How to build your privacy protection strategy

Ephrem Tesfai, Sales Engineering Manager META at Genetec, suggests best practices to keep physical security data private.

Securing a business physically involves a lot of data collection & in turn protection, from the video cameras that monitor the property to the access control systems that store cardholder information.

So, what are the best practices to keep physical security data private?

Choosing a long-term loyal partner:
Old privacy protection strategies might not cut it anymore, as cybercrimes are at an all-time high and threat actors are becoming far savvier with their attack methods.

People, whether employees, customers, or the general public, are increasingly aware and concerned about how their personal information is being collected, stored, and used. As a result of such consumer demand, new privacy legislations are coming into effect worldwide to hold businesses more accountable.

The UAE published its first Federal Data Protection Law No. 45 of 2021 (Law), which came into effect on January 2022. As with many UAE laws, the executive regulations (to be shared within the next few months) will cover a great deal of additional detail on the provisions of the Law and assist UAE businesses in understanding their compliance requirements under the concerned Law.

Organizations in the UAE and worldwide today can’t just put in place and forget about their hardening (the practice of reducing a system’s vulnerability by reducing its attack surface) tools and privacy defences. Keeping up with evolving threats and ensuring privacy compliance is the reality of the world we live in and call for constant updating and fine-turning of protection protocols in line with new vulnerabilities and laws.

For all of these reasons, there’s never been a better time to review privacy protection strategy and make sure data and physical security solutions are fully protected.

Step 1: Identify goals and hire the right people:
It’s crucial to hire the right people who can oversee privacy strategies and conduct regular gap analysis in order to identify improvements earlier rather than later. They also are invaluable when mapping out how data is collected, where it’s stored, how long it’s kept, and who has access to it.

In addition, the various types of data to be collected need to be categorized into high, medium and low risk. Equally important is to identify the people outside the organization who might need access to data and asses the level of risk that data processing operations pose to citizen’s rights.

Step 2: Build your data protection strategy
Conducting a gap analysis to identify potential improvements in data processing operations and evaluating existing systems will determine whether they effectively address privacy without draining resources.

Also, it’s invaluable to implement new procedures and document all privacy policies which will aim to educate employees on cybersecurity and privacy best practices. Public transparency around data and privacy initiatives play a key factor as well.

Step 3: Choose the right system and vendor
Get educated about the main tools that vendors offer to help businesses uphold privacy and data protection. Need to bear in mind, that what plays a critical role here is identifying what certifications these vendors have and what steps they are taking when it comes to compliance within privacy legislation.

You also need to assess the level of transparency each vendor provides about their data policies and practices and invest in or upgrade to solutions that are built with Privacy by Design, where privacy features are enabled by default. Also, consider solutions that allow to standardize processes and policies across different regions.

Step 4: Set up the system with privacy in mind
Enable varied layers of defence to protect personal information collected by physical security systems to better define user access and privileges. This can restrict who can log into applications and what they can see or do.

Besides, it’s crucial to implement add-on privacy features, such as video anonymization, so identities in footage appear blurred. Also, automating data retention policies ensures data is automatically deleted as required.

You must invest in a digital evidence management system to securely share information during investigations or whenever is required.

Step 5: Stay alert and effective at maintaining privacy
Stay current with data privacy laws in order to evolve policies and processes as needed. Not only will this help physical security teams keep up with the required firmware and software updates to follow regulations, but it will also allow them to leverage hardening tools to actively monitor cybersecurity compliance.

Also, monitor user activity logs to see who accessed what data, systems, and files at any time and use health-monitoring features to receive automatic alerts for devices going offline or other system vulnerabilities.

Lastly, consider hybrid cloud to streamline access to the latest cybersecurity and data privacy measures.

It just takes one breach to ruin a business, so don’t be that business. While laws and regulations aimed at preventing data breaches and privacy violations are a good idea, they do not provide enough security protection against cyber-attacks. When developing a comprehensive data security and privacy plan, organizations need to take a more proactive approach that focuses on privacy.