How can security address privacy concerns while increasing protection?

Balancing security and privacy is not a zero-sum game. At Genetec, we believe that organisations should never have to choose between protecting the privacy of individuals and their physical security; privacy should always be the default option rather than the other way around. Protecting personal information is a shared responsibility. End users should work with technology vendors that develop tools based on privacy by design principles including encryption, authentication, security, person blurring, built-in video redaction tools, and secure user management. Integrators should configure systems correctly and train end users on how to operate them in a way that respects privacy. And operators should be trained on internal processes to ensure data is protected and can’t be accessed without proper authorisation. Combining powerful tools and responsible practices, today’s physical security solutions should deliver privacy and security simultaneously to build public trust and ensure compliance with evolving privacy laws.

It’s understandable that security systems can raise concerns over privacy; we all want to ensure our personal information is protected and can’t be abused. Luckily, the technology has reached a stage where it can intelligently mix secure protection with the privacy of the individual. A good example of this is the pixelation of people’s faces and windows in CCTV images to protect the identity and privacy of individuals captured in the footage. If a suspect needs to be viewed, that is no problem, but the anonymity of everyone else is protected. On the access control front, biometric details (which of course are very personal) can be stored on the cards held by staff rather than in a reader, using a one-to-one match rather than one-to-many. The biometric details are not stored on the network; instead, the person always keeps these records with them for additional peace of mind.

There has been an ongoing debate surrounding privacy versus security, but it is possible to achieve both. Individual privacy concerns often center around the natural worries of where the data is going and who will see it. To remove these concerns, video security needs to utilise methods that do not rely on factors such as an individual’s face to function. Alternatives to facial recognition technology, such as similarity and appearance searching, noise detection, and identifying anomalous behavior, are effective methods to retain the privacy of individuals while still prioritising security. If video surveillance is the preferred option, opting for a cloud-based system will ensure that the content is only accessible to the security administrator and not the software provider or other third parties. This means that any information used for post-event investigations does not mine the faces of the people it records and preserves the privacy of those captured.

Minimising the amount of personal information collected is central to protecting the privacy within safety activities. Security teams can implement privacy protections in various ways, including using static masking technology to pixelate areas outside of needed surveillance areas and using dynamic masking to pixelate objects linkable to specific individuals, allowing identification only when necessary. Limiting the use of facial recognition systems to areas verifiably necessary, keeping identifiable images for the least amount of time necessary, per policies, and limiting access to the data collected to select personnel can also minimize the collection of personal information while increasing protection. Finally, strongly encrypting surveillance data in transit and storage, and not allowing data collected for safety purposes to be used for anything else are important ways to improve both security and privacy.

In the United States, there aren’t yet clear guidelines for how security companies need to be handling the data they collect. That's why it is crucial to ensure the security companies you choose to work with are managing data privacy in an ethical way and to start putting pressure on others to do the same. For example, some software offers an anonymisation feature that can mask people's identities while still detecting suspicious activity. Anonymisation neutralises the data, removing any link it has to an individual person, thus helping to protect their private information.