Where tech and privacy collide
June 2018, Security Services & Risk Management

Balancing competing human rights and interests is a complex exercise for legislators. When the subject is the right to privacy, giving effect to a new law can be even trickier. The enactment of the Protection of Personal Information Act (PoPIA) in 2013 is a prime example.

In a sector that utilises new integrated technology to surveil and protect citizens and businesses, leading security companies must stay on the cutting-edge of smart solutions, on the one hand, and comply with privacy laws on the other hand. Amid a competitive race to rollout ‘big brother’ technology, the industry must weigh competing interests to ensure they do not breach privacy laws.

Select sections of PoPIA have come into effect, but many of the provisions that create compliance requirements have yet to commence. Uncertainty about when the law will be fully implemented is no reason for the industry to delay implementing operational regime changes. Those slow off the mark risk being left behind by advances in the dual realms of technology and regulation.

As a starting point, businesses must read the Information Regulator’s PoPIA guidelines specifying the duties and responsibilities of ‘information officers’, who are essentially a company’s point person on all matters related to information security.

A security company with a national footprint in residential and commercial markets, such as Fidelity ADT, has already started examining its policies and procedures to ensure it’s aligned with PoPIA. The company’s integrated solutions for office parks and commercial business premises include visual verification monitoring, CCTV surveillance, and vehicle tracking.

Fidelity ADT uses a locally produced motion-activated recording system developed by SecuVue. “With the systems in place at commercial properties, we can use facial recognition technology to compare images against a detailed database of ‘persons of interest’ when the need arises,” says Clive van Ryneveld, Fidelity ADT commercial executive. The system was built for the South African market ensuring seamless integration into existing infrastructure. The cameras are monitored by the Fidelity ADT control room operator, reducing the risk of false alarms.

‘Smart analytics algorithms’ automatically verify information, reducing the need for human intervention, he adds.

Van Ryneveld says Fidelity ADT’s commercial offerings are centrally controlled and operated so its systems are ready for PoPIA. “In the meantime, we are auditing how our electronic systems and employees gather information.”

Fidelity ADT employees are also restricted in terms of the type of information they are allowed to access, edit or collect. “This is driven by a system and authorisation protocol, internal policies and procedures.” As a security provider, Van Ryneveld says, the company regards customer information as highly confidential, so safeguards and automatic audit trails are embedded into its system.

The remaining sections of PoPIA will only commence once the Information Regulator is fully operational, which could be at the end of 2018. When the President proclaims the commencement date, businesses will have a grace period of one year before enforcement begins.

For more information, contact Fidelity Security Group, +27 (0)11 763 9000, danielmo@fidelitysecurity.co.za, www.fidelitysecurity.co.za