bredemarket

You’re Not Lost in the Supermarket. The Supermarket Knows Exactly Who and Where You Are.

I’m all lost in the supermarket
I can no longer shop happily

Facial recognition laws and regulations vary from jurisdiction to jurisdiction, and as organizations apply facial recognition, they can’t just assume that facial recognition laws are the same as other privacy laws.

Caution urged as UK supermarkets check out facial recognition

This is the point that UK professor Fraser Sampson makes in a Biometric Update article. Among other things, Sampson (former UK Biometrics & Surveillance Camera Commissioner) notes the following:

This is not just any data processing, this is biometric processing. Major retailers have deep and wide experience handling customer data at macro level, but biometrics are elementally different. Using a biometric recognition system in the UK means they are processing ‘special category data’ and biometric data differs even from other types of special categories. This brings a number of significant risks, obligations and restrictions, some technological, some legal, some societal. The opportunities for missteps are many and the consequences profound. An early decision for the supermarket would be whether they want to be the controller, joint controller or processor; an early mistake would be to think it doesn’t matter.

Data controllers and data processors

For those who don’t inhabit the world of GDPR, the UK GDPR, and other privacy laws, here is Data Grail’s definition of a data controller:

A data controller is a service provider or organization determining the purposes and means of processing personal data. In simpler terms, a data controller decides why and how personal data collection, storage, and use occurs. They have the ultimate responsibility of ensuring data processing activities comply with applicable privacy laws and regulations. Data controllers bear the legal obligations associated with data protection, including providing transparency, obtaining consent, and safeguarding the personal data of data subjects.

Contrast that with a data processor:

Data processors are entities or organizations that process personal data on behalf of data controllers. They act under the authority and instruction of data controllers and handle personal data for the specified purposes defined by the data controller. Data processors are contractually bound to ensure data security and confidentiality. They don’t have the same decision-making power as data controllers and must adhere to the instructions provided by the data controller.

If you’re a supermarket in the United Kingdom, and you’re collecting facial biometric (and other) data, do you want to be a data controller or a data processor? And how will you manage the privacy aspects of your data collection?

Enter the facial recognition vendor

And if you’re a vendor of facial recognition software selling to UK supermarkets, how will you advise them?

And…you should have known this was coming…how will you provide content for your prospects and customers that educates them on the nuances of facial recognition privacy regulations?

If you need help with your facial recognition product marketing, Bredemarket has an opening for a facial recognition client. I can offer

compelling content creation
winning proposal development
actionable analysis

If Bredemarket can help your stretched staff, book a free meeting with me: https://bredemarket.com/cpa/

Bredemarket has an opening for a facial recognition client.

(All images from Imagen 3)

Startups Entering the Wonderful World of Process

I’ve talked about governance and maturity models before in regards to cybersecurity. The complicating factor is that companies with little process maturity are flung into the world of standards and auditors.

For example, I was not initially part of the process team when the former seat-of-the-pants Printrak had to play CMM catch up with our new corporate overlord Motorola. But it was a bruising experience.

These days you have a lot of startups, not owned by multinationals, that are required by large customers and governments to comply with some standard or another. Winging it is not an option; winging it is failure. Or, in process-speak, winging it can result in a high statistical probability of a large number of adverse findings.

Vanta wants to help.

Its early April “Guide to working with auditors: Best practices for startups” contains several suggestions.

One is to engage with auditors early so that you become familiar with each other.
However, you should NOT give auditors access to your data early. Wait until you are ready. Assuming your data is in a Vanta instance:

“If you’re still finalizing controls in Vanta, granting early access could cause confusion. However, some firms prefer early access for familiarization—as long as they don’t start testing prematurely.”

Vanta’s guide is at https://www.vanta.com/resources/guide-to-working-with-auditors-for-startups

(Wombat image via Imagen 3)

PS to cybersecurity product marketers

Are you getting YOUR product’s message out? Or is a stretched team holding you back from creating stellar marketing materials?

Bredemarket has an opening for a cybersecurity client and can help with compelling content creation, winning proposal development, and actionable analysis. Book a call: https://bredemarket.com/cpa/

Who?

Who?

It’s an identity and a cybersecurity question.

Which is convenient for Bredemarket, and for you if you’re a marketer.

More: https://bredemarket.com/2025/04/21/how-can-you-maximize-your-facial-recognition-or-cybersecurity-marketing-impact/

Why Invela TPRM?

During my three months working with a third-party risk management (TPRM) client, I never heard anyone mention Invela.

Perhaps with reason. Although LinkedIn says the company was founded in 2024, it didn’t post its first blog until April 20, 2025, or its first LinkedIn posts until April 21.

But the second blog post, dated April 21, is the one that matters.

“Invela has officially launched a transformative network to bolster consumer protection and foster innovation within the open banking ecosystem. The Invela Network, developed in collaboration with industry-leading specialist partners, promises to revolutionize how financial institutions manage third-party risk…”

The post goes on to cite the Consumer Financial Protection Bureau (CFPB), but…well…that’s nice.

Invela’s TPRM solution specifically targets the open banking segment of the financial services industry. Open banking, featuring companies such as Plaid, Kong, and Camunda (among others), facilitates the interchange of financial data, rather than keeping it within each bank’s walled garden.

Which of course increases risk.

Hence companies such as Invela.

I was unable to find a “why” story for Invela that compared to the why story I previously found for Ubiety Technologies. Obviously the Invela people never read my book.

