The Impact of Privacy Regulations on Security Technology
Print Issue: June 2020
Securing a premise shouldn’t come at the expense of privacy. But for a long time, it did. While businesses tried their best to strike a balance between keeping people safe and securing information, many data and privacy guidelines were open to interpretation and rarely enforced.
These days, this is changing. Governments are holding businesses accountable with strict data and privacy protection regulations.
One of the most notable privacy mandates to be enacted is the European Union’s General Data Protection Regulation (GDPR). Since coming into effect in 2018, more than 160,000 data breach notifications have been reported across the European Union, according to DLP Piper’s Data Breach Survey 2020. Data protection regulators have also imposed approximately $126 million USD in fines under the GDPR for infringements.
Other government bodies around the world have followed suit, using the GDPR as a blueprint for data and privacy protection regulations. For instance, the California Consumer Privacy Act was passed in June 2018 and months later, the U.S. state of Vermont also imposed data breach notification requirements. In Canada, the Personal Information Protection and Electronic Documents Act clearly outlines how businesses must safeguard data and privacy.
In the wake of all these evolving privacy laws, organizations are being forced to act. Many have hired data protection officers, conducted thorough data risk assessments, reviewed internal policies, and educated employees about data security best practices.
Organizations are also taking a closer look at their security systems. These include access control solutions that collect employee information, and video surveillance technologies that monitor public spaces. They are asking: How can we secure our business while adhering to these privacy laws? What solutions can help identify and mitigate risks before a breach occurs?
In response, leading vendors are thinking from the ground up and embedding privacy tools in the framework of their security solutions. This means the organization will never have to compromise protecting an individual’s privacy for security.
Security solutions built with privacy in mind allow organizations to handle everything from identifying cybersecurity vulnerabilities and deciding information access rights to masking identities in video and complying with retention policies.
Five actions that can help ensure privacy include:
- Anonymize video. Automatically anonymize individuals in live video without obscuring actions and movements. Redact video recordings before sending evidence to third parties.
- Limit access to data. Restrict the scope of who can access which applications and who sees what by setting up user privileges. Offer single logins through a unified security platform instead of managing multiple passwords.
- Create flexible data retention capabilities. Program the system to retain video or data for however long industry policies dictate. Ensure that data is automatically deleted after the specified amount of time.
- Encrypt data and communications. Use multiple layers of encryption to hide and protect data from unauthorized users and to secure the communication between clients and servers. With strong encryption methods, threat actors will not be able to decipher data—even if they access it.
- Share personal data securely: Implement an evidence management solution to easily and securely share video or data with those who might request it. Citizens who request access to personal information can receive a link via email to the requested files.
As privacy regulations continue to evolve, businesses will need to keep up to avoid big penalties. Investing in security solutions that are built with privacy by design provides tools to help restrict access to data while protecting peoples’ privacy.
Laurent Villeneuve is product marketing manager at Genetec, Inc.