Genetec, a technology provider of unified security, public safety, operations and business intelligence solutions, shared practical guidance on how organizations can secure their operations in a way that respects everyone’s privacy.  

To date, 107 countries and several states in the U.S. have established legislation that secures the protection of data and privacy. This follows in the footsteps of the General Data Protection Regulation (GDPR) in Europe, which has issued €1,059,520,456 in fines since its establishment in 2018. Despite that, only 59 percent of organizations say they meet all GDPR requirements. 

“International Data Privacy Day is the perfect time to share what we’ve learned over 25 years; organizations should never have to choose between data privacy and security,” said Christian Morin, chief security officer at Genetec. “As cyber threats and privacy regulations evolve, organizations need to stay vigilant. Security solutions that are built on privacy by design principles, such as our Privacy Protector, enable these organizations to achieve their business goals while maintaining compliance.”

Genetec recommends organizations ensure their security systems respect data privacy by: 

• Establishing privacy governance. Designate a data protection officer to guide strategies and comply with regulations. Map how data is collected and processed, where it’s stored, how long it’s kept, and who can access it. Categorize data in terms of risk. Identify people outside your organization who may need to access your data and assess the risk your data processing operations pose to citizens’ rights.
• Building a data protection strategy. Conduct a gap analysis of data processing operations. Evaluate existing systems’ ability to address privacy without draining resources. Implement new processes as necessary and document your privacy policies and procedures. Educate your entire workforce on cybersecurity and privacy best practices.
• Assessing the capabilities of technology and partners. Proactively seek out those that may offer to help uphold privacy and protection. Inquire about certifications and steps partners and vendors are taking to comply with privacy legislation. Choose solutions built with privacy by design, that enable privacy features by default. Consider solutions that enable you to standardize processes and policies across different regions.
• Building security systems with privacy in mind. Enable multiple layers of defense to protect personal information collected by physical security systems. Define user access to restrict those who can log into applications and what they can see/do. Implement privacy features like video anonymization that blurs identities in footage. Automate data retention policies to ensure data is automatically deleted as required. Leverage a digital evidence management system to securely share information for investigations and citizen requests.
• Remaining vigilant. Stay current on data privacy laws and evolve policies and processes regularly. Leverage hardening tools to actively monitor cybersecurity compliance and keep up with software updates. Monitor user activity logs to check what data, systems and files are being accessed. Activate health monitoring to receive alerts automatically about system vulnerabilities or device failure. Consider a hybrid cloud implementation to streamline access to the latest cybersecurity and data privacy updates.