Features
i-PRO shares tips for Data Privacy Day

i-PRO has shared some tips on protecting the privacy of data captured from video surveillance systems to coincide with International Data Privacy Day, which is observed on Jan. 28.

“Privacy by design is a core tenet of i-PRO’s business philosophy,” said Hiroshi (Huey) Sekiguchi, CMO, i-PRO, in a statement. “Recognizing Data Privacy Day on Jan. 28 is a great reminder that data privacy needs to be top of mind whether you are an end user, integrator, or manufacturer of physical security systems.”

Best practices shared by i-PRO include:

Prioritize privacy by design

Protecting data privacy can’t be an add-on feature. Look for manufacturers that consider privacy in their designs from conceptualization. A key part of any design should make it easy for integrators and end users to comply with regulations as they continue to evolve. The demands may vary widely across different geographies. Make sure any solution you choose has the flexibility to adapt. Ensure your system providers’ partners are properly certified so there is no weak point in the chain.

Find a balance between privacy and effectiveness

People need to know they are protected, but not to a point where they are uncomfortable with how their personal identifiable information might be used or viewed. Transparency builds trust. Organizations should consider displaying redacted streams that mask the faces of individuals in public view monitors that both employees and customers can see.

Have a privacy code of conduct

Put in place a code of conduct for your organization that includes a reference to your data privacy policies. Familiarize yourself with data privacy laws and regulations relevant to your region, such as GDPR in Europe, CCPA in California, or other local legislation. Ensure your systems and policies are compliant. Train staff thoroughly and repeatedly on data privacy policies and practices. They should understand the importance of protecting personal data and know how to do so in their daily work. Be transparent about data collection practices, informing individuals about what data is being collected, why it is being collected, and how it will be used.

Educate stakeholders on the differences between AI, analytics, and facial recognition

People often confuse AI with analytics, but they’re distinct. AI is used in the video industry to enhance analytics and analysis capabilities, such as detecting humans and vehicles. Analytics, on the other hand, typically refers to the process of analyzing what a detected object is doing. For video security systems, it’s essential to understand that the descriptive metadata an AI-based camera captures is composed of anonymous data about the humans they detect. Most importantly, AI does not equal facial recognition. Facial recognition is a specific, focused function which has distinct privacy implications, while most AI implementations do not. And while facial recognition might be improved with some AI-based techniques, facial recognition has had its own separate evolution distinct from AI.

Encrypt data in transit and at rest

Encrypting video data, both in transit and at rest, is crucial for maintaining data confidentiality and integrity. For data in transit, common methods include TLS/SSL encryption. Used by HTTPS, this encrypts the data between the client and the server to ensure video data cannot be easily intercepted by unauthorized parties. Secure real-time transport protocol (SRTP) is another widely supported method to encrypt video and audio streams. For data at rest (storage), methods include the advanced encryption standard (AES) or similar algorithms. Many cloud storage providers offer built-in encryption for data at rest which includes both server-side and client-side encryption. Proper key management is crucial for both types of encryption. Keep security systems, including software and hardware, up to date. Regular updates and patches protect against vulnerabilities that could be exploited to access data.

Limit access to sensitive data and store only information that is required

Grant access to data only to those who require it as part of their job. Review access rights regularly so privileges align with user requirements. Use a service such as Microsoft Active Directory to automate the addition/deletion of user accounts to help reduce human error when managing rights and privileges, or when removing users who are no longer with the company. Manage and control data that is no longer required to reduce risk in the event of a breach. Make sure your data retention policy follows any necessary regulations for your organization and either archive or dispose of it securely when it’s no longer needed.