Understanding Different Types and Uses of Video Surveillance Data
Jan. 22-28 is Data Privacy Week, and the Security Industry Association (SIA) Data Privacy Advisory Board is marking the occasion with helpful tips and guidance on key data privacy topics. Here, learn about different types and uses of video surveillance data.
As artificial intelligence (AI) applications have matured, it has become commonplace to see video cameras shipped with basic AI analytics embedded as a standard feature. The range of capabilities varies, but all are intended to make video data more informative and useful.
The business community, in recent years, has been excited by the ways in which data can be leveraged with the help of APIs and AI-based machine learning and deep learning technologies. The potential for video surveillance data to be a useful contributor to operational processes – in addition to its traditional security function – is vast.
For the security professional, this potential opens up opportunities and considerations that were not necessarily part of the requirements specification.
Changing the purpose when moving video surveillance data into a non-security use case requires a new kind of dialogue with multiple stakeholders in an organization. And when video is analyzed for such things as facial recognition or emotion detection, the data demands an even stricter set of privacy considerations.
These questions can help to guide organizations looking to use video data for new purposes.
- Who are the new stakeholders in the business?
- What data is being used and for what purpose(s) beyond security?
- Workplace privacy:
- Will the company need to consult with its workforce?
- Will it need to ask for consent, and will contracts have to change to allow the use of video (which may be seen as an intrusion into privacy in the workplace)?
- What are the legal and regulatory concerns when video is used for non-security purposes?
- Consider the risk:
- How is risk managed?
- Consider using impact assessments to evaluate the effect of the new video usage.
- Is the risk acceptable to the people who are affected; is it compatible with their privacy and human rights?
- How is risk managed?
- Understand why it matters:
- New regulations are expected to consider the chain of causation of harm, which could bring providers into the net of liability.
- Are you ready?
Organizations that deploy video surveillance should also be aware of special categories of video surveillance.
In all video surveillance uses, there must be transparency about the authority, purpose and justification, along with proportionality and reciprocity, as outlined in the SIA Privacy Code of Conduct.
Further, there are special categories that have additional requirements because of the risks associated with them. In these cases, there are often explicit requirements for transparency, notice, accountability and operational requirements. Just as there is a need to allocate resources to video surveillance capital expenditures, there is also a need to fund maintenance of these systems. This must include operational privacy requirements in concert with cybersecurity and data protection requirements.
While video surveillance systems have always generated a lot of data, only in the past decade has there been significant use of video analytics, image metadata and automated processing. These capabilities are expanding rapidly with facial recognition, vehicle identification and license plate reading, in addition to now standard features such as objection detection, tracking, classification and identification. Video surveillance has also widely adopted cloud computing for storage and processing, which triggers special considerations related to third-party processing of data and the possibility of cross-border data flows. All of these factors can add risk.
With this in mind, it is important to understand when and if it is appropriate to use these capabilities, in addition to the associated governance, compliance and operational responsibilities associated with them.
In addition, special subject categories must be accounted for. Surveillance that involves the collection of personally identifiable information is a common special category, as is the processing of children’s data. Many jurisdictions around the globe have regulations specifically related to the latter category. Issues to consider include restrictions on processing, parental and shared consent and sensitive data categories (e.g., medical information). This applies to services for children, as well as those that are intended to be child-restricted.
Sensitive locations, meanwhile, are areas where video surveillance is restricted – restrooms and locker rooms being the most obvious examples. Other special locations include areas that require clearances and, potentially, even the workplace when video surveillance is restricted by local statutes or union contracts.