Genetec, a technology provider for unified security management, public safety and business intelligence, is presenting best practice recommendations for data protection in physical security to mark European Data Protection Day on 28 January. The recommendations are designed to help physical security managers protect privacy and data without compromising physical security – a prerequisite for the trust of customers, employees, business partners and service providers.
Data protection is not only a top priority in Europe, but now also worldwide. 71% of all countries have introduced data protection laws. Companies that have not taken adequate measures to protect data face fines of up to hundreds of millions for violations. In the physical security industry, the collection of digital information such as video surveillance data, photos and number plates is necessary to protect people and assets. At the same time, this data is a valuable source of relevant business information.
“Security and privacy are not mutually exclusive,” said Christian Morin, chief security officer at Genetec Inc. “By following best practice recommendations and ensuring that privacy is built into their physical security solutions, companies can respect privacy, comply with data protection laws and still achieve the highest levels of security.”
Best practices to ensure video surveillance, access control and automatic number plate recognition systems meet privacy standards include:
Only capture and store data that the business really needs. Reduce your risk in the event of a data breach with simple measures. Adjust a camera’s field of view to avoid capturing video of areas that don’t need to be monitored. Establish protocols to automatically archive or delete physical security data based on relevance. And carefully control what data may be shared with other organisations and for how long.
Restrict access to sensitive data. Grant access to data only to those who need it for their work. Monitor these activities to ensure that identifying information such as images and access events are only used as intended. Review access permissions regularly to ensure privileges match user requirements. Using an identity proofing solution such as Microsoft Active Directory can also help avoid human error by automating processes such as adding/removing security user accounts, granting privileges or removing users who have left the organisation.
Automated anonymisation of data collection. New technologies can automatically restrict and protect access to personal data. Consider using privacy-compliant masking solutions such as Genetec KiwiVision™ Privacy Protector. This automatically anonymises images of individuals. This allows you to continue to capture surveillance data without violating privacy. This technology also provides an additional layer of security, ensuring that only authorised users can ‘unlock’ and view the unmasked video footage. Audit logs remain untouched at all times.
Unify your security solutions. When video surveillance, access control, evidence management and sensors are all managed through one platform, it is much easier to access and manage all data and generate reports for a variety of systems and sensors through a single interface. A unified system makes it easier to check system and device health and apply software and firmware updates – an important point to reduce the risk of potential data breaches.
Work with certified partners. Make sure your system providers are properly certified (certification to EN-ISO 27001, 27017, cyber security certification to the US standard UL 2900-2-3 Level 3 and SOC2 compliance; a European certification framework is currently being developed by the European Cyber Security Certification Group) and that data protection principles are already taken into account during technology development. A cyber-resilient physical security system helps to ensure that all data collected by IoT devices and sensors via the physical security infrastructure remains private.