Three rules for visitor data privacy and protection

Issue 2 2022 Access Control & Identity Management

Since Covid hit our shores in early 2020, it brought a sea of data breaches, one crashing wave after another. From Experian to Lightstone and now TransUnion, personal data is under siege from all sides.

What can your business do to protect visitors’ information? ATG Digital gives insight into the triad of visitor data protection.

“When people do business with your company, they trust you with their information,” says ATG’s Ariel Flax. “Your responsibility for their privacy should extend to anyone who submits their personal information when they check in at the gate or reception.”

According to Flax, visitor data can be targeted by criminals or competitors. Good privacy practices aren’t just a courtesy but a legal requirement since PoPIA came into effect in July last year.

Rule 1: Only collect what you need

Collecting critical data only at check-in saves visitors time and mitigates risks. “Your guests love the swift experience and feel safer on your premises,” says Flax. Visitors immediately get annoyed when they have to answer too many questions.

As per PoPI Act regulations, Flax advises businesses only to collect what is necessary for the purpose of access control security on-site.

Rule 2: Encrypt personal information at reception

“If you’re still using handwritten registration books, ditch it,” cautions Flax, “our most recent survey revealed that over 60% of visitors peep at who’s checked in ahead of them — that’s 60% too many.”

Names, cellphone numbers and ID numbers should not be exposed at any time. Electronic devices can be locked, encrypted and remotely wiped in the event of theft.

Rule 3: Write data protection into your company DNA

Security and governance go hand-in-hand, yet many companies fall short by assigning the responsibility of visitor data either to physical security or IT.

Firewalls, IPS and IDS go a long way, but Flax says, “It’s everyone’s responsibility to know and enact the security policy. Employee training against social engineering (phishing), network and physical perimeter protection must be enforced daily.”

These days, a cellphone number and a name are enough for unscrupulous hackers. In line with PoPIA, have a policy that defines the process of collecting data, securely storing it and deleting it as soon as it is no longer necessary. You’ll need a shredder if you have paper records.

Digital visitor management software like At The Gate and At Reception immediately encrypts data and uploads it to the cloud. Records are not stored on the device and cannot be accessed by security guards, receptionists, or anyone else who may handle the device.

Consider ears too

While most companies are primarily concerned with prying eyes (and long fingers), Flax raises an interesting point about keeping sensitive information out of earshot.

“Discussions in meeting rooms and offices also need protection,” he says. “Assess the acoustics of your offices and meeting rooms. Consider investing in some soundproofing if need be. You can make a policy not to discuss the personal data of visitors/patients/partners in common areas of the office.

“The point of [data] entry can be the very point where sensitive information leaves. If you’re asking visitors for information on arrival, guard it the same way you would any other data on your network,” concludes Flax.

For more information contact ATG Digital, +27 10 500 8611,,

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Heightening physical security at military base
Turnstar Systems Access Control & Identity Management Government and Parastatal (Industry) Products
Turnstar Systems recently installed two 3-metre Velocity Raptor traffic spikes at the South African National Defence Force (SANDF) Randfontein military base on Gauteng’s West Rand.

Zero Trust to dominate 2023
Cyber Security Access Control & Identity Management
Traditional ways of safeguarding data are no longer sufficient in 2023. Zero Trust has emerged as a more proactive way for businesses to keep their systems, data, and networks protected against compromise.

Turnstar opens an office in the UK
Turnstar Systems News Access Control & Identity Management
Turnstar Systems recently established an office in the Greater Manchester borough in the North East of England, as part of the company’s ongoing expansion strategy.

Enkulu Technologies to distribute Brazil’s Control iD
News Access Control & Identity Management Products
Enkulu Technologies has been appointed as the first South African distributor of Control iD products; a Brazilian company offering a T&A range of solutions based on its range of biometric products.

HID Technology Seminar
Technews Publishing HID Global News Access Control & Identity Management Products
HID Global’s technology seminar introduced partners and distributors to the company’s new Signo range of readers and highlighted the benefits and global growth of mobile access credentials.

Celebrating a successful year
Gallagher Technews Publishing News Access Control & Identity Management Products
Gallagher Security hosted an end-of year event at the Steyn City Equestrian Centre in which it thanked its partners for another successful year and provided a glimpse into what the company will be releasing in 2023.

Innovation and service, 37 years and counting
Technews Publishing Impro Technologies Access Control & Identity Management Integrated Solutions
Innovation, simplicity and trust underpin the nearly 40 years of success of local access control brand, Impro Technologies, which is still run as an independent entity despite being acquired by ASSA ABLOY in 2016.

Access control for one of Britain’s oldest boarding schools
Access Control & Identity Management Education (Industry) Products
In 2022, Christ’s Hospital School, which hosts 18 boarding houses on site, needed to replace its access control security system with a new solution that would be simple to manage and maintain.

Improving safety and security
Gallagher Education (Industry) Access Control & Identity Management Integrated Solutions
Education facilities have more than enough to deal with when it comes to allocating budget. Security often seems to be the last item on the agenda but is more important than ever.

Putting the customer first
Gallagher Access Control & Identity Management
Gallagher predicts the global market will remain difficult for businesses throughout 2023, but believes that its customer-centric strategy will help the company to innovate its way to delivering outstanding value to customers, despite a challenging economy.