India does not have regulations to protect the citizens' privacy from intrusive CCTV systems. This creates a lot of problems for solution providers and their customers.
On July 19, 2021, India woke up to scandalous news of authorities spying on top journalists, politicians, and activists using an Israeli software program. Outrage followed, both online and offline. Petitions were filed at the Supreme Court. But after a bit of uproar for a few days, it became old news like everything else.
Privacy is a sensitive topic in developed economies, being a part of almost every technology sector. The physical security industry has had to take several steps to ensure surveillance cameras don't violate privacy. Regulations like GDPR in Europe oversee different sectors, including physical security, to ensure technology remains non-intrusive.
But this isn't the case in India. Despite CCTV cameras becoming ubiquitous, there are no effective regulations to protect people's privacy. Police departments in different states have given some guidelines on using cameras, but these primarily focus on the need to install cameras for security.
This is the humongous elephant in the room for the Indian security industry. Everyone knows this. But no one really talks about it.
Privacy? Yes, we have strong cybersecurity!
The most horrifying thing is that many people in the Indian security industry are unsure what the term privacy refers to. If you ask them about privacy concerns, the first answer you get would be about hackers, malware, and the need for changing the default password.
According to Siddharth Mehta, Director of ATOS
, most integrators and end customers are unaware of the need to ensure privacy. Integrators especially have a tough time because of the fragmented nature of the Indian market and lack of standardization.
"Most of them don't think about it," Mehta said. "It's because there are no guidelines or training on this. Even though a few OEMs provide training, the measures are hardly put into practice. Most of them are not even aware of how far away a camera should be placed or at what height and focal length. Most of it is just guesswork."
Also read: How cyber-ready is India's physical security industry?
Integrators setting their own standards
Fortunately, a few integrators set their own standards and guidelines to advise customers on the need for privacy. Sandeep Patil, Founder of Securizen
, explains that this helps in many verticals, especially in the commercial segment.
"As an installer, we do provide some guidelines to the customers," Patil said. "For example, in an apparel retail store, there shouldn't be cameras installed near the trial rooms. In a hospital, we tell them not to install in the surgery areas or the changing rooms.”
“These are some guidelines we provide to the customer,” Patil continued. “But perhaps the bigger problem is that as far as the public is concerned, they don't have any objection, primarily because of lack of awareness. If surveillance footage is misused, it can be a significant problem. But only when a crisis arises do people talk about it."
IT policies helping high-end customers
Some high-end customers have their own IT-related privacy policies that extend to physical security systems as well. Sudhindra Holla, Director for India and SAARC at Axis Communications
, explained that privacy is a topic they discuss with their customers, but its implementation depends on the end users' corporate policies.
"How these policies are really put into practice depends on the organization," Holla said. "From a discussion point of view, the topic does come up. How should privacy be managed? Are there policies in place? How can we mask out individuals? How can we pixelate individuals' faces so that they are not visible in the footage?"
The scenario is slowly evolving, according to Holla. Many large companies, especially those in the IT and ITES sectors, have cybersecurity, safety, and physical security policies. But smaller companies are still lagging in setting up policies and enforcing them.
Lack of standardization hurting the market
To make things more complicated, the lack of standardization in the integration industry makes it difficult for customers to ensure that the work is done by a professional who knows the importance of privacy.
"As far as CCTV goes, there are no such regulations," Patil explained. "And the most challenging part is that people like electricians, or those who are not experts in the field are also doing the installation. So, it's tough for the customer to identify qualified people they can hire because it's all a price-sensitive market with limited standardization."
Standardization shouldn't be limited to integrators alone, either. As of now, India hardly has any kind of independent quality control over surveillance products. Ironically, the very devices that are meant to protect people are not really monitored for their performance.
The need for stricter regulations
Ultimately, the biggest problem is that there are no regulations in place for privacy protection. There are decent regulations in the fire safety area, but nothing that covers video surveillance systems.
Holla feels that such regulations will come in at some point as the industry evolves. But the question that remains is how long the market will have to wait for it.