woodbe
commented
2 years ago Privacy concerns here are very high. Must do the following:
- Can only be stored inside the device
- no export outside
- need to be careful in audit events, like not reporting actual data from a lock event (i.e. Wi-Fi in wrong location is logged, but specific location is not included, or maybe even the Wi-Fi). Admin would have to ask user explicitly to get that information (i.e. out of band)
Likely need FPR requirements as well as explicit SEE requirements
Tracking of device location (expected to be handled by CMFA, so the location is provided when asked, CMFA would record/track the information for the time period specified) Network information and location