Download PDF version Contact company

In the digital world, people own personal information just like they own physical assets such as cash, keys and clothes in the real world. But because personal information is intangible, its value has been overlooked by many for a very long time. With the increase in cyber crimes on personal data and the infamous Snowden affair, this issue has become more prominent. Fei Liu from Nedap Security Management Research & Development informs that to improve the transparency of data collection and processing, and to give people control over their personal data, the European Commission has proposed a new regulation for data protection (General Data Protection Regulation 2012/0011(COD) (GDPR)) and brought the issue to a new level. 

According to GDPR Article 10a(2), GDPR empowers people (data subjects) with the right to control their personal data. Such rights include, inter alia, the provision of clear and easily understandable information regarding the processing of his or her personal data, the right of access, rectification and erasure of their data, the right to obtain data, the right of object to profiling, the right to lodge a complaint with the competent data protection authority and to bring legal proceedings as well as the right to compensation and damages resulting from an unlawful processing operation. Such rights shall in general be exercised free of charge. The data controller shall respond to requests from the data subject within a reasonable period of time.

GDPR has defined four roles in order to safeguard the rights: Data Protection Authority (DPA), data controller, data protection officer (DPO) and data processor. DPA is the supervisory authority from member states, which monitors the application of the regulation and contributes to its consistent application throughout the Union. The data controller, DPO and data processor are active at a company level, performing various data protection tasks.

As with most other industries, physical security systems will be influenced significantly by this new regulation. They generally collect, record and process large amounts of personal data, some of which may be very critical and sensitive. For example, a physical security system often records very personal information about a cardholder, such as their name, social security number, employee number and so on. It may also store a PIN code, fingerprints and video footage of the cardholder. If someone else were to use this person’s identity and authentication information, they could access restricted areas that they’re unauthorised to enter.

Security systems also record cardholders’ access events. So, by studying these events, you can easily trace someone’s behaviour pattern. Currently, cardholders are often unaware of the personal data captured in a security system – for example how long it will be stored for, whether it has been stored safely, where the data has been distributed to and whether it has been processed for other uses. 

All above-mentioned doubts can make a cardholder feel insecure about a security system. Currently, security systems are most often viewed as protecting a building’s security, while the protection of cardholders’ personal data is often neglected and can be easily violated. A system administrator, for example, usually has the right to view logged events from all cardholders on the request of a criminal investigation. Such a right can be abused, however, by browsing the information with other purposes or even just for fun. This is a very typical case of data breach. The security of buildings and cardholder information are both very important, and should be protected. One shouldn’t conflict with the other; a well-designed system should be able to achieve a win-win situation for both.

What can we do to secure security systems?

There must certainly be an increased focus on information security to improve data protection in physical security systems. Data protection should be an integral part of PIAM (physical identity and access management) and PSIM (physical security information management), and GDPR has provided a nice guideline. In general, a well-designed physical security system should:

  • Include data protection and data security in the design phase. This means applying various technologies to perform database security, identity and access management, network connection security, secure data processing and link authentication.
  • Ensure data subjects’ rights. It should provide full functionality to enable data subjects (for example cardholders) to access, obtain, edit and erase their data.
  • Assist data controllers and DPOs in performing their tasks. In particular, the system should be able to:
    • Provide a platform to manage and act on requests from data subjects and the supervisory authority.
    • Help data controllers and DPOs to define security policies and monitor data processing.
    • Monitor and report on data protection breaches, and perform specific tasks under the direction of data controllers and DPOs.

Anyone installing a physical security system should consider the following aspects regarding data when they deploy the system.

  • The categories and retention time of personal data held in the system, and the reasons for collecting and processing this data.
  • What defines a data breach in the system.
  • The relationship between data held and relevant laws and regulations.
  • The relationship between data held and services provided.
  • How access and identity management can protect personal data in the system.
  • Establishing varying levels of access rights to the data in the system.

On 12 March 2014, GDPR passed the EU plenary vote with the vast majority in favour. The European Commission will start adopting GDPR at the end of 2014 and is expected to enforce it in 2016.

Share with LinkedIn Share with Twitter Share with Facebook Share with Facebook
Download PDF version Download PDF version

Author profile

In case you missed it

What are the challenges and benefits of mobile access control?
What are the challenges and benefits of mobile access control?

There is a broad appeal to the idea of using a smartphone or wearable device as a credential for physical access control systems. Smartphones already perform a range of tasks that extend beyond making a phone call. Shouldn’t opening the door at a workplace be among them? It’s a simple idea, but there are obstacles for the industry to get there from here. We asked this week’s Expert Panel Roundtable: What are the challenges and benefits of mobile access control solutions? 

