extensive technical, physical, and operational safeguards in place to prevent breaches and misuse. Detainee and inmate data security is our top priority.

Why shouldn't advocacy groups view this solution as an overreach into violating detainee or inmate privacy rights?

Advocacy groups are focused on improving conditions and oversight for detainees and inmates, which aligns with the goals of our biometric monitoring technology solutions. A single staff member often observes detainees and inmates in custody to monitor their well-being and respond to medical emergencies. With biometric monitoring, signs of medical distress can be automatically detected, and alerts sent to multiple staff members to ensure a fast response. This reduces the risk of a single point of failure. 

While respecting privacy is critical, the core purpose is enhancing detainee and inmate safety and saving lives. With the right policies in place, we believe advocacy groups will come to see this technology as a key tool for protecting detainee and inmate well-being, just as body cameras have been embraced.

What additional risks arise when tying detailed detainee or inmate health profiles across multiple correctional database systems?

The real risk today is that detainees’ and inmates' medical needs often go unrecognized as they are transferred between facilities and agencies that do not share data. Without a unified health record, each transfer is like moving a hospital patient to a new facility that is unaware of their condition and treatment plan. 

For medically vulnerable detainees or inmates, that is a serious danger. Some level of centralized detainee and inmate health data, with strict access controls and auditing, is necessary to ensure continuity of care and prevent medical issues from falling through the cracks as detainees and inmates move through the system. The alternative is a higher risk of adverse health outcomes. 

How long will former detainees or inmates have their biometric data stored and tracked within an agency’s systems?

Agencies, not 4Sight Labs, determine the data retention periods for former detainees or inmates. Our system is designed to automatically delete data according to the agency's schedules and policies

What rights or say do former detainees or inmates have regarding their stored private health data in police databases using this system?

Former detainee or inmate data is deleted according to the policies set by each agency. This is the same as it is for any other detainee or inmate medical information in the agency's systems. Strict protections are in place to prevent misuse.

Isn't collecting constant biometric data an invasion of fundamental human rights to privacy behind bars? How is this different from extra surveillance?

Corrections agencies have a legal and ethical obligation to provide appropriate medical care to individuals in their custody. Given the growing crisis of mental health and substance abuse issues among detainee and inmate populations, meeting that obligation requires new approaches. Simply increasing in-person checks or camera surveillance is insufficient to identify detainees or inmates in medical distress, as the early warning signs are often subtle.

Continuous biometric monitoring provides the real-time health insights needed to intervene before a medical issue becomes a crisis. While privacy behind bars is limited by necessity, the collected biometric data is still strictly protected and used solely to enhance safety and provide medical attention. Far from an invasion of rights, this is a way to protect detainees’ and inmates' fundamental right to health and safety in custody.

What prevents proprietary detainee or inmate health data from being used by insurance providers to deny coverage after release?

Detainee and inmate health data are collected solely for their protection and care while in custody, not to impact their lives after release.

Could law enforcement leverage comprehensive detainee or inmate medical histories made possible by this system for investigatory fishing expeditions?

No, the role-based access controls and auditing systems built into 4Sight Labs' biometric monitoring solutions make that impossible. Law enforcement users are only authorized to access real-time data for active health alerts, not to browse detainees’ or inmates' historical medical information.

Detailed medical histories are restricted only to authorized healthcare personnel for treatment planning. Every user activity and data access request is logged, and unauthorized access attempts are flagged and blocked. The system is designed to prevent any misuse of detainee or inmate health data for non-medical purposes.

Why should we believe in promises about protecting detainee or inmate data when other technologies have failed to protect privacy before?

Wearable biometric monitoring devices have a clear track record of providing life-saving health insights and alerts for consumers. This is proven technology that has protected vulnerable populations. While no technology is perfect, we have gone above and beyond to protect detainee and inmate data with robust encryption, access controls, auditing, and deletion practices.

Detainee and inmate data misuse is not just unethical but illegal with serious consequences. We have every incentive to protect detainees’ and inmates' privacy and every technical and operational safeguard in place to prevent misuse. Just like body cameras, we believe the benefits of this technology for transparency, accountability, and safety will ultimately outweigh the risks as long as proper policies are in place.

Are judges fully briefed about the privacy limitations detainees and inmates face when health data could appear in sentencing reports without consent?

Health information is strictly protected and cannot be disclosed for punitive purposes like sentencing without detainee or inmate consent. Those same privacy laws bind judges and court officers and they are fully aware of the limitations on using health data in criminal proceedings. A detainee’s or inmate's biometric data from any 4Sight Labs' biometric monitoring solutions legally cannot be used against them in sentencing.

What additional risks arise for vulnerable detainee and inmate populations like those with mental illnesses having their health patterns tracked extensively?

Vulnerable populations like detainees and inmates with mental health issues are at greater risk now without continuous monitoring. An individual with mental acuity issues may have trouble verbalizing their medical needs to staff members and guards, increasing the chance their needs are going undetected. These vulnerable populations need additional monitoring, even more than the general population.

Why shouldn't the public be alarmed by creeping expansions of institutional surveillance systems thinly veiled as medical progress?

Public alarm around new technologies in sensitive settings is understandable. But we have seen that when surveillance tech like body cams is implemented with proper protections and oversight, it increases safety, accountability, and transparency for all. We believe biometric monitoring will chart a similar course. The key is proactive collaboration with stakeholders to craft the right policies for how the technology is used.

The alternative to carefully expanding monitoring in a controlled, transparent fashion is to continue allowing preventable tragedies in custody. Lives are on the line, and we have the technology to protect them - it would be unconscionable not to use it with the proper safeguards. This isn't about expanding surveillance; it's about improving wellbeing.

