What you need to know about data privacy
According to the United Nations, 137 countries around the world have put in place legislation to secure the protection of data and privacy. That represents almost 71% of countries worldwide. Another 9% have draft legislation, meaning that 80% of the world is actively mandating that businesses take measures to protect personal information.
In a world where personal information is collected and commoditized all the time, people want more protection rights for their data. Various government agencies are recognizing demands and are stepping up to hold businesses more accountable.
Below, we’re sharing some of the newest privacy laws in regions around the world, and what you can do to keep your physical security data protected and secure.
The latest privacy legislations around the world
The General Data Protection Regulation (GDPR) was one of the first official data protection acts in Europe. Since then, countries, states, and regions have followed suit, enacting their own legislation to give people power over their data. Also, making sure organizations are being held accountable for their data use practices.
Global privacy laws are only growing. While you might think you’re doing everything right to comply with data protection and privacy mandates, it’s important to stay up to date because legislations are continuously evolving.
Here are some of the most recent privacy legislation changes:
In Thailand, the Personal Data Protection Act 2019 came into effect in June 2021. It’s the very first law dedicated specifically to data privacy in the country and is heavily influenced by the GDPR, where non-compliance can cost organizations up to 4% of global turnover and even jail time.
Key obligations include getting consent for data processing, preventing unauthorized access to personal data, transferring data only to countries with high privacy standards, and respecting user rights.
In Canada, the Digital Charter Implementation Act (DCIA) 2022, now known as Bill C-27, proposes reform to the existing Personal Information Protection and Electronic Document Act (PIPEDA), with three pieces of legislation. These include the Consumer Privacy Protection Act (CPPA), the Personal Information and Data Protection Tribunal Act (PIDPTA), and the Artificial Intelligence and Data Act (AIDA).
While the DCAI 2022 has been tabled for now, the changes will impact Canada's private sector privacy law and provide new rules for the responsible development and deployment of artificial intelligence (AI).
Staying a step ahead, the province of Quebec has enacted their own comprehensive framework: An Act to modernize legislative provisions for the protection of personal information. For businesses, the new provisions include everything from designating a person in charge of data protection and reporting confidentiality incidents to the Commission d’accès à l’information (CAI) du Québec, to notifying the CAI before implementing any biometric technologies.
In the US, the California Consumer Privacy Act was the first and most forward-thinking legislation in the country. But there are already amendments and expansions being proposed under the new California Privacy Rights Act (CPRA) which is set to come into effect in January 2023.
Other states including Utah, Colorado, Connecticut, Virginia, Pennsylvania, New Jersey, and Ohio, have also followed suit, having either implemented their own laws or are currently in the process of passing new privacy regulations.
Most recently, the American Data and Privacy Protection Act (ADPPA) went under review in the United States. This aims to provide a first-ever, federally mandated data privacy framework for the country.
In the United Kingdom, the UK GDPR and the Data Protection Act 2018 are the main pieces of data protection legislation. But in late 2021, the UK government began re-assessing existing laws under a formal consultation called “Data: A new direction.” Months later, in June 2022, they announced that reforms to UK’s privacy legislation were on the horizon, stating:
“The reforms proposed in the consultation provide an opportunity for the UK to reshape its approach to regulation outside of the EU and seize opportunities with its new regulatory freedoms.”
These are a mere glimpse of the changes to international data privacy laws. From New Zealand and South Africa to Bahrain and India, countries in every corner of the world are taking privacy matters seriously and making amendments that businesses need to keep up with.
How can I start protecting my organization’s physical security data?
For your security team, protecting people and assets sometimes requires collecting personal data. This happens when using video surveillance, check-in kiosks, security checkpoints with biometrics technology, automatic license plate recognition, intrusion detection, and tracking systems.
While all data protection and privacy laws have unique mandates, it’s important to assess your data usage and the policies you have in place. This can include asking questions such as: what types of data are we collecting? How are we collecting it? Where is all our data being stored? Who is accessing our data? With whom and how are we sharing our data?
As you consider these questions, here are a few things to prioritize:
-
Hire a data protection officer to assess data practices and policies, overseeing regulatory compliance.
-
Keep up with industry and government privacy mandates to ensure the ways in which you manage, transmit, and store your physical security data always meet the standards.
-
Leverage built-in cybersecurity tools such as strong encryption to protect data in transit and being stored.
-
Choose security products that give you full control and visibility over who has access to your data, and who can manage the accessibility.
-
Implement video anonymization tools to monitor and share physical security information while respecting individuals’ privacy.
Stay on top of compliance right from the start
If you’re shopping for a new physical security solution, you’ll want to consider options that have privacy integrated right from the start—known as Privacy by Design.
Privacy and cybersecurity should be the default mode of operation for all organizations. When your physical security solution is designed from the ground up with privacy in mind, you don't have to choose between protecting the privacy of individuals, and your organization’s physical security.
“People often approach security and privacy in a zero-sum manner. You can only have a positive gain in one area, always at the loss of the other. This either-or, win-lose, zero-sum model is so dated. Throw it out the window. The term privacy assumes a much broader scope of protection than security alone. If you don't have a strong foundation of security from end to end, with a full lifecycle of protection in this day in age of daily hacks, you're not going to have any privacy.”
- Dr. Ann Cavoukian, Executive Director at Global Privacy and Security by Design
How data privacy and cybersecurity go hand-in-hand
According to the 2022 State of Physical Security report, 49% of respondents said that their organization implemented an improved cybersecurity strategy.
While many already have cybersecurity and privacy measures deployed, cybersecurity concerns continue to rise and are a top factor slowing the adoption to new technology. Just under two thirds of respondents said that cybersecurity-related tools will still be a focus in 2023.
Here are a few tools and strategies to keep your cyber hygiene strong:
Invest in a unified security strategy: Using a unified platform, you won’t have to waste time checking different solutions to ensure cyber hygiene or track your system’s health status. Instead, you’ll be able to stay in control of the data from all your systems through a single interface.
Automate your video and data retention: Keeping sensitive information longer than you need goes against many new privacy laws and exposes your organization to unnecessary risk. Instead, automate retention schedules to track how long files are kept and ensure compliance with policies.
Simplify software and device maintenance: Invest in security solutions that alert you to software and firmware updates, so you always have the latest defense against vulnerabilities. Having a system that prompts you to automatically rotate passwords also helps strengthen cyber resilience.
What’s Privacy Protector?
The KiwiVision™ Privacy Protector module of Security Center, ensures the privacy of individuals when monitoring or sharing video surveillance.
Privacy Protector dynamically masks the identity of individuals in live and recorded video. This way, your operators only see what they need to see, preventing unnecessary intrusions of privacy. Using permissions, you can also easily control which operator can review the original footage.
If an incident occurs, authorized operators with specified access rights can view the unmasked video directly from the Security Center platform. The original recording can also be encrypted using security certificates to prevent unauthorized access.