The arrival of the General Data Protection Regulation (GDPR) has reminded us of the important role technology systems play in keeping both us – and our data – safe. The primary discussion around GDPR in the build up to its implementation had been surrounding text-based Personally Identifiable Information (PII) such as names, email addresses and financial information found in a variety of commonly used systems ranging from accounts software to email subscriber lists. Now the deadline has passed, the focus must be shifted to a data source that is often overlooked.
That data source is your security systems. The personal details stored on access control systems are often not considered when an organisation is mapping its data, but an even more widespread issue is overlooking the use of CCTV surveillance cameras that are capturing images where individuals are personally identifiable. This footage contains PII and because this data is not text, it’s easy to forget that it is still an identifier under the new regulation’s definition of personal data, and as such needs to be processed securely. As security systems become increasingly connected to IT networks, it is now more important than ever to ensure they are manufactured, installed and utilised in a secure manner.
Security systems data as PII
The threat-landscape is constantly evolving. From a physical intruder to a large-scale cyber-attack against our nation’s critical infrastructures, the increasing number of risks means it is now more crucial than ever that organisations put in place the latest tools, systems and processes to protect facilities and the people within them. The deployment of security technology, such as CCTV and access control, is therefore a common element in an organisation’s Strategic Security Plan.
These systems are designed to keep us safe. However, as businesses begin to realise the benefits of connecting security systems to IT networks to turn the data generated into business insights, this increased amount of data must be recognised as PII, and therefore subject to the same data protection measures as text-based data. The best way to protect this data and the integrity of your network is to only install systems that have been manufactured with cybersecurity in mind. It is also of critical importance that system users are sufficiently trained in data protection.
Unfortunately, as things stand, that isn’t always the case. In a recent survey, NW Security Group found that 78% of schools, colleges and universities in the North West of England believe their facility actively promotes robust access control, and 86% of institutions implement a day-to-day visitor pass and booking-in system. This is great news, aside from the fact that 51% of respondents said that the person responsible for the administration of an access control system is not trained in data protection.
As well as having a secure network, it’s critical that there’s a well-trained member of staff on site who’s responsible for overseeing the system, because systems are only as effective as the procedures in place to facilitate them and the staff trained to use them.
Integrators that understand data security
The answer lies in working with partners that take data security seriously. For example, an integrator that is Cyber Essentials Plus accredited will have met high standards in securing its own business systems and data. It’s these same high standards that you need when an integrator is installing security systems on your network, and if the integrator can also share their data security knowledge and train your staff, then you’ve found yourself a winning partnership.
True security requires collaboration between user and integrator, which is where we believe NW Security Group excels. Our all-encompassing services start well before installation with expert consultancy and continue long afterwards with ongoing support and maintenance.
With in-depth knowledge of IT and security technologies, we’re able to help our customers benefit from the latest IP-based security solutions, training staff in the proper use of systems and the good practice that keeps personal data secure.