12 Jul Protecting People and Their Data: The Balance Between Privacy Regulations and Security
With the growing complexity and intensity of cyber threats and attacks we’re seeing in the news, it’s no surprise that more and more regulations are being developed to protect personal data. The increasing use of the Internet of Things (IoT) and smart devices has made the transfer and sharing of data easier than ever before, but how can consumers be assured that their most sensitive information is kept secure?
The EU’s General Data Protection Regulation (GDPR) answered this question with great emphasis on May 25, putting in place a set of rules and guidelines that must be followed by businesses in the European Union and those in the United States that “offer goods or services to, or monitor the behavior of, EU data subjects.” The California Consumer Privacy Act (CCPA) signed into law on June 28 also incorporates the same concept as the GDPR, “focusing on transparency, control and accountability.”
Legislation such as the GDPR and CCPA will only become more common as we move toward a universal understanding of data protection and privacy. These regulations greatly affect numerous aspects of an enterprise organization, with one being its security systems and devices. Officials must balance privacy with efficient monitoring and investigative efforts when it comes to a variety of security elements:
Video surveillance and management. Gathering video data to protect people and assets is the key principle behind the purpose of surveillance cameras, but the GDPR enforces strict privacy and regulatory requirements that must be met, such as the use of video without consent, the location where the video is stored and the measures in place to protect the video. End users and manufacturers must work together to ensure compliance, and IT security teams should be brought into the equation to facilitate proper reporting and mitigation techniques should a breach occur.
Access control. As end users are frequently turning to cloud-based access control systems, the collection, analysis and storage of personal data becomes a critical concern in regard to compliance. Manufacturers need to be mindful of their product’s capabilities and make it easy and streamlined for end-user companies to adhere to the data sharing and privacy regulations in place.
Banking technology. Many companies, such as financial institutions, rely on data analysis to improve business operations and security processes, but new privacy guidelines impact the methods used and extent to which this can be achieved. Banks and credit unions will need to take a hard look at creating new strategies for safeguarding customer information while deploying effective fraud mitigation solutions.
The EU and various legislators in the United States should be applauded for their swift and stern effort to respect the privacy of consumers in response to the overwhelming amount of recent data breaches. But it will be interesting to see how security exeuctives and enterprise organizations respond to the regulations in the above three areas and beyond.