Industry Stands Firm On Video Privacy & Compliance

@import url(‘https://fonts.googleapis.com/css2?family=Nunito+Sans:ital,opsz,wght@0,6..12,400;0,6..12,500;0,6..12,600;0,6..12,700;1,6..12,400;1,6..12,500;1,6..12,600;1,6..12,700&family=Nunito:ital,wght@0,400;0,500;0,600;0,700;1,400;1,500;1,600;1,700&display=swap’);
@import url(‘https://fonts.googleapis.com/css2?family=Handlee&display=swap’);
h3 {
font-weight: bold;
font-size: 18px;
color: #C72026;
}
figure {
padding: 4px;margin: auto;
}
figcaption {
background-color: #f8f8f8;
color: #404144;
font-family: ‘Nunito Sans’, Arial, sans-serif;
font-size: 14px;
padding: 2px;
text-align: center;
}
.pqFull {
display: block;
border-width: 2px 0;
border-style: solid;
border-color: #404144;
padding: 1.5em 0 0.5em;
margin: 1.5em 0;
position: relative;
font-family: “Handlee”, Arial, sans-serif;
font-size: 20px;
text-align: center;
color: #0067A6;
}
.pqFull:before {
content: ‘275D’;
position: absolute;
top: -.10em;
left: 50%;
transform: translate(-50%, -50%);
background: #fff;
width: 4rem;
height: 2rem;
font: 6em/1.08em sans-serif;
color: #666;
text-align: center;
}
.pqFull:after {
content: “2013 2003” attr(cite);
display: block;
text-align: center;
font-size: 18px;
color: #404144;
}
.highlight {
padding: 3%;
border-top: 8px solid #207BBC;
border-bottom: 3px solid #207BBC;
width: 100%;
font-family: ‘Nunito Sans’,Arial,sans-serif;
font-size: 14px;
background-color: #EAF1F7;
margin-top:25px;
margin-bottom:25px;
}

Video surveillance is a go-to source of intelligent, proactive physical security detection. Armed with the latest analytics and sensing technologies, security cameras target specific anomalies, providing granular detail for risk management and situational awareness.

Within this backdrop comes heightened concern for privacy and compliance, especially safeguarding data and personal information. Even public spaces, once a safe bastion for video recording, are under scrutiny and may have restrictions in place. Biometrics remain a challenge, with total bans and new legislation complicating its move to mainstream.

Providing the highest levels of physical security while adhering to lawful and ethical use of video is a balancing act of responsibility among manufacturers, end users and systems integrators. For integrators, the mission is deploying and maintaining a solution that meets the expanding flywheel of local, national and international regulations — including GDPR, HIPPA, CCPA, CPRA, NDAA, FedRAMP and others.

The regulatory landscape for AI and video surveillance continues to evolve rapidly, says Tim Palmquist, vice president Americas, Milestone Systems, Oswego, Ore. “In Europe, the EU AI Act establishes a risk-based framework that categorizes AI systems based on potential impact, with stringent requirements for high-risk applications. In the U.S., the administration in January revoked certain existing AI policies and directives and now works on developing an Artificial Intelligence Action Plan.”

Organizations that demonstrate trustworthy data stewardship will gain social license to deploy more advanced security technologies.

The emerging trend is clear, Palmquist says: a shift to greater accountability, transparency and protection of fundamental human rights. “Systems must now be designed with privacy by default principles, incorporating features like automatic data deletion, role-based access and encryption. Integrators must stay informed about biometric privacy laws expanding across states like Illinois, Texas, Washington and California’s CCPA, which create new compliance requirements for facial recognition and video analytics use.”

Dean Drako, founder and CEO, Eagle Eye Networks, Austin, Texas, adds, “It’s a complex landscape of privacy regulations, falling into three categories: privacy the customer wants; privacy the government requires; and privacy related to compliance with certain regulations or standards.”

There are other pieces that come into play, Drako says. “For example, a video surveillance system alone is not GDPR compliant. We can provide a lot of the tools and mechanisms, but to be GDPR compliant the end user must have appropriate safeguards, employee practices and documented processes in place. Our cloud VMS has core features to protect privacy. Data is encrypted at rest on the hard drives, in transit and in the cloud. This gives us a strong base and level of privacy and security.”

The AI Effect

AI is a double-edged sword in achieving privacy and compliance. It automates cyber controls and allows users to deploy analytics to detect and classify activity based on what they want to view or record. But AI can also be used by cyber criminals to sniff out and target system vulnerabilities.

Much of the activity in privacy regulation, particularly in the U.S., is driven by AI, according to Florian Matusek, director AI strategy and managing director, Genetec, Montreal. “With AI, the discussion centers on what kind of data is necessary, the type of data companies are using to train their AI and, of course, consumer rights. The system should collect only the data needed to achieve the user’s intended security outcome,” Matusek says.

