In a time of digital transformation and big data, privacy has never been a bigger concern.
An Introduction
There seems to be no limit to the number of devices connected to our networks. As internet connectivity becomes more widespread and affordable, more of us can connect everyday items, including phones, alarm systems, and lighting equipment, to our networks.
But while this improves accessibility and usability, it also increases system vulnerability by providing more network connections to attack. Cybercriminals, in turn, are taking advantage of these vulnerabilities, and human errors and failure to implement best practices (using weak passwords, sharing personal credentials, clicking on suspicious links, etc.), to tap into the data that all of these devices are collecting.
In Australia and further afield, this has led to increased concerns about data privacy and driven heightened awareness of data collection and retention. A range of initiatives have been borne out of that, from federated digital identity, to sweeping Privacy Act reforms.
This is reflective of a clear expectation by people that in our increasingly connected world, privacy not only needs to be protected, but it needs to be a design feature of interconnected systems and infrastructure.
Physical security operations and teams are embracing these trends and technology directions.
Governments and private businesses frequently collect sensitive data from individuals using the spaces in and around their facilities. Surveillance footage, photos, access control data, and license plate recognition are all ways that vital digital information is acquired to protect people and assets.
Continued collection of this data is only under threat in circumstances where operators fail to make privacy protection a cornerstone of their security policies and approach to data collection. People – whether employees, customers, or the public – have the right to know how their personal information is collected, stored, and used.
To ensure the integrity of the data they collect, organisations need to develop their security strategies with intent and purpose. Organisations that don’t do this risk privacy becoming an afterthought – and at that point, their social licence to operate physical security infrastructure may quickly evaporate.
Tooling Up To Meet a Compliance Baseline
There’s growing pressure on business leaders to protect the confidentiality, integrity, and availability of personally identifiable information. This reiterates the heightened importance that physical security leaders, CIOs, and other IT departments work together to conform to legislative requirements in the first instance.
Achieving compliance usually involves labour- and time-intensive tasks, including revising and implementing corporate policies, auditing procedures and systems, and re-investing in new technologies. Many organisations are currently struggling to find the staff and resources necessary to support privacy policies.
To complicate the issue, businesses can be held liable for costs incurred by customers and other third parties as resulting from a cyberattack or other IT-related incident. Regulations around the world require businesses and organisations to protect consumer data or risk incurring substantial fines should a data breach occur. In Australia, penalties are up to $50 million or 30% of a company’s adjusted turnover. Also, large-scale data breaches have led to class-action lawsuits filed on behalf of customers whose data and privacy were compromised. The test cases for this are still before the courts in Australia, but this is a position no organisation wants to be in.
In the world of physical security, this is leading to greater focus from top-level management on implementing solutions that prioritise both cybersecurity and privacy compliance.
A unified approach to cybersecurity and data protection can simplify processes and keep compliance costs down. Such an approach allows organisations to streamline data protection and privacy policies across their entire network and adapt to evolving threats and mandates.
Key Initiatives to Achieve Best-practice Outcomes
More broadly, to mitigate risks organisations need a single strategy built on strong cybersecurity and privacy principles that work for them today and into the future.
When designing a comprehensive data protection and privacy strategy, it’s best practice to aim higher than the current legislative requirements.
One way to do this is by adopting a privacy-by-design approach – centering on the principle that respect for individual privacy is the foundation of responsible and innovative design. By proactively embedding that into IT systems, networked infrastructure, and business practices from the first line of code to third-party vendors.
For physical security teams, that means selecting both devices and management tools that allow the gathering and management of data, including video, while supporting privacy laws by making data and privacy protection features accessible and configurable.
Ensuring security without compromising privacy is essential. Governments, businesses, and technology vendors must work collaboratively to develop and implement strategies that prioritise both cybersecurity and privacy protection.
By adopting a privacy-by-design approach and selecting technologies that inherently support privacy regulations, organisations can protect sensitive data while maintaining compliance with evolving laws.