By Andrew Elvish
As technology advances and our lives become more intertwined with digital devices, the amount of personal information collected by various systems has grown exponentially. Physical security systems and Internet of Things (IoT) devices collect massive amounts of data every single day. This data can provide a much more detailed portrait of people, places, and events than was previously possible.
However, in this increasingly interconnected world, concern for privacy has become a pressing issue. It may seem like we have to choose between our personal privacy and our safety and security, yet this is a false dichotomy.
It’s possible to find a balance between privacy and security. By embracing innovative technologies and adopting a Privacy by Design approach, we can protect our privacy without compromising our safety.
Privacy by design
Physical security and privacy don’t have to be at odds. One of the great thinkers on this topic is Dr. Ann Cavoukian, who coined the term “Privacy by Design.” Cavoukian is the Executive Director at Global Privacy & Security by Design Centre and one of the world’s leading experts on privacy.
Cavoukian promotes a pragmatic approach:
- Protect privacy by default
- Design systems from the first lines of code to ensure data confidentiality
- Provide access to personal information only when necessary
The concept of privacy can be understood in different ways. From a security perspective, data privacy means controlling how personal information is being collected, stored, accessed, and used. By considering user needs, identity management, and data handling throughout the design process, we can create systems that protect privacy and don’t compromise safety and security.
Surveillance and data collection systems designed with the Privacy by Design philosophy anonymize personal information by default. Privacy masking can be removed in specific circumstances, based on well-defined rules and requirements. For example, some companies have a “four eyes” policy. It requires at least two authorized people to approve a request to access unblurred video footage or other sensitive information.
Regulations protect privacy
Privacy is an essential human right. In exceptional circumstances, such as a credible threat to safety, most people are willing to give up some degree of privacy. Yet just because we’re willing to do this sometimes doesn’t mean we agree to be monitored everywhere, all the time.
According to the United Nations, 137 countries around the world have put in place legislation to secure the protection of data and privacy. That represents almost 71% of countries worldwide. Another 9% have draft legislation, meaning that 80% of the world is actively mandating that businesses take measures to protect personal information.
Government regulations play an important role in addressing privacy concerns. Implementing guidelines and requirements restricting the collection, processing, and access to personal data establishes a baseline standard.
Regulations may require explicit consent to collect and process personal data, limit data retention periods, empower individuals to view their own data, or require organizations to protect the personal data they collect. The increasing global focus on privacy regulations is a positive development for anyone who has concerns about the collection and sharing of personal information.
Acquiring digital information: necessity vs. privacy
At its core, one of the main purposes of security is to keep people, data, and assets safe and operations moving smoothly – to protect the everyday. Most of our days are spent engaging in routine activities like going to work, shopping for groceries, driving to school, going to the airport for a flight, or simply meeting for coffee. However, sometimes an event disrupts the predictable rhythms of our everyday life.
If there was a threat or a bad accident, we would want someone to have the information they need to help. In the aftermath of an incident, we want police and other emergency response teams to do everything within their power to respond quickly and effectively. The goal is to get back to “normal” as fast as possible.
To balance the individual’s desire for privacy with the occasional necessity to access personally identifiable information, modern security systems offer a multi-layered approach. For example, video streams blur identifying details by default, but security teams can still see it if something unexpected happens. If the circumstances warrant, investigators can view the full resolution footage—but only what is needed to respond effectively.
The limitations of older technologies may have contributed to the false belief that privacy and security are mutually exclusive. Over time, the dialogue around privacy and security has evolved, driven by technological advancements and societal discussions.
New technologies offer an opportunity to redefine this relationship. As we continue to have conversations about privacy, technology both shapes and is shaped by these discussions. By embracing Privacy by Design, we actively contribute to this evolution, demonstrating that privacy and security aren’t conflicting goals but rather interconnected objectives.
Transparent data policies build trust
While system design and mandated regulations play a key role in ensuring privacy, many organizations are going beyond regulatory requirements. Privacy regulations establish a minimum standard for how personal data should be stored and managed, but companies can do more than the minimum.
It’s important to assess your data usage and the policies you have in place. This includes asking questions such as: what types of data are we collecting? How are we collecting it? Where is all our data being stored? Who is accessing our data? With whom and how are we sharing our data?
Organizations can prioritize privacy protection in their security policies and select solutions that are hardened against cyber threats. By seeking out these solutions, they encourage prioritization of privacy features and further collaboration between vendors who develop tools with built-in privacy protection.
Privacy and public safety aren’t mutually exclusive and can coexist. By consciously considering privacy from the outset, we can create products and policies that strike the necessary balance between privacy and security. This results in stronger relationships with our customers and stakeholders built on trust and transparency.
About The Author Andrew Elvish is a columnist, explorer, and the Vice President of Marketing and Product Management at Genetec. Andrew has over 20 years’ experience in the software industry and will surprise you with his knowledge of great restaurants all over the world.
See more articles on: GenetecSource: genetec.com