i-PRO Co., Ltd. (formerly Panasonic Security) a global pioneer in professional security solutions for surveillance and public safety shared tips on protecting the privacy of data captured from video surveillance systems.
According to the United Nations Conference on Trade and Development, 137 out of 194 countries have put in place legislation to secure the protection of data and privacy. This trend is expected to accelerate in 2024 as legislation is introduced around the ethical use of AI.
Data Privacy Day
“Privacy by design is a core tenet of i-PRO’s business philosophy,” said Hiroshi (Huey) Sekiguchi, CMO, of i-PRO Co., Ltd.
"Recognising Data Privacy Day on January 28th is a great reminder that data privacy needs to be top of mind whether you are an end-user, integrator, or manufacturer of physical security systems."
Best practices
As more data privacy laws go into effect around the world, organisations that have not properly protected
As more data privacy laws go into effect around the world, organisations that have not properly protected sensitive data risk significant fines in addition to a potential erosion of trust with employees and customers.
Some best practices for ensuring video surveillance systems meet or exceed data privacy standards include:
Prioritise privacy by design
Protecting data privacy can’t be an add-on feature. Look for manufacturers that consider privacy in their designs from conceptualisation. A key part of any design should make it easy for integrators and end users to comply with regulations as they continue to evolve.
The demands may vary widely across different geographies. Make sure any solution the user chooses has the flexibility to adapt. Ensure user system providers’ partners are properly certified so there is no weak point in the chain.
Find a balance between privacy and effectiveness
People need to know they are protected, but not to a point where they are uncomfortable with how their personally identifiable information might be used or viewed. Transparency builds trust.
Organisations should consider displaying redacted streams that mask the faces of individuals in public view monitors that both employees and customers can see.
- i-PRO’s AI Privacy Guard
i-PRO’s AI Privacy Guard, for example, automatically masks the face or body of individuals within the camera
An application such as i-PRO’s AI Privacy Guard, for example, automatically masks the face or body of individuals within the camera, enabling both redacted and non-redacted output streams.
Non-redacted streams should be viewable only by authorised personnel. Taking these sorts of steps demonstrates that although surveillance is taking place, individual privacy is actively being respected.
Have a privacy code of conduct
Put in place a code of conduct for user organisation that includes a reference to user data privacy policies. Familiarise with data privacy laws and regulations relevant to the region, such as GDPR in Europe, CCPA in California, or other local legislation.
Ensure user systems and policies are compliant. Train staff thoroughly and repeatedly on data privacy policies and practices. They should understand the importance of protecting personal data and know how to do so in their daily work. Be transparent about data collection practices, informing individuals about what data is being collected, why it is being collected, and how it will be used.
Differences between AI, analytics, and facial recognition
People often confuse AI with analytics, but they're distinct. AI is used in the video industry to enhance analytics and analysis capabilities, such as detecting humans and vehicles.
Analytics, on the other hand, typically refers to the process of analysing what a detected object is doing. For video security systems, it’s essential to understand that the descriptive metadata an AI-based camera captures is composed of anonymous data about the humans they detect.
- Distinct evolution
Facial recognition is a specific, focused function that has distinct privacy implications
Most importantly, AI does not equal facial recognition. Facial recognition is a specific, focused function which has distinct privacy implications, while most AI implementations do not.
And while facial recognition might be improved with some AI-based techniques, facial recognition has had its own separate evolution distinct from AI.
Encrypt data in transit and at rest
Encrypting video data, both in transit and at rest, is crucial for maintaining data confidentiality and integrity. For data in transit, common methods include TLS/SSL encryption.
Used by HTTPS, this encrypts the data between the client and the server to ensure video data cannot be easily intercepted by unauthorised parties. Secure real-time transport protocol (SRTP) is another widely supported method to encrypt video and audio streams.
- Advanced encryption standard (AES)
For data at rest (storage), methods include the advanced encryption standard (AES) or similar algorithms. Many cloud storage providers offer built-in encryption for data at rest which includes both server-side and client-side encryption. Proper key management is crucial for both types of encryption.
Keep security systems, including software and hardware, up to date. Regular updates and patches protect against vulnerabilities that could be exploited to access data.
Limit access to sensitive data
Microsoft Active Directory to automate the addition/deletion of user accounts to help reduce human error
Grant access to data only to those who require it as part of their job. Review access rights regularly so privileges align with user requirements.
Use a service such as Microsoft Active Directory to automate the addition/deletion of user accounts to help reduce human error when managing rights and privileges, or when removing users who are no longer with the company.
Store only information that is required
Manage and control data that is no longer required to reduce risk in the event of a breach.
Make sure the user data retention policy follows any necessary regulations for the user organisation and either archive or dispose of it securely when it's no longer needed.