Three rules for visitor data privacy and protection

Issue 2 2022 Access Control & Identity Management

Since Covid hit our shores in early 2020, it brought a sea of data breaches, one crashing wave after another. From Experian to Lightstone and now TransUnion, personal data is under siege from all sides.

What can your business do to protect visitors’ information? ATG Digital gives insight into the triad of visitor data protection.

“When people do business with your company, they trust you with their information,” says ATG’s Ariel Flax. “Your responsibility for their privacy should extend to anyone who submits their personal information when they check in at the gate or reception.”

According to Flax, visitor data can be targeted by criminals or competitors. Good privacy practices aren’t just a courtesy but a legal requirement since PoPIA came into effect in July last year.

Rule 1: Only collect what you need

Collecting critical data only at check-in saves visitors time and mitigates risks. “Your guests love the swift experience and feel safer on your premises,” says Flax. Visitors immediately get annoyed when they have to answer too many questions.

As per PoPI Act regulations, Flax advises businesses only to collect what is necessary for the purpose of access control security on-site.

Rule 2: Encrypt personal information at reception

“If you’re still using handwritten registration books, ditch it,” cautions Flax, “our most recent survey revealed that over 60% of visitors peep at who’s checked in ahead of them — that’s 60% too many.”

Names, cellphone numbers and ID numbers should not be exposed at any time. Electronic devices can be locked, encrypted and remotely wiped in the event of theft.

Rule 3: Write data protection into your company DNA

Security and governance go hand-in-hand, yet many companies fall short by assigning the responsibility of visitor data either to physical security or IT.

Firewalls, IPS and IDS go a long way, but Flax says, “It’s everyone’s responsibility to know and enact the security policy. Employee training against social engineering (phishing), network and physical perimeter protection must be enforced daily.”

These days, a cellphone number and a name are enough for unscrupulous hackers. In line with PoPIA, have a policy that defines the process of collecting data, securely storing it and deleting it as soon as it is no longer necessary. You’ll need a shredder if you have paper records.

Digital visitor management software like At The Gate and At Reception immediately encrypts data and uploads it to the cloud. Records are not stored on the device and cannot be accessed by security guards, receptionists, or anyone else who may handle the device.

Consider ears too

While most companies are primarily concerned with prying eyes (and long fingers), Flax raises an interesting point about keeping sensitive information out of earshot.

“Discussions in meeting rooms and offices also need protection,” he says. “Assess the acoustics of your offices and meeting rooms. Consider investing in some soundproofing if need be. You can make a policy not to discuss the personal data of visitors/patients/partners in common areas of the office.

“The point of [data] entry can be the very point where sensitive information leaves. If you’re asking visitors for information on arrival, guard it the same way you would any other data on your network,” concludes Flax.

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Access Selection Guide 2024
Access Control & Identity Management
The Access Selection Guide 2024 includes a range of devices geared specifically for the access control and identity management market.

Biometrics Selection Guide 2024
Access Control & Identity Management
The Biometrics Selection Guide 2024 incorporates a number of hardware and software biometric identification systems aimed at the access and identity management market of today.

Smart intercoms for Sky House Projects
Nology Access Control & Identity Management Residential Estate (Industry)
DNAKE’s easy and smart intercom solution has everything in place for modern residential buildings. Hence, the developer selected DNAKE video intercoms to round out upmarket apartment complexes, supported by the mobile app.

Authentic identity
HID Global Access Control & Identity Management
As the world has become global and digital, traditional means for confirming authentic identity, and understanding what is real and what is fake have become impractical.

Research labs secured with STid Mobile ID
Access Control & Identity Management
When NTT opened its research centre in Silicon Valley, it was looking for a high-security expert capable of protecting the company’s sensitive data. STid readers and mobile ID solutions formed part of the solution.

Is voice biometrics in banking secure enough?
Access Control & Identity Management AI & Data Analytics
As incidents of banking fraud grow exponentially and become increasingly sophisticated, it is time to question whether voice banking is a safe option for consumers.

Unlocking efficiency and convenience
OPTEX Access Control & Identity Management Transport (Industry)
The OVS-02GT vehicle detection sensor is the newest member of Optex’s vehicle sensor range, also known as ‘virtual loop’, and offers reliable motion detection of cars, trucks, vans, and other motorised vehicles using microwave technology.

Protecting our most vulnerable
NEC XON Access Control & Identity Management Products & Solutions
In a nation grappling with the distressing rise in child kidnappings, the need for innovative solutions to protect our infants has never been more critical. South Africa finds itself in the throes of a child abduction pandemic.

Understanding the power of digital identity
Access Control & Identity Management Security Services & Risk Management Financial (Industry)
The way we perceive business flourishing is undergoing a paradigm shift, as digital identity and consumer consent redefine the dynamics of transactions, says Shanaaz Trethewey.

Access & identity expectations for 2024
Technews Publishing IDEMIA ZKTeco Gallagher Salto Systems Africa Regal Distributors SA Reditron Editor's Choice Access Control & Identity Management Information Security AI & Data Analytics
What does 2024 have in store for the access and identity industry? SMART Security Solutions asked several industry players for their brief thoughts on what they expect this year.