Day: September 21, 2020

With great advances in video and access control technology – including mobile capabilities, cloud efficiencies, analytics and biometrics – security providers are aiming to create the most secure and seamless credentials, all during a time when privacy concerns seem to be dictating public opinion and impacting security. The increase in use of these technologies brings with it a growth in the volume of data. This article looks at the following areas of focus in privacy considerations: Definitions of privacy. Legalities of privacy and compliance (in the U.S.). Education on privacy. Definitions and ethical use of facial recognition. The biometric debate. Can we have both security and convenience? Definitions of privacy The description for privacy in Merriam-Webster’s dictionary is – “freedom from unauthorized intrusion.” From a legal point of view, privacy is defined as a person’s right to control access to his or her personal information. In today’s data-driven world, privacy issues are raised in the context of government collection or distribution of personal information, as well as corporate use of personally identifiable information (PII). PII is any data that could potentially be used to identify a particular person. Examples include a full name, social security number, driver’s license number, bank account number, passport number and email address. Photo or video data also comes into play, as well as biometric data. Legalities of privacy Milestone Systems is a global video management software company based out of Copenhagen, Denmark, that has had a focus since 2017 on the General Data Protection Regulations (GDPR) that went into force in Europe in May 2018. They define the individual’s critical privacy matters to be protected as ‘sensitive personal data’ such as your racial/ ethnic origin, genetic and biometric info, health and financial data, religious, political and sexual preferences. GDPR has a focus on these key principles: Lawfulness. Fairness and transparency. Legitimate purpose’ limitations on the gathering, use, sharing and storage of sensitive personal data, and its minimization. Milestone has investigated every facet of business from products to business practices, to ensure compliance and provide guidance to employees, partners and customers. In the U.S., three states led the way in 2019 enacting biometric privacy laws – Illinois, Texas and Washington. The California Consumer Privacy Act (CCPA) took effect in January 2020. Then multiple states proposed similar legislation to protect consumers. Arizona, Florida, and Massachusetts introduced legislation addressing biometric privacy, on the heels of a decision for the Illinois Biometric Information Privacy Act. The best way for security dealers, integrators and consultants to learn each state’s biometric laws and work within their parameters is to keep informed. To stay abreast of the changing state-privacy landscape, the IAPP Westin Research Center compiled a list of proposed comprehensive privacy bills from across the country. The updated version of this tool, including a new state law tracker map, exists on the IAPP Resource Center, here. It is advised to take a multi-path approach to stay informed from the many points of view: Join local chapters of SIA and ASIS to network with other professionals specific to your region. Partner with the manufacturers and developers of the technologies you are interested in; they will know how their solutions fit state and local legislation. Get involved with local law enforcement groups, attend relevant presentations on new local and state ordinances. Follow and support organizations like the IAPP which is the world’s largest and most comprehensive global information privacy community. Be vigilant for compliance Ensuring compliance with GDPR and similar data privacy laws requires high organizational maturity with careful planning and preparation of video surveillance and other security systems, including the policies and procedures regulating how the technology is used. To help system integrators and end users design, implement and operate video surveillance systems that are compliant with such privacy regulations, Milestone provides a holistic set of tools, including privacy guides, best practices and training resources to build privacy awareness. If you go to the Milestone website and search for GDPR, you’ll find 1,450 references. There’s a lot of useful information available. Education on privacy and cybersecurity The entire market needs to be educated on what’s being done with people’s sensitive information. Milestone carries out GDPR webinars that are mandatory for staff – as we have also done with cybersecurity training (both internally and externally for our partners) which is related when trying to preserve data privacy, access or sharing. Regarding cybersecurity hackers and our partners’ work with IT systems, current knowledge and best practices help to keep people’s sensitive information safe. Double authentication is becoming standard for managing access to company systems and websites. Data encryption is also key to the lockdown of information and its history of creation, access, user logs etc. Regular software updates with the newest version releases are also best practice to ensure against cyber trouble. At Milestone, we have a comprehensive system hardening guide online. It details the top five most effective cybersecurity strategies to focus on when combating cyberattacks: Isolate the device network from other networks. Educate employees about security threats. Use Active Directory for user and computer management. Enable encryption at every stage necessary. Separate the VMS server and client networks from the company’s business network. Ethics of facial recognition Advanced facial recognition technology has benefited Americans in countless under-publicized ways, helping to do many critical things, for example: find missing children, fight human trafficking, secure borders from drug trade, identify dangerous criminals, bring sexual predators to justice and thwart identity thieves. There is a difference between facial detection vs. facial recognition. Facial detection is a broader term and means that a system is able to identify that there is a human face present in an image or video. Facial recognition can confirm identity and thereby be used to control access to sensitive areas. Authentication/ verification helps verify a person is who they claim to be. The system checks a submitted photo against an existing template to verify that it is the same person – one-to-one (1:1) matching. This configuration is applicable to banking,…