Tag Archives: privacy

If the City Fails, Try the County (Milwaukee and Biometrica)

The facial recognition brouhaha in southeastern Wisconsin has taken an interesting turn.

According to Urban Milwaukee, the Milwaukee County Sheriff’s Office is pursuing an agreement with Biometrica for facial recognition services.

The, um, benefit? No cost to the county.

“However, the contract would not need to be approved by the Milwaukee County Board of Supervisors, because there would be no cost to the county associated with the contract. Biometrica offers its services to law enforcement agencies in exchange for millions of mugshots.”

Sound familiar? Chris Burt thinks so.

“Milwaukee Police Department has also attempted to contract Biometrica’s services, prompting pushback, at least some of which reflected confusion about how the system works….

“The mooted agreement between Biometrica and MPD would have added 2.5 million images to the database.

“In theory, if MCSO signs a contract with Biometrica, it could perform facial recognition searches at the request of MPD.”

See Bredemarket’s previous posts on the city efforts that are now on hold.

And counties also.

No guarantee that the County will approve what the City didn’t. And considering the bad press from the City’s efforts, including using software BEFORE adopting a policy on its use, it’s going to be an uphill struggle.

Privacy, by Google Gemini

Google’s concept:

“Abstract 3D render of a human silhouette made of shimmering frosted glass, iridescent light refracting through, symbolizing secure data encryption and zero-knowledge proofs, elegant and high-end.”

Personally I think it’s TOO abstract, but perhaps that’s just me.

I didn’t create a musical version of this on Instagram because stuff, but there’s a Facebook version here. Sadly non-embeddable…but that’s why you should join my Facebook Bredemarket Identity Firm Services group.

Who Can Write My Biometric Company’s Product Marketing Content?

Someone who is a biometric product marketing expert.

Someone who has three decades of expertise in biometrics.

I remember ANSI/NIST-CSL 1-1993.

Someone who has worked with fingerprints, faces, irises, voices, DNA, and other biometric modalities.

Some modalities. Butts and tongues not included.

Someone who understands the privacy landscape in Europe (GDPR), Illinois (BIPA), California, and elsewhere.

BIPA is a four-letter word.

Oh…and someone who can write.

A slight exaggeration.

So who can write this stuff?

I know someone. Bredemarket.

Stop losing prospects! Use Bredemarket content for tech marketers

Some great videos


Biometric product marketing expert.
Questions.
Services, process, and pricing.

Ambient Clinical Intelligence in Healthcare

Another topic raised by Nadaa Taiyab during today’s SoCal Tech Forum meeting was ambient clinical intelligence. See her comments on how AI benefits diametrically opposing healthcare entities here.

There are three ways that a health professional can create records during, and/or after, a patient visit.

  • Typing. The professional has their hands on the keyboard during the meeting, which doesn’t make a good impression on the patient.
  • Structured dictation. The professional can actually look at the patient, but the dictation is unnatural. As Bredebot characterizes it: “where you have to speak specific commands like ‘Period’ or ‘New Paragraph.’”
  • Ambient clinical intelligence.

Here is how DeepScribe defines ambient clinical intelligence:

“Ambient clinical intelligence, or ACI, is advanced, AI-powered voice recognizing technology that quietly listens in on clinical encounters and aids the medical documentation process by automating medical transcription and note taking. This all-encompassing technology has the ability to totally transform the lives of clinicians, and thus healthcare on every level.”

Like any generative AI model, ambient clinical intelligence has to provide my four standard benefits: accuracy, ease of use, security, and speed.

  • Accuracy is critically important in any health application, since inaccurate coding could literally affect life or death.
  • Ease of use is of course the whole point of ambient clinical intelligence, since it replaces harder-to-use methods.
  • Security and privacy are necessary when dealing with personal health information (PHI).
  • Speed is essential also. As Taiyab noted elsewhere in her talk, the work is increasing and the workforce not increasing as rapidly.

But if the medical professional and patient benefit from the accuracy, ease of use, security, and speed of ambient clinical intelligence, we all win.

Google Gemini.

Commit Traffic Crimes in 50 States…Well, 7

How does California know whether an arrested intoxicated person has a drunk driving conviction in, say, Oklahoma?

Or better still, how does Oklahoma know whether a licensed driver also has a driver’s license in, say, California?

Answer: they don’t. Because privacy.

The American Association of Motor Vehicle Administrators (AAMVA) provides participating states with a system (S2S) to check such things.

“State-to-State (S2S) Verification Service is a means for a state to electronically check with all other participating states to determine if the applicant currently holds a driver license or identification card in another state. The platform that supports S2S, the State Pointer Exchange Services (SPEXS) was successfully implemented in July 2015. Participation in S2S does not commit a state to be in compliance with the federal REAL ID Act. However, if a state chooses to be REAL ID compliant, the Department of Homeland Security generally looks for S2S to be part of their compliance plan.”

Not all states participate. As it turns out, neither California nor Oklahoma are part of S2S. Oklahoma is slated to join, but this may not happen.

“Oklahoma lawmakers have asked the state Supreme Court to immediately block the transfer of driver’s license and identification card data to a national interstate data exchange run by the American Association of Motor Vehicle Administrators (AAMVA).

“The lawmakers argue that the planned transmission exceeds statutory authority, violates state privacy protections, and collapses a key distinction that Oklahoma law makes between REAL ID-compliant and noncompliant credentials.”

Based upon past history, it’s no surprise that some in Oklahoma oppose big guvmint and AAMVA S2S participation.

But why has California opted out of S2S?

