Ensuring security without compromising privacy

Issue 6 2021 CCTV, Surveillance & Remote Monitoring

In our increasingly connected world, it’s not surprising that concerns around privacy, particularly in relation to personal data are on the rise. Questions about who has access to what information and for what purposes cannot be taken lightly. Today, governments and other regulatory bodies have developed regulations aimed at restricting collection, processing and access to personal data, including video footage, to help maintain privacy and mitigate the risks of criminal cyber activities.

At the same time, acquiring digital information is a vital component for protecting people and assets. Governments and private businesses frequently collect sensitive data from individuals using the spaces in and around their facilities. This can include personal identifiable information (PII), such as surveillance footage, photos and licence plate information. Does this mean that we have to sacrifice privacy for the sake of securing physical environments?

The answer is, most assuredly, no. Organisations just need to develop their security strategies with intention.

While the concept of privacy can be understood in different ways, from a security perspective, it is essentially about being able to keep personal matters to yourself. For individuals, data privacy means having the right to control how personal information is being collected and used as well as avoiding unauthorised access to information.

When an organisation does not make privacy protection a cornerstone of their security policies, it becomes an afterthought which can lead to the impression that privacy and security are at odds with one another. This does not have to be true.


Quintin Roberts.

Organisations can choose to work with vendors who develop tools that include privacy protection by design. They can select and deploy solutions that are hardened against cyber threats out-of-the-box by manufacturers so as to alleviate worries around system vulnerabilities. These solutions should also give them complete control over their data so that they can adjust protection methods and processes to meet evolving regulations and should also help them configure the system to define who has access to sensitive data and footage without slowing down response times or investigations.

A time of digital transformation and big data

There seems to be no limit to the number of devices being connected to our infrastructures. As Internet connectivity becomes more widespread and affordable, more of us are able to connect everyday items, including phones, alarm systems and lighting equipment to our networks. While this helps improve accessibility and usability, it can also increase system vulnerability by providing more network connections to attack.

Our response to the Covid-19 pandemic has accelerated this digital transformation on a global scale. This is particularly true in relation to the Internet of Things (IoT). When organisations asked employees to work from home, they required even greater connectivity as well as easier access to information from a larger pool of devices and multiple locations. In essence, governments and private businesses were extending their networks far beyond their office buildings.

This has led to increased concerns about data privacy, particularly as cyber criminals have taken advantage of potential system vulnerabilities, human errors (social engineering) and failure to implement best practices (using weak passwords, sharing personal credentials, clicking on suspicious links, etc.). As we connect more devices and applications to our networks, the risk of people’s data ending up in the wrong hands becomes even greater. The result has been that our public health needs are raising further concerns about how to properly protect data and people’s right to privacy.

The role of legislation

Governments and other regulatory bodies have an important role to play in mitigating the risks associated with criminal cyber activity and protecting privacy. As we know, cyber threats are not decreasing. From system hacks to DDoS attacks to the increased prevalence of ransomware attacks, criminal cyber activity is on the rise.

To address this, governments have developed legislation that hold businesses more accountable for data privacy or cybersecurity breaches. The European Union’s General Data Protection Regulation (GDPR) is the most notable mandate enacted to date. But others, including California’s Consumer Privacy Act (CCPA), Canada’s Personal Information Protection and Electronic Document Act (PIPEDA), Brazil’s General Protection Data Law (LGPD) and South Africa’s Protection of Personal Information Act (PoPIA) are also having a major impact on the way we shape and deploy security systems.

Regulatory bodies are also issuing compliance standards across vertical markets. For example, the United States Department of Health and Human Services issued the Health Insurance Portability and Accountability Act (HIPPA) to protect the privacy and security of health information. Similarly, the North American Electric Reliability Corporation (NERC) has issued the Critical Infrastructure Protection (CIP) standard. These regulations and standards can specify how to secure a facility, protect data and manage operations. As a result, organisations must sometimes adhere to multiple evolving standards and laws simultaneously.

The cost of compliance

According to a Privacy Risk Study done in 2020 by IAPP, 43% of organisations are working to comply with anywhere from two to five different privacy laws. What’s more, complying with increasingly stringent laws and regulations across geographies and industries has put a strain on many organisations’ resources.

Achieving compliance usually involves labour and time-intensive tasks, including revising and implementing corporate policies, auditing procedures and systems and re-investing in new technologies. Many organisations are currently struggling to find the staff and resources necessary to support privacy policies.

To make the issue more complicated, new questions about who is ultimately responsible for protecting data and privacy are emerging. Gartner, the global research and advisory company, predicts that, by 2025, 75% of CEOs will be personally liable for both cyber and physical security system attacks. This will surely lead to greater focus from top-level management on implementing physical security solutions that prioritise cybersecurity and privacy compliance.

To mitigate risks and keep costs under control, organisations need a single strategy, built on strong cybersecurity and privacy principles that work for them today and into the future. The good news is that, in 2020, IAPP also found that 565 of respondents are working toward a single, global data protection and privacy strategy that can be tailored to jurisdictional requirements as needed. The question now is how do we get there?

Adopting a unified approach is key

Adopting a unified approach to cybersecurity and data protection helps simplify processes and keeps compliance costs down. It allows organisations to streamline data protection and privacy policies across their entire network and enables them to adapt to evolving threats and mandates. When various cyber defence and privacy protection measures are accessible in one platform, organisations can respect privacy while remaining compliant.

Privacy-by-design

While policies and regulations aimed at preventing data breaches and privacy violations are a good idea, they don’t provide enough protection against cyber-attacks since they penalise organisations after-the-fact. Organisations need a more pro-active approach that includes a privacy-centric focus when designing a comprehensive data protection and privacy strategy.