Securing a sustainable future
Securing a sustainable future

The UK Government has set out an ambitious ten-point plan, known as the green industrial revolution, with an aim “to forge ahead with eradicating its contribution to climate change by 2050.” This makes our government the first major economy to embrace such a legal obligation. Green recovery Acknowledging climate change and meeting net-zero is a demanding challenge especially for those affected by the pandemic. But the UK Government, with the launch of its aspiring strategy, is investing everything in its power to promote a ‘green recovery.’ Here, Reece Paprotny, Commercial Manager and Sustainability Champion at Amthal, highlights how the fire and security industry has an opportunity to use the current recovery period to explore its own sustainable journey and embrace the significance of environment, economic and social collaboration, transparency, and accountability. Employing sustainable technologies Pressure is mounting on construction to find ways to reduce emissions and help meet net-zero targets The perception is that COVID-19 presents a once-in-a-lifetime opportunity to re-write the existing rulebook. This is riding on the significance of changing public support for more environmentally friendly living opportunities, with associated cost savings, efficiencies, and cleaner industries. Innovative sustainable technologies are the key to kickstart this route to success.  Nowhere can this be seen more than in the built environment, which currently contributes to 40% of the UK's carbon footprint. Pressure is mounting on construction to find ways to reduce emissions and help meet net-zero targets. This is through the entire life cycle of a building, to reduce their impact on the environment from planning stages, through build and demolition. Building the right environment By creating the right policy environment, incentives for innovation and infrastructure, the Government can encourage companies to seize the sustainable opportunities of new technologies and value chains linked to green sectors. They can accelerate the shift of current carbon-intensive economic and industrial structures onto greener trajectories, enabling the UK to meet global climate and development goals under the Paris Agreement on climate change and the 2030 Agenda for Sustainable Development. Transparent working practices Each industry sector is expected to engage and pledge its support to achieve the significant deadlines. Every company can make a difference, even with small steps towards a sustainable future. So whilst elements such as safety and security represent just one component of building the right sustainable environment, it paves the way to opening up our sector to greater efficiencies, transparent working practices, and encourages collaborative use of resources. Sustainability in security The security sector has a significant opportunity to incorporate ‘going green’ into its practices In fact, the security sector has a significant opportunity to incorporate ‘going green’ into their processes, and practices. This is right from product lifecycles to more environmentally friendly work practices when it comes to maintenance and monitoring services. When integrating environmentally friendly practices, starts with the manufacturing and production of the wide variety of systems in operation for the security sector. And some certifications and guidelines can be achieved, such as the ISO 14000 which looks into eliminating hazardous materials being used which in turn will reduce carbon footprint.  Upgrading supply chain process Observing the complete supply chain and working with partners to reduce unnecessary travel, shipments, and transportation of products, can all contribute and create sustainable processes.  In the maintenance and monitoring of products, it is essential installers and security specialists consider their own environmental impacts. Simple changes such as switching company vehicles to electric options for site visits can make a significant difference to climate change and improving air quality. Presenting sustainable ways of disposing of products at the end of their natural lifecycle is key to change in our sector. This is especially in the security industry where many customers will need a complete overhaul of outdated solutions or need systems upgrading due to changing threat levels. Sustainable evolution Progress is being made, specifically in the fire and security industry, in its sustainable evolution. Businesses are trying to develop a reputation for “sustainability” or “good corporate citizenship.” And it has gone well beyond the theory to the practical, where companies recognise activities have an impact on the environment and are also reviewing the social and economic influences. Three pillars of sustainability In a recent interview, Inge Huijbrechts, the Global Senior Vice President for safety and security and Responsible Business at Radisson Hotel Groups sees her vision to combine safety, security, and sustainability. Inge focuses on three pillars, namely, Think People, Think Community, and Think Planet. Think People means that we “always care for the people in our hotels and our supply chain.” So, in outwards communications, safety and security were always part of the Think People focus area. Think Community is caring and contributing in a meaningful way to communities where we operate. Finally, Think Planet makes sure that “our footprint on the environment is as light as it can be in terms of energy, water, waste, and carbon, and making sure that we incorporate sustainability into our value proposition.” Moving forward Apprenticeship schemes are integral to ‘think people’ and have a role to play in the social impact on the security industry There are immediate actions that can be taken by companies in the security industry to support sustainable development, working right from within a company to supporting industry-wide initiatives. From a social perspective, at a foundation level, “Think People’ can see the Living Wage Foundation as an example of a commitment to a team.  This is for businesses that choose to go further and pay a real Living wage based on the cost of living, not just the Government minimum. Apprenticeship schemes are also integral to ‘think people’ and have a pivotal role to play on the social impact on the security industry.  It addresses the sector-wide issue of finding employees with the right mix of skills to collaborate and meet discerning consumer demands for increasingly smart security solutions for homes and businesses. Impact of the full lifecycle of products From an environmental view, or ‘think planet,’ we need to collectively look at all elements of our industry, with a desire to analyse the impact of ingredients used, supply chain, or manufacturing alone, and also consider the full lifecycle of our selected products from creation to end of life. As Jamie Allam, CEO Amthal summarises, “This is a long-term, sustainable investment in our people, our products, and our business based on our values.” “When put together, a social team which feels empowers and operates in environmental optimum working conditions is in a position to provide a great experience to our customers, creating an economic positive difference. It forms the basis of a sustainable sector vision for the security industry-wide to adopt.” Taking action Amthal is taking action based on the ready-made universally agreed UN 17 Sustainable Development Goals. Also known as Global Goals, these are at the heart of the 2030 Agenda for Sustainable Development, adopted by all United Nations Member states. This agenda is a plan of action for people, the planet, and prosperity. By being an early adopter, we believe we can engage with customers, partners, and suppliers on these issues and generate opportunities to innovate for mutual and industry sector benefit. Together, we can contribute to building a more sustainable security sector and future, and contribute to the UK Government’s green industrial revolution.

What is the impact of privacy concerns on physical security?
What is the impact of privacy concerns on physical security?

Adoption of General Data Protection Regulation (GDPR) by the European Union in 2016 set a new standard for data privacy. But adherence to GDPR is only one element, among many privacy concerns sweeping the global security community and leaving almost no product category untouched, from access control to video to biometrics. Because privacy concerns are more prevalent than ever, we asked this week’s Expert Panel Roundtable: What is the impact on the physical security market?