Three rules for visitor data privacy and protection

Issue 2 2022 Access Control & Identity Management

Since Covid hit our shores in early 2020, it brought a sea of data breaches, one crashing wave after another. From Experian to Lightstone and now TransUnion, personal data is under siege from all sides.

What can your business do to protect visitors’ information? ATG Digital gives insight into the triad of visitor data protection.

“When people do business with your company, they trust you with their information,” says ATG’s Ariel Flax. “Your responsibility for their privacy should extend to anyone who submits their personal information when they check in at the gate or reception.”

According to Flax, visitor data can be targeted by criminals or competitors. Good privacy practices aren’t just a courtesy but a legal requirement since PoPIA came into effect in July last year.

Rule 1: Only collect what you need

Collecting critical data only at check-in saves visitors time and mitigates risks. “Your guests love the swift experience and feel safer on your premises,” says Flax. Visitors immediately get annoyed when they have to answer too many questions.

As per PoPI Act regulations, Flax advises businesses only to collect what is necessary for the purpose of access control security on-site.

Rule 2: Encrypt personal information at reception

“If you’re still using handwritten registration books, ditch it,” cautions Flax, “our most recent survey revealed that over 60% of visitors peep at who’s checked in ahead of them — that’s 60% too many.”

Names, cellphone numbers and ID numbers should not be exposed at any time. Electronic devices can be locked, encrypted and remotely wiped in the event of theft.

Rule 3: Write data protection into your company DNA

Security and governance go hand-in-hand, yet many companies fall short by assigning the responsibility of visitor data either to physical security or IT.

Firewalls, IPS and IDS go a long way, but Flax says, “It’s everyone’s responsibility to know and enact the security policy. Employee training against social engineering (phishing), network and physical perimeter protection must be enforced daily.”

These days, a cellphone number and a name are enough for unscrupulous hackers. In line with PoPIA, have a policy that defines the process of collecting data, securely storing it and deleting it as soon as it is no longer necessary. You’ll need a shredder if you have paper records.

Digital visitor management software like At The Gate and At Reception immediately encrypts data and uploads it to the cloud. Records are not stored on the device and cannot be accessed by security guards, receptionists, or anyone else who may handle the device.

Consider ears too

While most companies are primarily concerned with prying eyes (and long fingers), Flax raises an interesting point about keeping sensitive information out of earshot.

“Discussions in meeting rooms and offices also need protection,” he says. “Assess the acoustics of your offices and meeting rooms. Consider investing in some soundproofing if need be. You can make a policy not to discuss the personal data of visitors/patients/partners in common areas of the office.

“The point of [data] entry can be the very point where sensitive information leaves. If you’re asking visitors for information on arrival, guard it the same way you would any other data on your network,” concludes Flax.




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

The future of security: intelligent automation
Access Control & Identity Management AI & Data Analytics IoT & Automation
As the security landscape evolves, businesses are no longer looking for stand-alone solutions, they want connected, intelligent systems that automate, streamline, and protect.

Read more...
Smart automation is changing security
SA Technologies IntelliGuard Access Control & Identity Management
Security has come a long way from manual check-ins, logbooks, and standalone surveillance cameras. With the rise of intelligent automation, security is now faster, smarter, and more connected than ever.

Read more...
The future of security in South Africa
ATG Digital Access Control & Identity Management
Security technology is evolving rapidly, but is local innovation keeping pace? Some global players recognise the potential of South African products for international markets, but can our manufacturers and service providers thrive without external support?

Read more...
Integration enhances estate access control
Access Control & Identity Management
With one-third of residential burglaries starting at the front door, the continued seamless integration of Glovent’s estate management platform with Impro access control software is welcome news for estates.

Read more...
T&A in South Africa’s retail sector
ERS Biometrics Access Control & Identity Management
Using existing systems, ERSBio provides a practical and more cost-effective way for businesses to manage operations, reduce payroll mistakes, and enhance overall efficiency through innovative T&A processes.

Read more...
Navigating the complexities of privileged access management
Editor's Choice Access Control & Identity Management
Privileged Access Management and Identity Access Management are critical pillars of modern cybersecurity, designed to secure access to sensitive resources, enforce principles like least privilege, and implement just-in-time access controls.

Read more...
Paxton opens second experience centre
Paxton News & Events Access Control & Identity Management
Security technology manufacturer, Paxton, has opened a new experience centre in Cape Town on 12 February in partnership with its exclusive distributors, Reditron and Regal Security.

Read more...
DoorBell with built-in AI
Ajax Systems Access Control & Identity Management Products & Solutions Smart Home Automation
Ajax Systems has announced the release of Ajax DoorBell, which features built-in AI, an IR sensor, and app control, seamlessly integrating into the Ajax ecosystem to ensure efficiency and security confidence.

Read more...
Physical security evolving beyond security teams
ATG Digital Access Control & Identity Management
The landscape of physical security is undergoing a major shift. Traditionally, selecting access control and visitor management solutions fell squarely on the shoulders of security professionals, but today includes legal, IT, technical operations and more.

Read more...
A passwordless future?
Access Control & Identity Management
The digital landscape is evolving rapidly, and with it comes the urgent need for more secure authentication methods. Passwords, once the cornerstone of online security, are now easy targets for cybercriminals.

Read more...