Image Image Image Image Image Image Image Image Image

Privacy Policy


PatronScan: Protecting Patrons, Protecting Privacy

PatronScan aims to make venues and establishments safer for patrons. This is why this type of technology is endorsed by small business owners, crime victim organizations, neighborhood associations, entertainment districts, local government and law enforcement agencies.


Q1: What is PatronScan?

PatronScan is an identification (ID) scanner that uses Optical Character Recognition (OCR) and barcode scanner technology to authenticate and verify over 4,500 types of government IDs for the hospitality industry. The PatronScan system verifies patrons’ age, confirms ID expiration date and catches fake IDs by using proprietary ID authentication technology. PatronScan is also used as an informational system that allows venues to flag individuals who are reported to have engaged in conduct on a patron’s presence that created serious risk to guests or staff.

Since 2005, PatronScan has equipped multiple businesses in the hospitality industry with the technology to protect their guests, staff and property. PatronScan is currently working in over 600 venues spanning 200 cities worldwide and has scanned over 90,000,000 IDs.

PatronScan has been proven as a safety tool that increases safety for the guests and staff of venues. An independent study conducted by the state of New South Wales in Australia collected data from before and after PartonScan ID scanners were used in Kings Cross, an inner-city locality, and found that on-premise alcohol-related assaults were reduced by 50% and theft by 85% during specified hours. 1


1 The study specified that, The New South Wales Bureau of Crime Statistics and Research data shows on-premises alcohol-related non-domestic assaults (from 9pm to 1:30am) in Kings Cross high risk venues fell by 50% when comparing the period before scanners were introduced (July 2012 – June 2014) to the period following their introduction (July 2014 – June 2016). Steal from person (bag snatches) in high risk venues (from 9pm to 1:30am) declined by 85.4% over the same period.
Source: www.liquorandgaming.nsw.gov.au


Q2: How Does PatronScan Protect the Public?

A top reason why businesses use PatronScan is to protect their guests, staff and property. The PatronScan system offers technological tools to mitigate security and liability risks, including underage drinking, property damage, violence, and other behaviors that endanger public safety. PatronScan also allows for businesses to track patron numbers and determine capacity, understand patron demographics and alert management of patrons who have exhibited a history of physical and sexual assault, or other threatening behaviors.

IDs are scanned for several reasons. First, the scan verifies age, which is important for entering licensed premises and using age-restricted products. Second, the scan authenticates and verifies validity of the ID, identifying fake IDs and preventing patrons from using a fake ID to enter the venue.

Third, the technology serves as a crime prevention tool by comparing patrons against a confidential list of flagged patrons who have an established history of threatening behavior. At times, the mere presence of PatronScan’s technology at an establishment’s entrance can deter unwanted patrons from seeking admission. And lastly, PatronScan is a useful investigative tool that assists local law enforcement to identify a patron who has allegedly engaged in criminal activity at a venue.


PatronScan’s Flagged List


Q3: How does PatronScan Flag Bad Behaviour?

Venues with PatronScan notice a decrease in incidents involving patrons known to cause these risks, keeping their guests, staff and venues safe. This is because the flagged list allows venues to track and identify known violators before they enter their venue.

Venues who serve alcohol are at a greater risk of violent incidents due to patrons’ inhibitions being lowered. According to studies, some people are more likely to be aggressive after drinking alcohol2 , putting themselves, other guests and venue staff at risk. a community-based study, it was found that 42 percent of violent crimes reported to the police involved alcohol, and 51 percent of the victims interviewed believed that their assailants had been drinking.3

PatronScan’s own data indicate that 95% of violent incidents at venues are caused by less than 1% of patrons, meaning that most incidents are repeated by the same patrons. PatronScan acts as a technology tool enabling owners and staff to make an informed decision on whether to allow or deny entry to patrons known to endanger safety.


2 https://www.abc.net.au/
3 https://pubs.niaaa.nih.gov/


Q4: What Behaviors are Flagged?

For most jurisdictions, behaviors that may result in placing a patron on the flagged list include:

  • Violence
  • Assault
  • Destruction of Property
  • Sexual Assault
  • Fraud
  • Theft

As of Jan 1, 2019, in California, behaviors that result in data being on the flag network are limited to Fraud, Abuse and Material Misrepresentation as per CA Civ. Code 1798.90.1.


Q5: What is the difference between a public vs. internal/private flag?

Flags can be either venue based (private/internal) or across all networked venues (shared with other participating venues).

Private/Internal flags are flags that pertain only to the venue/venues in the same ownership group who placed the flag and is not visible to any other venue. As of January 1st, 2019, the maximum flag period for any existing or new private/internal flag is 5 years. This storage period applies only for the same business’ flags. If you have a private/internal flag, it will only be displayed if your ID is scanned at the business that created the flag, if you visit a different business your flag will not be displayed.

