Business intelligence solutions specialist Genetec has shared practical guidance on how organisations can secure their operations in a way that respects everyone’s privacy.
To date, 107 countries have established legislation that secures the protection of data and privacy. This follows in the footsteps of the General Data Protection Regulation (GDPR) in Europe, on the back of which 1,059,520,456 Euros’ worth of fines have been issued since its establishment in 2018. Despite that, only 59% of organisations say they meet all GDPR requirements.
“International Data Protection Day represents the perfect time to share what we’ve learned over 25 years,” explained Christian Morin, Chief Security Officer at Genetec. “Organisations should never have to choose between data privacy and security. As cyber threats and privacy regulations evolve, organisations need to remain vigilant. Security solutions that are built on privacy by design principles enable organisations to achieve their business goals, while at the same time maintaining compliance.”
Genetec recommends organisations ensure their security systems respect data privacy. They can do so in a number of ways.
Establish privacy governance
Designate a Data Protection Officer to guide strategies and comply with regulations. Map how data is collected and processed, where it’s stored, how long it’s kept and who can access it. Categorise data in terms of risk. Identify people outside of the organisation who may need to access your data and assess the risk your data processing operations pose to citizens’ rights.
Build a data protection strategy
Conduct a gap analysis of data processing operations. Evaluate existing systems’ ability to address privacy without draining resources. Implement new processes as necessary and document all privacy policies and procedures. Educate the entire workforce on cyber security and privacy Best Practice.
Assess the capabilities of technology and partners
Proactively seek out those that may offer to help uphold privacy and protection. Inquire about certifications and steps partners and vendors are taking to comply with privacy legislation. Choose solutions built with ‘Privacy by Design’ that enable privacy features by default. Consider solutions that enable the standardisation of processes and policies across different regions.
Build security systems with privacy in mind
Enable multiple layers of defence to protect personal information collected by physical security systems. Define user access to restrict those who can log into applications and what they can see/do. Implement privacy features like video anonymisation that blur identities in footage. Automate data retention policies to ensure that data is automatically deleted as required. Leverage a digital evidence management system to securely share information for investigations and citizen requests.
Stay current on data privacy laws and evolve policies and processes regularly. Leverage hardening tools to actively monitor cyber security compliance and keep up with software updates. Monitor user activity logs to check what data, systems and files are being accessed. Activate health monitoring in order to receive alerts automatically about system vulnerabilities or device failure. Consider a hybrid cloud implementation to streamline access to the latest cyber security and data privacy updates.
*Further detail on privacy protection initiatives is available online at https://www.genetec.com/trust-cybersecurity