SIA Releases Privacy Framework For Security Technology
The Security Industry Association (SIA) is taking the lead on privacy protection issues with the release of a 12-item “Privacy Framework.”
The Framework was drafted to address privacy concerns related to the recording of video, the collection of personally identifiable information and the use of biometrics, RFID and other security technologies.
“While security without privacy is possible, privacy without security is impossible,” said Kathleen Carroll of HID Global, the chair of the SIA Government Relations Department’s State & Local Policy Working Group. “SIA has taken a significant step forward in providing guidelines as to how responsible protection of personal privacy can be practically applied throughout the security industry. HID Global is proud to have actively participated in the development of the Privacy Framework and is committed to offering secure identity solutions that adhere to the privacy protection principles laid out in the document.”
SIA has been active in promoting the responsible use of security technology. It has opposed legislative efforts in several states that would have sharply restricted the use of such technologies as biometrics and RFID, arguing that these moves are an inappropriate and ill-informed reaction to legitimate concerns about privacy that would result in the use of less reliable technologies that could make people less secure and make private information more vulnerable.
“Overly restrictive government privacy policies can lead to excessive litigation, prevent the delivery of cutting-edge security solutions to end-users, and impose unnecessary delays in the allocation of grant funds for critical infrastructure protection projects at our nation’s ports, transit systems, schools and universities, and other essential facilities,” the framework states. “SIA members know all too well how changes in technology occur much faster than legislatures and policy-makers can address those changes.”
The Framework identifies 12 guidelines to be followed in the deployment of electronic physical security solutions. The guidelines include:
- Conducting privacy impact assessments.
- Implementing privacy-enhancing solutions during the design phase of products, when possible.
- Limiting access to personally identifiable information within an organization to those who have a “need to know.”
- Adopting a security breach notification plan.
Establishing a retention policy for personally identifiable information and a procedure to ensure that such information is destroyed at the time stipulated by the policy.
The full Privacy Framework is available at http://www.siaonline.org/uploadedFiles/SIA/Government_Relations/Privacy%20Framework_v1.pdf.