Data Privacy Day is an international event that occurs every year on January 28. The intent of the annual acknowledgement is to raise awareness and promote privacy and data protection best practices. In recognition, Genetec has shared data protection best practices to help physical security professionals protect privacy, safeguard data and enable trust without compromising security.
Data privacy has become a global top priority. Today, 71% of countries have initiated data privacy legislation, and companies that haven’t taken appropriate steps to protect data are facing tens of millions of dollars in fines for violations. In the physical security industry, acquiring digital information such as video surveillance footage, photos and license plate information is necessary to help protect people and assets and provide a valuable source of actionable business intelligence.
“Security and privacy are not mutually exclusive,” said Christian Morin, chief security officer at Genetec. “By following best practices and ensuring privacy is designed into their physical security solutions, organizations can have the highest levels of security while respecting personal privacy and complying to privacy laws.”
Here are five best practices to ensure video surveillance, access control and automatic license plate recognition (ALPR) systems meet data privacy standards:
Collect and store only the data the organization truly needs. Reduce exposure to risk in the event of a data breach with simple steps. Consider adjusting a camera’s field of view so it doesn’t record areas that do not require monitoring. Set protocols to automatically archive or delete physical security data based on relevance. And carefully control what data, how much, and for how long it can be shared with other organizations.
Limit access to sensitive data. Grant access to data only to those who need it to do their jobs and monitor those activities to ensure identifying information, like images and access events, is used only as intended. Review access rights regularly so privileges align with user requirements. Using an identity provider, like Microsoft Active Directory, can also help eliminate human error by automating the processes of adding/removing security user accounts, granting rights, or removing users who have left the organization.
Anonymize data collection automatically. New technologies can automatically restrict and protect access to personal data. Consider deploying privacy masking like Genetec KiwiVision Privacy Protector that automatically anonymizes images of people, so organizations can continue to survey surveillance footage while respecting privacy. This technology also offers an additional layer of security that ensures only authorized users can “unlock” and view unmasked footage while maintaining an audit trail.
Unify security solutions. When video surveillance, access control, evidence management and other sensors operate under one platform, it becomes much easier to access and manage all data and create reports for a variety of systems and sensors from a single interface. A unified system simplifies the process of tracking system and device health and streamlines software and firmware updates which is key to mitigating the threat of data breaches.
Work with certified partners. System providers must be properly certified (ISO 27001, 27017 standards, UL 2900-2-3 level 3 cybersecurity certification, and SOC2 compliance), and develop all their technology based on principles of privacy. A cyber-resilient physical security system will contribute to keeping the data collected from IoT devices and sensors across the physical security network private.
In a company blog post, Genetec provides further detailed information on protecting data privacy without compromising security, here.