Networked flags are flags that can be viewed by other venues on the network. These flags are only shown when a patron’s ID is scanned at the venue. Venues cannot search or view other business’ flags unless the same patron’sID is scanned at those venues. The maximum flag period for a networked flag is 1 year in length.

The PatronScan flag list are alerts only and does not provide visibility into patron history.

As of 2019, 76% of all flags on the flag list were private/internal, in comparison to 24% of flags that were networked. Networked flags are often placed on patrons who commit the most egregious of incidents, such as violent and sexual assaults. Flagging these patrons helps to improve safety across the network, preventing harmful behaviors from being committed again at a different venue. Venues and areas with security tools like PatronScan notice a decrease in violence and incidents. PatronScan is a recognized safety tool by law enforcement, the Responsible Hospitality Institute, and by city, county and government officials.


Privacy Protections


Q6: What Data is Collected?

PatronScan collects limited data in order to, verify and authenticate patron age and match patrons against the private or networked flag list.

PatronScan’s collection of data is limited to:

  • Name
  • Date of Birth
  • Photo
  • Gender
  • Postal Code/Zip Code

PatronScan limits the collection of information to only what we consider important to verify age, to avoid an inaccurate match to the known list and for law enforcement investigations when a crime is committed.


Q7: What Data is Stored and for How Long?

Unless a patron is flagged, data is retained for a limited period of time before being permanently deleted. This period allows crime victims sufficient time to report a crime and for law enforcement to review patron records to identify the alleged assailant(s). It is common for victims to report crimes several days to weeks later.

Data is permanently deleted after 90 days in most jurisdictions with the exception of:

  • 30 days in California (as of January 1st, 2019*)
  • 21 days in most Canadian provinces (except Alberta and British Columbia)
  • 24 hrs. in British Columbia
  • 30 days in Australia and New Zealand

The only data that is saved beyond the above time frames is specific to patrons that are on the flag list.


Q8: Who has Access to Data?

The venue owner and management staff have limited access to this data for a short period of time. If the venue needs to log an incident and place a patron on the flagged list for example, the venue can reference a photo and data such as name, age, and gender. For an added layer of protection, PatronScan has enabled different user types, some with limited access. Only users with administrative access can access patron personal data (usually management and/or security).

PatronScan combines all non-personally identifiable data points such as postal/zip codes, age and gender to create summarized totals reports. This information is cross-referenced with publicly available census data. The summarized totals reports contain aggregate data such as scan counts for the night and never contain any personal information about any specific individuals.

In case of a major incident concerning public safety, law enforcement may obtain access to a venue’s data, but only when an official investigation has been launched. The three conditions in which law enforcement may request PatronScan information include:

  1. The law enforcement agency has identified its lawful authority to obtain the information.
  2. The law enforcement agency has indicated that the disclosure is requested for the purpose of enforcing a law in its jurisdiction, carrying out an investigation relating to the enforcement of any such law, or gathering intelligence for the purpose of enforcing any such law.
  3. The law enforcement agency has provided an investigation number or any other uniquely identifiable number that can be traced back to the purpose of the disclosure request.


Q9: Is Data Given Away or Sold?

No personal data is provided to third parties outside of law enforcement and venue staff. Again, unless a patron is flagged, data is permanently deleted shortly after visiting an establishment.


Q10: Can Patrons Requests Copies of their Personal Data?

Patrons have the right to request what private information has been collected, used and/or disclosed. Click the button below to fill out a disclosure request form. Once PatronScan has receive the completed form, a response will be provided within 10 business days. Click Here to Start a Disclosure Request


Q11: How is Data Protected?

PatronScan uses a variety of security technologies and procedures to help protect patron personal data from unauthorized access, use or disclosure. PatronScan stores all personal data on computer servers with access controls and that are located in controlled facilities. When, transmitting sensitive data over the internet, PatronScan protects it through the use of encryption software such as software adhering to the Secure Socket Layer (SSL) protocol. PatronScan also encrypts all data stored on its database server.

PatronScan only uses certified data centers to store all data collected. The data centers are SSAE16 SOC 2 certified, security reviewed facilities with existing infrastructure of industry standard server and security technology. Procedures are in place to restrict logical access to this data center and client systems.


Q12: How Can One be Removed from the Flagged List?

The first step in removing yourself from the flagged list is to contact the venue that added you to the list. If there is a dispute regarding the flag, the patron may contact the manager/head of security of the venues that created the flag as they are the only ones that have the access to modify/remove the flag.

If the flag is not resolved by the venue within 14 days, or a Patron did not engage in the behavior that resulted in the flag, then the Patron may start a formal investigation by PatronScan. Please click the link below to start a formal investigation. Once PatronScan receives the completed form, we will respond with a disclosed result of the investigation within 10 business days. Click Here to Start a Formal Investigation


Q13: How Does PatronScan Prohibit Discrimination?

