Presentation with Antoinette King of Axis Communications, sponsored by the Security Industry Association and Security System News on the misunderstood and symbiotic relationship between privacy and security and video surveillance in particular.
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Privacy and video surveillance: Advanced technology and best practices protecting people, property and personal data
1. Privacy and video surveillance: Advanced
technology and best practices protecting
people, property and personal data
Presented by:
Antoinette King - Key Account Manager, Axis Communications
Salvatore D’Agostino - CEO IDmachines, Co-Founder OpenConsent
IN PARTNERSHIP WITH
PRESENTS
6. Domain of
Privacy 2.0
Domain of
Privacy 1.0
Data
control
Data
transparency
Data protection
Terms and
conditions
Privacy
notices
Notification
& breaches
Most encryption techniques
Identity
Openness,Usability,Relevance
12. Legislation pertaining to biometric data privacy
> State of Illinois – requires private
entities to get written permission to
collect biometric data and full usage
disclosure.
> State of Washington – places a
heavy burden on the controller of the
data to properly obtain consent,
disclose usage, and protect the data
> State of Texas – prohibits capture of
biometric data without written,
informed consent, and prohibits the
sale or disclosure of biometric
identifiers.
14. GDPR Landscape
> In the first 9 months that
GDPR was in effect, there
were over 205,000 cases
reported to various EU
Supervisory Authorities.
> 65,000 breaches involving
things such as email
misconduct, network hacks,
improper tracking of
consumers and illegal video
surveillance data logging
15. GDPR Fines
UNITED
KINGDOM
Information
Commissioner
(ICO)
2019-
07-08
204,600,000 Major Airline Art. 32 GDPR Insufficient technical
and organisational
measures to ensure
information security
link
UNITED
KINGDOM
Information
Commissioner
(ICO)
2019-
07-09
110,390,200 Hotel Chain Art. 32 GDPR Insufficient technical
and organisational
measures to ensure
information security
link
FRANCE
French Data
Protection
Authority (CNIL)
2019-
01-21
50,000,000 Digital Technology
Company
Art. 13 GDPR, Art.
14 GDPR, Art. 6
GDPR, Art. 5 GDPR
Insufficient legal basis
for data processing
link
ITALY
Italian Data
Protection
Authority
(Garante)
2020-
01-15
27,800,000 Telecommunications
Operator
Art. 5 GDPR, Art. 6
GDPR, Art. 17
GDPR, Art. 21
GDPR, Art. 32
GDPR
Insufficient legal basis
for data processing
link
AUSTRIA
Austrian Data
Protection
Authority (dsb)
2019-
10-23
18,000,000 Postal Services
Company
Art. 5 (1) a) GDPR,
Art. 6 GDPR
Insufficient legal basis
for data processing
link
16. GERMANY
Data Protection Authority of
Berlin
2019-
10-30
14,500,00
0
Property
Company
Art. 5 GDPR,
Art. 25 GDPR
Non-compliance with
general data processing
principles
link
GERMANY
The Federal Commissioner
for Data Protection and
Freedom of Information
(BfDI)
2019-
12-09
9,550,000 Telecoms
provider
Art. 32 GDPR Insufficient technical
and organisational
measures to ensure
information security
link
ITALY
Italian Data Protection
Authority (Garante)
2019-
12-11
8,500,000 Gas &
Energy
Company
Art. 5 GDPR,
Art. 6 GDPR,
Art. 17 GDPR,
Art. 21 GDPR
Insufficient legal basis
for data processing
link
SWEDEN
Data Protection Authority of
Sweden
2020-
03-11
7,000,000 Digital
Technology
Company
Art. 5 GDPR,
Art. 6 GDPR,
Art. 17 GDPR
Insufficient fulfilment of
data subjects rights
link
ITALY
Italian Data Protection
Authority (Garante)
2019-
12-11
3,000,000 Gas &
Energy
Company
Art. 5 GDPR,
Art. 6 GDPR
Insufficient legal basis
for data processing
link
GDPR Fines
18. When can surveillance
be used?
> Purpose must be explicit and documented
> Must be a legitimate interest to override
subjects’ privacy rights
> Prove that less intrusive means would not
suffice
> Appropriate safeguards must be taken
when storing video data
> Warning signs must be clearly posted with
an icon to easily identify video
surveillance in progress
> Warning sign must include the purpose of
surveillance and the data subject’s rights
22. Evolving Risk Landscape and Risk Management
> Surveillance Economics and Data Sharing
> Consumerization of Technology
> Asymmetry - Attackers and Target
> Siloed Systems, Communications and Development
> Skill Gaps
> Algorithm Bias
> Alchemy vs. Science/Engineering
27. Best practices - summary
1. Notice and Consent
a. “I Agree”
b. Use of (Consent) Receipts
c. “Signs”
2. Legal requirements
a. Privacy - GDPR, CCPA, Washington State
b. Children - COPPA,
3. Frameworks
a. ISO, NIST, IDESG, Pan-Canadian Trust Framework
4. Industry Code of Conduct and Practice
a. Proactive approach, based on best practices