What analysis has been done on how comprehensive detainee or inmate data collection could negatively impact post-release life outcomes long-term?

An extensive analysis of applicable legislation makes clear that using custody health data to negatively impact former detainees’ or inmates' lives post-release would be illegal. There are strict limits in place on how this sensitive information can be used and shared. Permitted use is limited solely to protecting detainees’ and inmates' well-being while in custody. The data cannot legally be accessed or disseminated for any other purpose, including impacting post-release opportunities.

Technical safeguards like access controls and auditing ensure those legal protections are followed. The biometric data is collected and used narrowly and in accordance with the law specifically to prevent the kind of broad, long-term misuse the question envisions.

Are police services prepared for the liability of a future data breach exposing detainee and inmate health records to exploitation by bad actors?

Protection of detainee and inmate data is not just an ethical obligation but a legal requirement. Police services that fail to safeguard this data face major liability. Our systems employ industry-leading data security practices, including end-to-end encryption, multi-factor authentication, role-based access control, and detailed audit logging to mitigate the risk of breaches. We also carry comprehensive cyber insurance.

That said, the risks and costs of a data breach pale in comparison to the human and legal costs of preventable in-custody injuries and deaths. With 4Sight Labs' advanced biometric monitoring-enabled devices, police services can save lives and millions in legal settlements. That is the true liability risk this technology manages.

Why are extensive privacy protections needed if this biometrics system only focuses on current medical safety, as claimed?

While the primary purpose of the system is improving detainee and inmate medical care and safety, that does not diminish the importance of privacy. On the contrary, the sensitive nature of health data requires even stricter privacy protections. Following the law and protecting detainee and inmate privacy is not optional for us - it is essential.

Our commitment is to use this powerful technology only for good, never for exploitation or punishment. The robust safeguards we employ, which go above and beyond the legal requirements, enable us to pursue our mission of saving lives responsibly and ethically. Privacy and safety are not competing priorities but two sides of the same coin—protecting human dignity.

What constitutional lawyers and civil liberty groups have you worked with to address privacy overreach concerns related to this system?

We have proactively reached out to a range of civil liberties groups like the ACLU and SPLC to offer collaboration on establishing guidelines for biometric monitoring in custody. Unfortunately, we have not received any substantive response to date, but our invitation remains open.

We are committed to working with all relevant stakeholders to ensure this technology is implemented responsibly with ample public input. Protecting both civil liberties and the fundamental right to medical care in government custody are not incompatible goals in our view. We welcome anyone who wants to work with us in good faith to strike that balance.

Who within an agency will have access to detailed detainee or inmate health data gathered by the biometric monitoring system?

Access to health data is strictly limited. Detailed historical health data and trends can only be accessed by authorized medical personnel for the purposes of treatment and care coordination. Frontline officers only have access to real-time alerts when a detainee or inmate is in immediate medical distress so they can react quickly.

All user activity in the system is logged, and access is automatically restricted to the minimum necessary for each user's role. Privacy protection is not just a promise but is built into the foundation of the system.

What ethical review boards have assessed the long-term data privacy impacts as this scales across the U.S.?

Axon, a major investor in 4Sight Labs, has an independent AI Ethics Board that has reviewed our technology and policies. We also have had preliminary discussions with federal and provincial privacy commissioners. However, we acknowledge there is much more work to be done. We are actively seeking input from a broad range of outside experts and stakeholders to help develop robust ethical frameworks for this emerging technology.

While we believe the lifesaving potential is immense, we are committed to realizing it responsibly. Long-term, national-scale impacts on privacy must be thoroughly studied and addressed long before any broad deployment.

If an agency faces budget cuts down the line, could detainee and inmate health data become an asset sold to third parties to monetize?

No, absolutely not. Selling or monetizing detainee or inmate data is strictly prohibited, and it is prohibited under our contracts and terms of service. Detainee and inmate health data is not an asset to be bought and sold, period. It can only be used for the legitimate purpose it was collected - protecting detainee and inmate well-being. 

Even if an agency experiences difficult financial times, it has no legal or technical ability to profit from this data. Its usage is ring-fenced to a single authorized purpose. We built our solutions to save lives, not to exploit them.

How can an agency promise data deletes after release when backup storage and cloud systems retain ghost copies?

At 4Sight Labs, we understand that truly deleting data in today's complex computing environments is not as simple as clicking a button. Ensuring data is fully purged from all systems is a critical concern, especially when it comes to sensitive information like detainee and inmate medical records. That is why we have designed our cloud storage architecture from the ground up to enable thorough, verified data deletion across every instance of the data.

When a detainee or inmate is released and their data is scheduled for deletion, our system initiates a cascading delete process that propagates through all backups, redundancies, and fail-over instances within 24-48 hours. This is not a manual process but an integral part of our data management protocols. Every piece of data ingested into the biometric monitoring platform is tagged with a mandatory expiry date. When that date arrives, the deletion is automated and comprehensive.

We have stress-tested this approach and verified that it successfully eliminates all ghost copies and persistent data stores, regardless of their physical or logical location in our networks. Even in the event of major outages or failures in our primary systems, the data deletion will still occur within the guaranteed time frame.

If an agency maintains any internal copies of the data in their own systems, it is their responsibility to ensure those are deleted appropriately as well. Our system provides detailed logs of all detainee and inmate data transmitted to the agency's IT environment to facilitate this.

Giving detainees and inmates confidence that their personal health information will not persist in databases forever is a key pillar of our ethical approach. We are committed to employing cutting-edge technology not just for data collection but for responsible data disposal. Agencies, detainees, and inmates in their custody can trust that our stringent deletion protocols exceed industry standards. Data is deleted permanently, comprehensively, and on schedule every single time.