However, the principals at Invela come from companies such as Mastercard (although I could find no information on Invela’s CEO Steve Smith). But the Invela leadership team presumably knows their market. We will see if they know their marketing.

Which reminds me…if you need help with your cybersecurity product marketing, Bredemarket has an opening for a cybersecurity client. I can offer

compelling content creation
winning proposal development
actionable analysis

If Bredemarket can help your stretched staff, book a free meeting with me: https://bredemarket.com/cpa/

Facial Recognition Marketing Leaders, Riding on the Metro

I just read a story about a young man who went to the Metro, was identified by a facial recognition system, and was snatched up by authorities.

Who wanted him to fight in Ukraine.

Now some of you are puzzled and wondering why Trump wants to send U.S. troops to fight in Ukraine. That…um…doesn’t sound like him.

I forgot to clarify something. This wasn’t the Washington DC Metro. This was the MOSCOW Metro.

“Timofey Vaskin, a lawyer with the nonprofit human rights project Shkola Prizyvnika, told independent Russian TV channel Dozhd that the illegal detention of those potentially liable for conscription had become a massive problem this year, with young males most at risk of being snatched while using the Moscow metro, which has an advanced facial recognition system in place and police officers on duty at every station.”

For the record, use of facial recognition for this purpose is legal in Russia. In the same way that use of facial recognition for national security purposes is legal in the U.S.A. Because when national security is at stake—or when government agencies say national security is at stake—most notions of INFORMED consent go out the window.

Know your use cases…or get someone who does

Facial recognition isn’t only used for national security, or for after-the-fact analysis of a crime such as the Boston Marathon bombings. It’s also used for less lethal purposes, such as familiar face detection on doorbell cameras…except in Illinois.

If you are marketing a facial recognition product, you need to understand all the different use cases for facial recognition, and understand which use cases your product marketing should address, and which it should not.

And if you need help with your facial recognition product marketing, Bredemarket has an opening for a facial recognition client. I can offer

compelling content creation
winning proposal development
actionable analysis

If Bredemarket can help your stretched staff, book a free meeting with me: https://bredemarket.com/cpa/

Imagen 3. Bredemarket has client openings.

Openings For Stretched Marketers

Stretched thin?

Bredemarket has two openings for facial recognition and cybersecurity clients: https://bredemarket.com/cpa/ (Imagen 3)

Original reel: https://www.instagram.com/share/BADBguYnjO

How Can You Maximize Your Facial Recognition Or Cybersecurity Marketing Impact?

(This news was originally supposed to be embargoed until Monday April 21, but…well…things happen.)

Facial recognition and cybersecurity marketing leaders,

Is a stretched team holding you back from creating stellar marketing materials? Are competitors taking your prospects from you while you remain silent?

I’m John Bredehoft from Bredemarket, and I currently have TWO openings to act as your on-demand marketing muscle for facial recognition or cybersecurity:

compelling content creation
winning proposal development
actionable analysis

CPA?

Bias can be good when it’s a bias to action.

Satisfy your immediate needs and book a call: https://bredemarket.com/cpa/

Don’t Try to Scam a Police Captain

Scammers tried to extract information from Ann Stephens, but she refused to give them the stuff they wanted: Social Security digits, her home address, or her bank account information.

Ann Stephens taking a scammer call at work.

The only information she provided was her work address.

At the time (2019), she was a police captain in Apex, North Carolina.

Oops.

She retired in 2022. And presumably continues to handle fraudsters, to their detriment.

And one more thing…

The formal announcement is embargoed until tomorrow, but Bredemarket has TWO openings to act as your on-demand marketing muscle for facial recognition or cybersecurity:

compelling content creation
winning proposal development
actionable analysis

Book a call: https://bredemarket.com/cpa/

A Mature Approach to Artificial Intelligence-Powered TPRM Automation

Deloitte conducts regular surveys on third-party risk management (TPRM), and just concluded a survey on (English warning) “the rise of AI in TPRM to maximise opportunities while managing the risks.”

One of the key findings:

“Despite low maturity levels, leadership teams are ambitious about embracing intelligent automation, while managing both the risks of AI in their organisations and those arising from third-party AI usage.”

I’ve talked about maturity levels before and their importance in cybersecurity. While ad hoc approaches to TPRM just won’t cut it in terms of protection, a managed or defined level or better will yield a positive return on investment.

(Imagen 3)

And one more thing…

The formal announcement is embargoed until Monday, but Bredemarket has TWO openings to act as your on-demand marketing muscle for facial recognition or cybersecurity:

compelling content creation
winning proposal development
actionable analysis

Book a call: https://bredemarket.com/cpa/

Zoom Scam With Faces

An interesting variant on fraudulent deepfake scams.

Kenny Li of Manta fame was sucked into a scam attempt, but was able to perceive the scam before any damage was done.

Li responded to a message from a known contact, which resulted in a Telegram conversation, which resulted in a Zoom call.

“In the call, there were team members who had their cameras on, and [the] Manta founder could see their faces. He mentioned that “Everything looked very real. But I couldn’t hear them.” Then came the “Zoom update required” prompt…”

Li didn’t fall for it.

(Imagen 3)

And one more thing…

The formal announcement is embargoed until Monday, but Bredemarket has TWO openings to act as your on-demand marketing muscle for facial recognition or cybersecurity:

compelling content creation
winning proposal development
actionable analysis

Book a call: https://bredemarket.com/cpa/