A privacy-by-design approach involves pro-actively embedding privacy into the design and operations of IT systems, networked infrastructure and business practices from the first line of code to third-party vendors. Adopting this approach can have a positive impact on cybersecurity and can help organisations meet their strategic goals.

When software and hardware developers also adopt a privacy-by-design approach, it ensures higher levels of data protection without infringing on a technology’s evolution. By centring on the principle that respect for individual privacy is the foundation of responsible and innovative design, following this approach enables forward-thinking developers to build this principle into the products they create.

Choosing the right technology

When it comes to physical security technology, organisations need tools that allow security professionals to gather and manage data, including video, while supporting compliance with privacy laws around the world. They need solutions that are designed to help enhance cyber hygiene and respect privacy regulations by making data and privacy protection features accessible and configurable. They need physical security solutions built with privacy in mind.

Genetec solutions are designed to help organisations ensure that their physical security data complies with industry standards and privacy legislation around the world. KiwiVision Privacy Protector, for example, automatically obscures faces that are captured within a camera’s field of view. This add-on to the Genetec Security Center unified platform ensures that operators only have access to the information they need to complete their tasks. And when an event warrants an investigation, accessing the unobscured footage requires an additional layer of permissions.

With the Genetec Clearance digital evidence management system, law enforcement organisations can gather and share reliable evidence that protects everyone’s privacy. With built-in video redaction and secure user management, the identity of victims, bystanders, witnesses and police officers remains protected at all times. When an investigation requires collaboration, Clearance make it easy to give external access to certain pieces of evidence via secure links, with fully encrypted data. The system also helps end users set access permissions to sensitive data and footage without slowing down investigations and incident response. This way, end-users have control over this data so that they can adjust protection methods and processes to comply with privacy legislations based on where they are located in the world.

Trust is essential

Technology vendors have a social responsibility to help customers reach the highest levels of data protection and privacy. Customers want partners who build secure and compliant solutions that help them protect sensitive information. They need partners who keep up with emerging risks and work pro-actively to distribute fixes and new solutions. In addition, they also need partners who are forthcoming about potential vulnerabilities and keep communication open to mitigate risks.

At Genetec, we are committed to building secure and compliant solutions that help protect privacy without compromising physical security. We are transparent about emerging threats and provide our customers access to the latest data protection and privacy features. We also work with our technology partners to build a network of trust – an ecosystem of technology vendors that value data protection and confidentiality. We believe that protecting privacy is everyone’s responsibility so that together, we can create a safer, more secure world.

For more information contact Quintin Roberts, Genetec, +27 79 497 5129, qroberts@genetec.com, www.genetec.com


Credit(s)




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Retail solutions beyond security
Issue 8 2020, Axis Communications SA, Technews Publishing, Hikvision South Africa , Editor's Choice, CCTV, Surveillance & Remote Monitoring
The need for security technology to deliver more than videos of people falling or stealing from retail stores is greater than ever.

Read more...
A ‘step-change’ in tracking and monitoring
Issue 8 2020, Dahua Technology South Africa , CCTV, Surveillance & Remote Monitoring, Products
View an overall scene while monitoring a specific person or vehicle, or obtain a panoramic view while being able to zoom in and track particular targets.

Read more...
AI-powered hardhat detection
Issue 8 2020, Hikvision South Africa , Industrial (Industry), CCTV, Surveillance & Remote Monitoring
Hardhats save lives, but only if people wear them. Intelligent, AI-powered hardhat cameras are helping to ensure workers in dangerous locations stay safe at all times.

Read more...
Leveraging intelligence for surveillance
Issue 6 2021, Leaderware , Editor's Choice, CCTV, Surveillance & Remote Monitoring
Have companies seized the opportunities to complement and enhance the capabilities of both CCTV surveillance and that of intelligence gathering to gain strategic and operational insights?

Read more...
Smart parking solution
Issue 6 2021, Dahua Technology South Africa , CCTV, Surveillance & Remote Monitoring
The Dahua Smart Parking Solution supports various types of parking spaces, allowing usage of different payment options.

Read more...
New security area at truck stop
Issue 6 2021, Bosch Building Technologies , CCTV, Surveillance & Remote Monitoring
Intelligent truck parking solution from Bosch protects drivers and freight with AI, meeting high European security standards with the TAPA Level 2 certificate.

Read more...
Supply chains, a new vulnerability for cyber-attacks
Issue 6 2021, Axis Communications SA , Transport (Industry), CCTV, Surveillance & Remote Monitoring, Asset Management, EAS, RFID, Logistics (Industry)
One popular route into a secured network is via the supply chain and history is not short of examples of successful cyberattacks that were achieved by this method.

Read more...
Customisable security alarm system
Issue 6 2021, Dahua Technology South Africa , CCTV, Surveillance & Remote Monitoring
Dahua has launched its upgraded Three-in-One Camera series, the TiOC 2.0, which features active deterrence, smart dual illuminators, VoiceCatcher technology and other intelligent features.

Read more...
Which panoramic camera goes where?
Issue 6 2021, Dahua Technology South Africa , CCTV, Surveillance & Remote Monitoring
When it comes to panoramic cameras, there are a number of options to choose from, some include multiple sensors in a single housing, others produce panoramas with a single camera sensor.

Read more...
Video surveillance as a service
Issue 6 2021, Secutel Technologies , CCTV, Surveillance & Remote Monitoring
The ability for companies to provide remote security services to customers by leveraging their existing investments in people, processes and technology through an operational/rental pricing option is beneficial.

Read more...