i-PRO Shares Privacy Tips for International Data Privacy Day 2024
i-PRO Co., Ltd. (formerly Panasonic security) a global leader in professional security solutions for surveillance and public safety, today shared tips on protecting the privacy of data captured from video surveillance systems. According to the United Nations Conference on Trade and Development, 137 out of 194 countries have put in place legislation to secure the protection of data and privacy. This trend is expected to accelerate this year as legislation is introduced around the ethical use of AI.
“Privacy by design is a core tenet of i-PRO’s business philosophy. Recognizing Data Privacy Day on January 28th is a great reminder that data privacy needs to be top of mind whether you are an end-user, integrator, or manufacturer of physical security systems,” said Hiroshi (Huey) Sekiguchi, CMO, i-PRO Co., Ltd.
As more data privacy laws go into effect around the world, organizations that have not properly protected sensitive data risk significant fines in addition to a potential erosion of trust with employees and customers. Some best practices for ensuring video surveillance systems meet or exceed data privacy standards include:
Prioritize privacy by design
Protecting data privacy can’t be an add-on feature. Look for manufacturers that consider privacy in their designs from conceptualization. A key part of any design should make it easy for integrators and end users to comply with regulations as they continue to evolve. The demands may vary widely across different geographies. Make sure any solution you choose has the flexibility to adapt. Ensure your system providers’ partners are properly certified so there is no weak point in the chain.
Find a balance between privacy and effectiveness
People need to know they are protected, but not to a point where they are uncomfortable with how their personal identifiable information might be used or viewed. Transparency builds trust. Organizations should consider displaying redacted streams that mask the faces of individuals in public view monitors that both employees and customers can see. An application such as i-PRO’s AI Privacy Guard, for example, automatically masks the face or body of individuals within the camera, enabling both redacted and non-redacted output streams. Non-redacted streams should be viewable only by authorized personnel. Taking these sorts of steps demonstate that although surveillance is taking place, individual privacy is actively being respected.
Have a privacy code of conduct
Put in place a code of conduct for your organization that includes a reference to your data privacy policies. Familiarize yourself with data privacy laws and regulations relevant to your region, such as GDPR in Europe, CCPA in California, or other local legislation. Ensure your systems and policies are compliant. Train staff thoroughly and repeatedly on data privacy policies and practices. They should understand the importance of protecting personal data and know how to do so in their daily work. Be transparent about data collection practices, informing individuals about what data is being collected, why it is being collected, and how it will be used.
Educate stakeholders on the differences between AI, analytics, and facial recognition
People often confuse AI with analytics, but they're distinct. AI is used in the video industry to enhance analytics and analysis capabilities, such as detecting humans and vehicles. Analytics, on the other hand, typically refers to the process of analyzing what a detected object is doing. For video security systems, it’s essential to understand that the descriptive metadata an AI-based camera captures is composed of anonymous data about the humans they detect. Most importantly, AI does not equal facial recognition. Facial recognition is a specific, focused function which has distinct privacy implications, while most AI implementations do not. And while facial recognition might be improved with some AI-based techniques, facial recognition has had its own separate evolution distinct from AI.
Encrypt data in transit and at rest
Encrypting video data, both in transit and at rest, is crucial for maintaining data confidentiality and integrity. For data in transit, common methods include TLS/SSL encryption. Used by HTTPS, this encrypts the data between the client and the server to ensure video data cannot be easily intercepted by unauthorized parties. Secure real-time transport protocol (SRTP) is another widely supported method to encrypt video and audio streams. For data at rest (storage), methods include the advanced encryption standard (AES) or similar algorithms. Many cloud storage providers offer built-in encryption for data at rest which includes both server-side and client-side encryption. Proper key management is crucial for both types of encryption. Keep security systems, including software and hardware, up to date. Regular updates and patches protect against vulnerabilities that could be exploited to access data.
Limit access to sensitive data and store only information that is required
Grant access to data only to those who require it as part of their job. Review access rights regularly so privileges align with user requirements. Use a service such as Microsoft Active Directory to automate the addition/deletion of user accounts to help reduce human error when managing rights and privileges, or when removing users who are no longer with the company. Manage and control data that is no longer required to reduce risk in the event of a breach. Make sure your data retention policy follows any necessary regulations for your organization and either archive or dispose of it securely when it's no longer needed.