Ephrem Tesfai, Sales Engineering Manager at Genetec
- Do you believe there is a way for companies to ensure security without compromising on their customers’ privacy?
As the world becomes increasingly governed by our ability to remain connected and online, this raises concerns around individuals’ sense of privacy and the usage of their personal data. These worries include information gathering, processing, regulatory laws and access control. For the world of physical security solutions, there is a large focus on risks associated with the abuse of video footage, a necessary means for assuring safety, and cybersecurity risks.
In order to balance privacy and security, whether it is physical or cyber, there are measures which companies can put in place in order not to compromise one or the other. When a business fails to make privacy protection a priority in its security policy, it becomes an afterthought, giving the perception that privacy and security are incompatible. This isn’t always the case.
Companies are in control of the vendors they work with, and thus are at the liberty of choosing to partner with those that implement privacy by design. Companies can choose solutions with a heavy focus on cybersecurity fortification as this can alleviate the risk of vulnerabilities. Solutions used must allow for access control to be easily managed according to employee privileges as to both assure a higher level of protections while also following regulatory requirements without compromising the efficacy of the tool.
- How does digital transformation and big data impact the assurance of privacy?
Following the COVID-19 pandemic, digitalisation sped up on a global level. As employees were forced to transfer their daily operations to digital platforms, this led to the need for greater connectivity. While digital transformation and big data have pushed the leap towards technology dependence, this has also resulted in an inevitable focus on privacy assurance and the risks associated with it.
The number of Internet of Things (IoT) devices connected to companies’ infrastructures is unlimited however this also means there are more gateways for cyberattacks, potential human errors and risks due to failure to implement best practice. The rapid digital transformation has led to cybersecurity concerns, thus jeopardizing the assurance of privacy.
- Could you explain how legislation and compliance factor into the issue of data privacy?
Governments and other regulatory agencies play a critical role in reducing the hazards of illicit cyber activities and safeguarding personal information. Cyber threats, as we all know, aren’t going away. Criminal cyber activity is on the rise, from system intrusions to DDoS attacks to the rising prevalence of ransomware operations.
Governments have responded by enacting legislation that makes firms more responsible for data privacy and cybersecurity breaches. The General Data Protection Regulation (GDPR) of the European Union is the most notable requirement enacted to date. Others, such as the Federal Law No. 5 of 2012 on Combatting Cybercrimes and Article 378 of the UAE Penal Code and Article 31 of the UAE’s Constitution ensure data and privacy protection in the UAE.
Compliance requirements are also being issued by regulatory authorities across vertical markets. The Internet Access Management (IAM) policy for example, was enacted by Telecommunications and Digital Government Regulatory Authority (TDRA) to ensure that online content used for impersonation, fraud and phishing and/or invades privacy is persecuted. As a result, businesses must sometimes comply with many evolving standards and rules at the same time.
- How would you recommend businesses ensure both their safety and privacy?
Adopting a unified strategy to cybersecurity and data protection reduces compliance costs and streamlines operations. It enables businesses to standardise data protection and privacy policies throughout their entire network, as well as respond to changing risks and regulations. Organisations may respect privacy while remaining compliant when diverse cyber defense and privacy protection solutions are accessible in one platform.
While laws and regulations aimed at preventing data breaches and privacy violations are a good idea, they do not provide enough security against cyber-attacks because they penalise companies after the fact. When developing a comprehensive data security and privacy plan, organisations need to take a more proactive approach that focuses on privacy.
Genetec addresses this issue with the KiwiVision Privacy Protector, which hides the faces of people who aren’t relevant to the current circumstance, protecting their privacy. As more companies from various industries adopt the cloud globally, the same can be said for video surveillance technology, as operations will be moved online and a focus on cybersecurity will be drawn. We anticipate widespread adoption of unified surveillance systems rather than integrated surveillance systems, as unification outperforms integration in terms of consistency and convenience, as everything is provided through a single interface rather than connected ones, which are prone to connectivity problems.
- What would you consider to be the five principal privacy protection capabilities and how can organisations apply them?
Using a unified security solution, businesses may create a physical security system that allows their staff to protect people and assets while also protecting video data and personal privacy. Here are five important privacy-protection features to consider for any security platform:
Encrypted data and video communication. Encryption protects data by converting legible text and video into an unreadable format that is unreadable by prying eyes. An organisation’s entire network can be protected by extending encryption from devices to apps and archiving.
Automatic anonymisation. Operators may view what’s going on in the video without infringing anyone’s privacy because the identities of individuals in the video are automatically obscured. As a result, the data is changed from a high-risk to a low-risk category.
Digital evidence management. Managers send an email with a link to the desired file instead of burning copies of footage on a CD or USB stick. Set permissions that allow the receiver to only watch the video, for example. Organisations can also use built-in redaction to hide individual faces in order to maintain privacy.
User privileges and audit trails. These ensure that data integrity is maintained. Individuals or groups can be granted access to specific resources, data, or applications by organisations. They can also define what users are allowed to do with these resources in advance. Audit logs, which show who accessed files, can then be used to confirm or refute suspicions of tampering.
Built-in health monitoring and maintenance services. Keeping your software and firmware up to date is an important element of any risk mitigation strategy, and automated services make it easier to do so and deploy vital security updates as soon as they are released. Operators can take prompt action after receiving alerts about devices going offline or other system issues. Small-scale event management ensures system safety in the case of a larger threat. This protects operators against fraudsters while also ensuring the highest standards of privacy.