Basically, the privacy of Social Security Numbers. The state doesn’t to share this personally identifiable information willy nilly.

(As an aside, take a moment to think about how a state in enforcing the privacy of Social Security Numbers, which are assigned at the federal level. And also think about how Social Security Numbers are NOT supposed to be a national ID number. The mind boggles.)

So what do the other states do if someone claims to have a California driver’s license, but California won’t confirm this because of privacy concerns? Here’s what Tennessee does.

“All states and jurisdictions in the United States participate in S2S, except for California, Connecticut, Illinois, Kentucky, Nevada, Oklahoma, and West Virginia. New or returning Tennessee residents transferring from these nine states must obtain a Motor Vehicle Record (MVR) from their former state. The MVR be issued within 30 days of applying for a Tennessee license or ID.”

Good to know if I ever move out of California.

For Californians, Happy Data Privacy Week

(I wrote THIS one in 2026.)

CalPrivacy, also known as the California Privacy Protection Agency, is marking the whole danged Data Privacy WEEK with a very Californian term.

Drop.

Now when Californians use the term “drop,” it’s usually used in the earthquake-related phrase “drop, cover, and hold on.”

But in the privacy world, DROP stands for “Delete Request and Opt-out Platform.”

“DROP lets you send a single request to over 500 registered data brokers.”

Which makes no difference to the UNREGISTERED people who sell your data, but it’s something I guess.

Happy Data Privacy Day

From UC Davis in 2024:

“Data Privacy Day is marked each year on January 28….Data Privacy Day began in the United States and Canada in January of 2008 as an extension of its European counterpart. In Europe, Data Protection Day commemorates the January 28, 1981, signing of Convention 108, the first legally binding international treaty on privacy and data protection.”

According to the Council of Europe:

“This Convention is the first binding international instrument which protects the individual against abuses which may accompany the collection and processing of personal data and which seeks to regulate at the same time the transfrontier flow of personal data.

“In addition to providing guarantees in relation to the collection and processing of personal data, it outlaws the processing of “sensitive” data on a person’s race, politics, health, religion, sexual life, criminal record, etc., in the absence of proper legal safeguards. The Convention also enshrines the individual’s right to know that information is stored on him or her and, if necessary, to have it corrected.”

The full (English) text is here (PDF).

A lot has happened since 1981, but it all had to start somewhere.

(An aside: I wrote this post on Saturday, November 8, 2025. On that date I asked Google Gemini when the next biometric-related holiday was, and this is what came up.)

This is Why You Should Avoid Acronyms

So an article came across my eyes that begins with the words “Minnesota DHS.”

The full title? “Minnesota DHS Reports Access-Related Data Breach.”

Now anyone reading that article over the weekend was probably very confused, since the death of Alex Pretti isn’t exactly a DATA breach.

And, of course, Minnesota doesn’t have a “department of homeland security.”

It does, however, have a Department of Human Services…and THAT was what was breached.

“A single user inappropriately accessed private data within the Minnesota Department of Human Services (DHS) ecosystem, potentially impacting 303,965 individuals, officials report.”

This was not a hack per se, but a case in which a legitimate person accessed something they shouldn’t have accessed. Certainly a breach, and the person’s access was terminated.

But nobody died.

Offboarding: What Else Happens When You Stop Doing Business with Bredemarket?

My 2024 offboarding post discussed the short-term aspects of how Bredemarket wraps up business with its clients. But it didn’t cover the long-term aspects.

What I didn’t say in 2024

You’ll recall my description of the end of a particular contract.

In 2023 I signed a contract with a client in which I would bill them at an hourly rate. This was a short-term contract, but it was subsequently renewed.

Recently the client chose not to renew the contract for another extended period.

But there’s one thing I didn’t say.

The client (whom I’ll call Client 1) failed to tell me that it wasn’t renewing my contract. In fact, in my last discussion with the client, I did not perceive that it wasn’t planning to renew.

Surprise! In fact, I learned of the non-renewal from a third party, not the client itself.

Of course, the client had every right to choose not to renew without advance notice.

But read on.

What happened in 2025

Contrast that with my relationship with two other existing clients, both of whom contacted me personally and let me know that they weren’t renewing my contract.

Both took the time to explain why they were not renewing. Nothing to do with my performance, but having to do with internal issues at each company (which I am not at liberty to discuss).

I went through the aforementioned data scrub process with both clients, and my obligation to both was done.

But read on.

Two little twists

Add these facts.

  • There was an interesting connection between Client 2 and Client 3. My primary employee contact at Client 2 was previously a consultant at Client 3 until they were let go (again, not because of performance, but because of internal issues).
  • And a little while later, my employee contact at Client 2 was let go from Client 2 themselves (again, internal issues).

The long term

Bredemarket completed its contractual obligations to all three firms: the one that let me go in 2024 (Client 1), and the two that let me go in 2025 (Client 2 and Client 3).

But what happens after that?

It depends.

  • If my employee contact at Client 3 requests help, or if I see something of interest to Client 3, I’ll be more than happy to help or share.
  • If my employee contact formerly of Client 2 requests help, or if I see something of interest to Client 2, I’ll be more than happy to help or share.
  • If I see something of interest that affects Client 2, I may or may not share.
  • If I see something of interest that affects Client 1, I probably won’t share…except to Client 1’s competitors.

Actions, and inactions, have consequences.

And because I neglected to put any Doors references in this post like I did with the last one, I’ll close with this mind-boggling remix.

“Riders On The Storm (Fredwreck Remix).” Snoop Dogg featuring the Doors.