Advancements in computer vision, combined with deep-learning architecture, have elevated object detection and classification, and these technologies enhance both operational efficiency and data privacy, says Wayne Dorris, program manager, cybersecurity, Axis Communications, Chelmsford, Mass. “For example, privacy shields use AI-based detection to automatically identify and mask people, faces, vehicles and license plates in real time — enabling users to align video surveillance with their specific privacy and compliance requirements.”

AI-generated metadata like refined object attributes can be used independently of video footage to support business intelligence or compliance-focused applications, reducing reliance on storing or processing raw video, Dorris says. “To further enable data integrity at the source, signed video ensures the authenticity of each video frame,” he says. “This is especially critical in the AI context, where training models require trusted, unaltered source data.”&

Privacy, Straight From the Box

Building safeguards into technology through governance and processes starts with product development engineered with privacy by design and privacy by default principles.

“Our approach is rooted in a privacy — and security-first — mindset,” says John Cassise, chief product officer, SAFR by RealNetworks, Seattle. “Privacy by design ensures sensitive data is protected at every stage and, wherever possible, never exposed or stored unnecessarily.”

Cassise says integrators should make sure the technologies they offer are capable of encrypting and securely storing any personal identifiable information (PII). “Ideally, these products shouldn’t even be storing PII, like facial recognition images, at all,” he says. “Leading technologies use facial templates and data points to identify users, rather than actual images, further protecting privacy by digitally obscuring identity.”

Manufacturers continue to address privacy and compliance through software, hardware and collaboration with other providers, getting granular with technology.

Cybersecurity starts at the factory, says Aaron Saks, director of sales enablement, Hanwha Vision America, Teaneck, N.J. “We design and build our own SoC which guarantees secure and authorized use through the lifecycle of every device,” Saks says. “The newest version includes key cybersecurity enhancements plus standard features as such as secure by default, meaning a camera meets recommended settings for use out of the box. The addition of FIPS 140-3 Level 3 certified protection also meets stringent government requirements, preventing unauthorized software and guaranteeing secure video storage, encryption and access.”

Building Vigilance Into Technology

Technology will continue to evolve rapidly, giving systems integrators many more tools to use to address requirements, Saks says. “Advanced AI functions can avoid false IDs and ensure that the right objects or persons only are tracked during a forensic investigation, while edge processing reduces unnecessary data transmission to avoid the risk of operators getting overloaded with too much information.”

At IDIS Americas, Coppell, Texas, the company continues to focus on privacy and compliance through technological investments, says Darron Parker, executive vice president of sales. One of its key features is a proprietary engine developed by IDIS engineers that enables dual-factor authentication between the camera, server and VMS, providing a high level of cybersecurity standards for safeguarding data.

“Advanced software solutions offer active privacy masking and cameras incorporate recognition software that differentiates between objects and behaviors,” Parker says. “In addition, our collaboration with Vaidio enables IDIS Vai, an AI deployment that elevates analytic detection and alerts. This technology powers unique applications like weapons detection, object identification and unusual activity detection. These systems react in real-time, enhancing both security and operational efficiency.”

It’s a complex landscape of privacy regulations, falling into three categories: privacy the customer wants; privacy the government requires; and privacy related to compliance with certain regulations or standards.

Transparency & Auditing

Privacy by design principles, also a philosophy of Genetec, mean the system is engineered to protect data, says Charles Nguyen, product marketing manager – video, audio and analytics; but it’s also about transparency and accountability of documentation.

He further explains: “Let’s say you’re a transportation agency, whether it be Europe or the U.S. or elsewhere, and you want to deploy a VMS system while still being compliant. You want greater situational awareness, but you don’t necessarily have to see the people. We have a controller called the privacy protector module which anonymizes people in the footage captured in the public spaces, making the video still useful for situational awareness. Automatic redaction is another tool, which removes or obscures images. It also provides an audit of who unlocked the original video and who viewed it — not just the redacted images. So, it’s a lot about accountability as well and being able to provide that documentation for compliance.”

Nguyen adds that in addition to software, hardware appliances address compliance and privacy through different mechanisms like secure boot capabilities, PPM V2 .0 and hardening the operating system, simplifying compliance and privacy out of the box.

Cutting a Competitive Edge

The security industry understands the mission: providing the highest levels of video security while protecting data and meeting an ever-growing list of regulations, mandates and requirements. Surveillance needs to be tailored to match security needs without being intrusive and staying within the boundaries of regulations and compliance.

Milestone’s Palmquist says as public awareness grows and regulations evolve, tomorrow’s solutions will build privacy protections into their core functionality, moving beyond technical compliance to embrace responsible stewardship of personal data.

And because of this, the industry is now entering a time where privacy is becoming a competitive differentiator rather than a regulatory burden, he says. “Organizations that demonstrate trustworthy data stewardship will gain social license to deploy more advanced security technologies. This shift will transform compliance from a checkbox exercise into a core philosophy that shapes how systems are designed, deployed and governed throughout their lifecycle.”

https://www.sdmmag.com/articles/104466-industry-stands-firm-on-video-privacy-and-compliance