Under federal anti-discrimination laws, businesses can refuse service to any person for any reason, unless the business is discriminating against a protected class including; race or color, national origin or citizenship status, religion or creed, sex, age, disability, pregnancy or genetic information and veteran status. In states such as California, the list of protected classes includes; marital status, sexual orientation or gender identity, medical condition or HIV/AIDS status, military or veteran status, political affiliation or activities, status as a victim of domestic violence, and assault or stalking.

PatronScan prohibits the use of the PatronScan system to create flags based on discrimination of protected classes. If a Patron has been flagged and believes the flag was placed based on discrimination of the above protected classes, the Patron may start a formal investigation with PatronScan. Click Here to Start a Formal Investigation. Once we receive the completed form, we will respond with disclosed results of its investigation within 10 business days. PatronScan does not tolerate flags for any unlawfuly discriminatory purpose of this nature and is committed to resolving flags based on discrimination quickly. If any venue is found to be using the PatronScan system for a discrimination purpose, PatronScan will immediately suspend all services to that venue.


Compliance


Q14: Is PatronScan Privacy Compliant in Every Jurisdiction?

We believe that it is fully compliant. In all consultations and investigations, the PatronScan system has been found to comply with all privacy laws in their respective jurisdictions. PatronScan limits the collection of personal information, uses of that information, and offers Patrons the ability to challenge flags that they believe are inappropriate.


Q15: What Happens Privacy Laws Change?

PatronScan endeavors to make all required changes in its practices to meet the letter and spirit of changes in privacy laws that affect its service. For example, we revamped our service in order to comply with California Assembly Bill 2769 (see Q17). PatronScan went above and beyond the law by making procedures by which Patrons may challenge flags significantly easier to use (something that this law does not require).

PatronScan will work in partnership with government to comply with other changes to privacy laws.


Q16: Is PatronScan Privacy Compliant in Canada?

The PatronScan system is compliant with all Canadian privacy laws. The technology itself has undergone investigations by the Office of the Information and Privacy Commissioner of Canada, the Office of the Information and Privacy Commissioner of Alberta and the Office of the Information and Privacy Commissioner of B.C. PatronScan has been found to be compliant with PIPA and PIPEDA. If your ID is scanned in Canada, your data is stored in Canada in compliance with all Canadian privacy laws.


Q17: Is PatronScan Privacy Compliant in California?

In order to be in full compliance with the State of California amendment of Section 1798.90.01 of the civil code relating to privacy (amendment bill AB-2769), PatronScan has made modifications to the software, which apply to the scanning of driver’s licenses or government issued identification cards.

CA Civ. Code 1798.90.1 has been in effect since 2004, limiting to only “swiping” a driver’s license for certain activities. AB 2769, which went into effect January 1, 2019, now includes “scanning” a driver’s license, subject to the same limitations.

The law specifically permits PatronScan’s customers to use PatronScan kiosks to prevent underage drinking and the use of fake identification. Additionally, collecting and disclosing an individual’s personal information is clearly permitted by the statute to report, investigate, or prevent “abuse, fraud and material misrepresentation”.

On January 1st, 2019 the following changes were made to the PatronScan system:

Public Safety Reports: Reports that detail aggregate non-personal information regarding trends and threat assessments for specific municipalities are no longer available within the PatronScan system. All previous reports have been deleted.
Recording Bad Behavior*: PatronScan now limits recorded categories of bad behavior to violence, sexual assault and destruction of property.
*Effective January 1, 2019, the categories of bad behaviors recorded (or flagged) by PatronScan users are limited to the behaviors that could pose a direct threat to safety. “Generic” descriptions are no longer be allowed to be based upon an open-ended rationale for a patron to be denied access to an establishment. PatronScan’s new policy in compliance with the law is to scanning of a patron’s identification only for the purpose of preventing “Abuse, Fraud, or Material Misrepresentation”.
Simple/Transparent Appeal Process: New policies that make it easier for patrons to dispute being flagged for bad behavior.
Dispute Resolution: PatronScan now has 10 business days to respond to disputed flags. This is a decrease from previous policy to allow for quicker dispute resolution.
Limited Disclosure of Personal Data: The amount of personal information visible to the PatronScan kiosk operator about a flagged patron is reduced, with no date of birth displayed.
Flag Underage Drinkers: The PatronScan system continue to identify fake IDs.
Limited Collection of Personal Data: PatronScan limits the data collected to name, photo, gender, date of birth and Zip code (address/driver’s license number are not collected or permitted)

For more information on updates to California’s privacy laws visit: California Privacy

For any questions that are not answered above, please email us here: [email protected]