To celebrate Data Privacy Day, Genetec Inc. is sharing some practical guidance on how organisations might secure their operations in a way that respects everyone’s privacy.
To date, 107 countries and several states in the U.S. have established legislation that secures the protection of data and privacy. This follows in the footsteps of the General Data Protection Regulation (GDPR) in Europe, which has issued €1,059,520,456 in fines since its establishment in 2018. Despite that, according to Genetec’s findings, only 59% of organisations say they meet all GDPR requirements.
“International Data Privacy Day is the perfect time to share what we’ve learned over 25 years; organisations should never have to choose between data privacy and security,” said Christian Morin, Chief Security Officer at Genetec Inc. “As cyber threats and privacy regulations evolve, organisations need to stay vigilant. Security solutions that are built on privacy by design principles, such as our Privacy Protector, enable these organisations to achieve their business goals while maintaining compliance.”
In order to help organisations ensure their security systems respect data privacy Genetec makes the following recommendations:
Establishing privacy governance: Designate a Data Protection Officer to guide strategies and comply with regulations. Map how data is collected and processed, where it’s stored, how long it’s kept, and who can access it. Categorise data in terms of risk. Identify people outside the organisation who may need to access internal data and assess the risk that data processing operations pose to citizens’ rights.
Building a data protection strategy: Conduct a gap analysis of data processing operations. Evaluate existing systems’ ability to address privacy without draining resources. Implement new processes as necessary and document your privacy policies and procedures. Educate the entire workforce on cyber security and privacy best practices.
Assessing the capabilities of technology and partners: Proactively seek out those that may offer to help uphold privacy and protection. Inquire about certifications and steps partners and vendors are taking to comply with privacy legislation. Choose solutions built with Privacy by Design, that enable privacy features by default. Consider solutions that enable standardised processes and policies across different regions.
Building security systems with privacy in mind: Enable multiple layers of defence to protect personal information collected by physical security systems. Define user access to restrict those who can log into applications and what they can see/do. Implement privacy features like video anonymisation that blurs identities in footage. Automate data retention policies to ensure data is automatically deleted as required. Leverage a digital evidence management system to securely share information for investigations and citizen requests.
Remaining vigilant: Stay current on data privacy laws and evolve policies and processes regularly. Leverage hardening tools to actively monitor cyber security compliance and keep up with software updates. Monitor user activity logs to check what data, systems and files are being accessed. Activate health monitoring to receive alerts automatically about system vulnerabilities or device failure. Consider a hybrid cloud implementation to streamline access to the latest cyber security and data privacy updates.