The Dilemma of Data Security in Crisis Situations
Since the advent of this global pandemic, governments worldwide and their health authorities have been accused of privacy breaches and overreach because of increased surveillance and tracking of primarily infected patients, their recent physical connections and people on their contact lists, but also of the public in general.
Governments are caught in a dilemma, where they need to protect the public on the one hand, while on the other hand they have enacted data privacy laws to protect the personal information of citizens.
The Need to Navigate Data Privacy
Companies need to navigate this data privacy environment while also providing solutions to assist businesses and governments to implement and manage guidelines.
Governments have in some cases suspended the implementation of, or created loopholes for, data privacy laws as well as other laws, because of the pandemic’s impact. However, in some cases these legal loopholes are not clearly defined, so new technology providers in the biometrics and data security sectors, such as Gorilla still need to be aware of the compliance requirements.
Data Privacy Concerns and Solutions
Artificial intelligence software that performs computer vision tasks like facial recognition is facing many concerns regarding how data is acquired, processed, and stored. Specifically, concerns of personal location and identity data have been brought up as of late. Currently, data standards and data best practices as policy are the agreed upon answer to these concerns.
Location and Identity Data
The main concern for Gorilla is where a video camera system is in operation and using IVAR™ and BAP to process information for the purpose of facial recognition – which is the most sensitive item of personal information when it is linked to a person’s identity. This would potentially include the scenario where face mask detection is used. Solutions that aid organizations in regulating access to their premises are in high demand. The goal is to safeguard employees’ health, making sure that face coverings are being worn and that employees accessing the workplace do not have a high temperature. However, the use of biometrics for access control has proven to be controversial for the workforce going back to the office. Smart City solutions and Smart Surveillance systems have also been received with skepticism, as facial recognition plays a key role in the architecture of such innovations.
In the commercial sector, Smart Retail solutions will be less affected provided that the data collected is used for statistical purposes (such as people counting), or to ensure customers keep social distance. Temperature scanning with IR cameras is in the same category as people counting – it is not personal information per se, unless combined with other identification data.
Certified Data Standards and Systems
The current ISO management security certifications can serve as a basis to build from in order to develop a more secure handling and storage system for private information. Systems Integrator partners can place a disclaimer notice next to or near the camera system notifying patrons of the use of the facial recognition software, if any.
Implementation of Data Privacy Best Practices
Gorilla’s solutions are GDPR friendly as we don’t store any facial recognition images in our system. Our partners could schedule a regular and recurring time slot to erase the data based on the laws and regulations in their deployed countries. In addition, network security is a priority at Gorilla. As a trusted solutions provider to various government entities, we have experience collaborating in highly sensitive projects where data security is of the utmost importance.
Where We Go from Here with Data Privacy
Gorilla continuously works to minimize risks to itself and to the data subjects by requesting or highlighting to our partners and customers that they properly handle the private information in line with the laws and regulations.
In complying with the GDPR, other data privacy laws in other countries, and together with our partners, we can avoid possible sanctions by the authorities and ensure we are safeguarding people’s privacy. By making sure they comply with local data privacy laws and regulations and by implementing necessary procedures for data processing, recording, safe keeping and deletion or release, risks can be minimized by Systems Integrators or Technology Partners.
Gorilla is implementing its current privacy policies and also developing inter-company agreements for data processing from its affiliates, partners and end-users, while strengthening its security management procedures.
Final Thoughts on Data Privacy for a Better Tomorrow
The new world that is unfolding in front of us will require the use of new technologies to ensure that we can tackle future social health threats. Caution towards the use of solutions requiring private data usage is corollary to the rapid changes we’re experiencing. The transformation, albeit fast and starkly different to what we’re used to, should not be simply deemed Orwellian. Transparency, healthy control systems and the commitment of all parties involved in abiding by these principles will become crucial, as they will be the most effective way to protect us against the infringement of privacy.