Information protection resources for video surveillance companies

Issue 3 2021 Editor's Choice

Cathexis Technologies values data protection. It is also committed to helping its clients comply with data protection laws. Cathexis has therefore produced a PoPIA Privacy Guide[1] that provides guidelines for understanding and applying personal data protection when using CathexisVision video surveillance management software.

The Protection of Personal Information Act (PoPIA) was signed into law in South Africa in 2013, with various sections coming into effect in the years that followed. It is a comprehensive law which aims to protect individuals’ personal data, by holding organisations accountable for capturing, processing and storing personal information responsibly. What is personal information? Under PoPIA, it is data that identifies, relates to, describes, or could reasonably be linked with a particular consumer.

While the deadline for companies to register a data protection officer has already passed (31 March 2021), the deadline for enforcement of PoPIA by the Information Regulator is 1 July 2021. PoPIA applies to any organisation operating in South Africa, or organisations operating outside South Africa which offer products and services to customers or businesses within South Africa. Compliance depends on the combination of an organisation’s access to and use of personal data.

Eight conditions[2] form the foundation of compliance and determine how personal information may be legally gathered, processed and held under the Act: accountability, processing limitations, purpose specification, further processing limitation, information quality, openness, security safeguards and data subject participation. PoPIA also outlines rights which authorise people to know the operator’s purpose in using their personal data and allows them to check that it is being carried out lawfully.

Privacy is necessarily about security: for information to remain private, it must also be held securely. By strengthening your organisation’s cybersecurity measures, you can strengthen its likelihood of compliance with the PoPI Act. Why is compliance important? There are risks to non-compliance: damage to the company’s reputation and enforcement action by the Information Regulator.

As the limits of PoPIA have not yet been tested by the courts and Information Regulator, the best business plan is to act to mitigate risks and prioritise personal data protection. Yet compliance is not simply about avoiding penalties. By developing an organisational culture underpinned by cybersecurity and respect for your customers’ privacy rights, your company can protect its brand, gain a competitive advantage and build trust with consumers.

Privacy by design is a core principle of the Protection of Personal Information Act. Privacy and security need to be embedded within all of your organisation’s practices, systems and technology, demonstrating a culture of data protection. In short, your company needs to know and document what data it holds, its source, who it is shared with and how it is used.

The features in CathexisVision software that support PoPIA compliance measures include optional database shredding, data encryption, video signing, archive security, password control and watermark overlays on video footage. For more information, you can consult the official PoPIA website[3] and the PoPIA Privacy Guide[1] developed by Cathexis Technologies, which has been tailored to address compliance in the security sector and the use of video surveillance software.


Steps to take to ensure PoPIA compliance within your organisation

• Appoint an information officer and deputy within the organisation.

• Train staff in data protection and PoPIA compliance.

• Carry out a personal information impact assessment to assess your company’s compliance.

• Develop a compliance framework which includes the organisation’s policies regarding data collection, usage, storage, and security and the company process for handling complaints.

• Document all personal data processing activities.

• Communicate clearly with data subjects and customers: make it easy for them to access Data Subject Access Request forms and provide on-site and online notices when collecting personal information.

• Ask for data subjects’ consent when collecting information, record that consent and review the company’s processes for requesting and recording consent.

• Only store personal data as long as is necessary for the original lawful purpose of its collection.

• Create procedures for responding to data subject access requests and an information security policy for identifying and managing possible data breaches.

• Depending on the size of your company and the scale of data processing it carries out, budget for compliance measures, covering legal help, assessments, insurance and training.

For more information contact Cathexis Africa, +27 31 240 0800, [email protected], www.cathexisvideo.com

[1] https://cathexisvideo.com/resources/cathexisvision-privacy-guide/

[2] https://popia.co.za/protection-of-personal-information-act-popia/chapter-3-2/chapter-3/

[3] https://popia.co.za/


Credit(s)




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

CCTV control room operator job description
Leaderware Editor's Choice Surveillance Training & Education
Control room operators are still critical components of security operations and will remain so for the foreseeable future, despite the advances of AI, which serves as a vital enhancement to the human operator.

Read more...
The state of the VMS market
Arteco Global Africa Milestone Systems Cathexis Technologies Technews Publishing Surveillance
SMART Security Solutions asked three platform vendors in South Africa, one that is developed and maintained in the country with an international market, for their views on the state of the VMS market and where it is headed.

Read more...
A passport to offline backups
SMART Security Solutions Technews Publishing Editor's Choice Infrastructure Smart Home Automation
SMART Security Solutions tested a 6 TB WD My Passport and found it is much more than simply another portable hard drive when considering the free security software the company includes with the device.

Read more...
Navigating the complexities of privileged access management
Editor's Choice Access Control & Identity Management
Privileged Access Management and Identity Access Management are critical pillars of modern cybersecurity, designed to secure access to sensitive resources, enforce principles like least privilege, and implement just-in-time access controls.

Read more...
Rewriting the rules of reputation
Technews Publishing Editor's Choice Security Services & Risk Management
Public Relations is more crucial than ever in the generative AI and LLMs age. AI-driven search engines no longer just scan social media or reviews, they prioritise authoritative, editorial content.

Read more...
Efficient, future-proof estate security and management
Technews Publishing ElementC Solutions Duxbury Networking Fang Fences & Guards Secutel Technologies OneSpace Technologies DeepAlert SMART Security Solutions Editor's Choice Information Security Security Services & Risk Management Residential Estate (Industry) AI & Data Analytics IoT & Automation
In February this year, SMART Security Solutions travelled to Cape Town to experience the unbelievable experience of a city where potholes are fixed, and traffic lights work; and to host the Cape Town SMART Estate Security Conference 2025.

Read more...
Historic Collaboration cuts ATM Bombings by 30%
Online Intelligence Editor's Choice News & Events Security Services & Risk Management
Project Big-Bang, a collaborative industry-wide task team, has successfully reduced ATM bombings in South Africa by 30,7% during the predetermined measurement period of November, December and January 2024/5.

Read more...
World-first safe K9 training for drug detection
Technews Publishing SMART Security Solutions Editor's Choice News & Events Security Services & Risk Management Government and Parastatal (Industry)
The Braveheart Bio-Dog Academy recently announced the results of its scientific research into training dogs to accurately detect drugs and explosives without harming either the dogs or their handlers.

Read more...
The need for integrated control room displays
Leaderware Editor's Choice Surveillance Training & Education
Display walls provide a coordinated perspective that facilitates the ongoing feel for situations, assists in the coordination of resources to deal with the situation, and facilitates follow up by response personnel.

Read more...
Cyber top business risk as climate change hits record high
Editor's Choice
Globally, companies identify cyberattacks, particularly data breaches, as their primary business concern for the coming year, with business interruption ranked second. In Africa and the Middle East, cyber incidents, shifts in legislation and regulation, and macroeconomic developments are the three foremost business risks.

Read more...