On Data Privacy Day, Jan. 28, Genetec offered the following recommendations to help organizations ensure their security systems respect data privacy.
Establish privacy governance
Designate a data protection officer to guide strategies and comply with regulations. Map how data is collected and processed, where it’s stored, how long it’s kept, and who can access it. Categorize data in terms of risk. Identify people outside your organization who may need to access your data and assess the risk your data processing operations pose to citizens’ rights.
Build a data protection strategy
Conduct a gap analysis of data processing operations. Evaluate existing systems’ ability to address privacy without draining resources. Implement new processes as necessary and document your privacy policies and procedures. Educate your entire workforce on cybersecurity and privacy best practices.
Assess the capabilities of technology and partners
Proactively seek out those that may offer to help uphold privacy and protection. Inquire about certifications and steps partners and vendors are taking to comply with privacy legislation. Choose solutions built with Privacy by Design, that enable privacy features by default. Consider solutions that enable you to standardize processes and policies across different regions.
Build security systems with privacy in mind
Enable multiple layers of defence to protect personal information collected by physical security systems. Define user access to restrict those who can log into applications and what they can see/do. Implement privacy features like video anonymization that blurs identities in footage. Automate data retention policies to ensure data is automatically deleted as required. Leverage a digital evidence management system to securely share information for investigations and citizen requests.
Stay current on data privacy laws and evolve policies and processes regularly. Leverage hardening tools to actively monitor cybersecurity compliance and keep up with software updates. Monitor user activity logs to check what data, systems and files are being accessed. Activate health monitoring to receive alerts automatically about system vulnerabilities or device failure. Consider a hybrid cloud implementation to streamline access to the latest cybersecurity and data privacy updates.
“International Data Privacy Day is the perfect time to share what we’ve learned over 25 years. Organizations should never have to choose between data privacy and security,” said Christian Morin, chief security officer at Genetec, in a company statement.
Print this page