Ensuring GDPR compliance in video surveillance

Ensuring GDPR compliance in video surveillance
With the amount of data being generated worldwide continuing to increase and their security becoming a highly sensitive issue, directives like the General Data Protection Regulation (GDPR) would help in protecting personal information. That said, systems integrators (SIs) and solution providers in the security industry need to be fully aware of the implications of this new set of rules.

The key here is to note that video surveillance is no longer just about capturing footages. The arrival of artificial intelligence (AI)-based analytics and object-identification systems help authorities access massive amounts of information that would need to be protected under the new regulation. Speaking to asmag.com, industry experts elaborated on this.

“GDPR centers around the protection of personal data,” explained Dave Seesdorf, Principle Product Manager of Security Products at Seagate Technology. “I believe that new AI technologies such as facial recognition, license plate numbers and registration, precise geolocation of an individual, data mining and aggregation, etc., fall into the category of personal data.  Since the EU is implementing GDPR it would make sense that surveillance data contains personal data and should be protected accordingly. Since data encryption is one tool considered in privacy by design it may be a best practice for surveillance data protection.”

With a range of data protection measures that include hardware-based encryption systems and global standards-compliance, Seagate hard disk drives offer systems integrators an ideal option to protect their data. Other major security solution providers are taking similar steps.
Alan Ataev,
Global Sales Director, 
AxxonSoft

How the security industry is responding

Zhang Junchang, Director of Cybersecurity Product Line of Dahua Technology, said that Dahua is committed to helping users to realize effective, safe and regulations-compliant processing of personal data. The company has established a team for personal data protection, consisting of legal experts, personal data protection experts, network security experts, etc. Having prioritized GDPR requirements, and with a strong knowledge of customer-requirements, Dahua has created personal data protection design specifications for its products. It has in place a system that offers comprehensive assessment of the personal data protection capability of its products and services.

Alan Ataev, Global Sales Director at AxxonSoft, added that they are providing their customers with masking technologies and general recommendations. Others point to cybersecurity suites that are part of their offering. Robin Hughes, Sales Director at Secure Logiq, said that their in-house automated cybersecurity management ensures that their global customer surveillance estates are secure, optimized and fully operational at all times.

“Firewalls, software security suites and many other software-based security measures are not failsafe, and the video surveillance integrator needs additional tools to detect and respond to security breaches as they occur,” Hughes said. “Intuitive intelligent algorithms seek out system vulnerabilities and advise how to lock down against cyber-attack and can automate the process at the click of a mouse. Vulnerabilities are identified by decoding different network protocols that devices on the network use and presenting the results in a human-readable form. We only utilize enterprise components from trusted sources and offer encryption at every level including encrypted hard drives so that data from lost, stolen or retired products is of no use to any external party.”
Zhang Junchang,
Director, Cybersecurity,
Product Line,
Dahua Technology

What You Should Know

Encrypting personal data is of paramount importance as GDPR and other data protection and cybersecurity regulations come into force. Elaborating on the steps that should be taken to ensure end-to-end security of data, Jean-Philippe Deby, Business Development Director for Europe at Genetec, added that apart from encryption, the right firmware, authentication of devices, authentication of users, etc., come into play.

Danny Lim, Head of Global Surveillance Presales for Video Surveillance Segment at Seagate Technology, suggested that the video surveillance industry appears to be still learning and trying to find solutions on how to comply with the GDPR as they roll out in Europe.

“But one thing that is clear now is every deployment would need to be justified with a purpose and GDPR gives more power to the user regarding the request to retrieve the video and request to erase the video as needed,” Lim said. “All video surveillance operators would need to comply with this new request, and video surveillance solution providers would need to review their functions to support and address the requirements moving forward like privacy masking, secure erasure of video, etc.”

Ultimately, as Seesdorf had pointed out, the video surveillance data that becomes relevant under GDPR is that which is generated by analytics that makes use of biometric technology. Agreeing with this, Hughes added that many software solutions today can accurately identify age, gender, size, weight as well as identify the facial characteristics of known offenders or suspects.

Security Begins at the Storage

As we have seen SIs would have to keep in mind that the data their installations generate is protected. This security begins at the hard disk drives (HDD) which can utilize hardware-based encryption technology, is manufactured through a secure supply chain, offers safe data retirement options, and complies with recognized international standards like Common Criteria Certification.
Share to:
Comments ( 0 )