Best Practices for Retail Surveillance
Retail Surveillance Systems
In today’s retail business, surveillance is a necessity. Surveillance systems are used to deter theft, reduce insurance rates, and to improve customer experience. Video footage also contains personally identifiable information (PII). Personally, identifiable information consists of any data that can be used to identify someone. Examples can be names, social security numbers, driver’s license information, and even video content that includes faces. With included technologies such as facial recognition systems, video content can identify a single individual.
Any data collected by a retail establishment is subject to local, state, and federal privacy laws. In some instances, a company must also follow global privacy regulations. These regulations are not based upon your physical location, but the area of the consumers that your company services. Examples are the CCPA or the California Consumer Privacy Act, and the GDPR or General Data Privacy Regulation. The California law protects all the citizens within California, but it applies to any company that provides goods or services to California residents, despite the location (globally) of the business.
Failing to comply with these regulations can result in considerable financial penalties for a business. These penalties can impact the bottom line for profits and, if severe, can put a company out of business. A data breach that leaks information regarding consumers, though it is a criminal act, still falls under the company’s responsibility that is holding the data. It is considered their duty to protect personal data, through redaction, encryption, or other means, so that even in the case of a breach, the consumer’s private information stays private. The impact of a loss of consumer data can cause customers to lose trust in your reputation and take their business elsewhere.
How a company handles video surveillance and other private consumer information can be an enormous financial cost for maintaining the data’s security. Reputation and risk management can help minimize the impact of any data loss. Still, from a consumer perspective, the memory of being breached by a company stays with the affected individual.
Best Practices for Video Data
The Department of Homeland Security has developed best practices for handling data obtained through video as a guideline. While these guidelines are typically applied to video data, the prevailing theories can be applied to personally identifiable data. Here are some of the main points:
- Principle of Transparency – This principle calls for transparency of the use of surveillance to consumers and pedestrians. Signs warning of the use of surveillance equipment in use should be in visible locations. Allow consumers to locate the knowledge behind the company’s accountability process for data quickly. Establish a system of policies for handling video or CCTV (Closed-captioning Television) data and keeping this information available to the public.
- Principle of Individual Participation – When establishing the surveillance system, invite public comment on what procedures they would like to see incorporated into the data handling policies. To the extent possible, allow the public access to view any data collected on them through surveillance. Be sure only to enable them to view redacted information so that other citizens also captured in the data are not exposed to privacy violations.
- Principle of Purpose Specification – Be sure that your surveillance system has clear goals, such as further law enforcement activities. Set clear, well-defined goals and parameters around the usage of any video data recorded. Share these goals and usage information publicly. When designing the surveillance system, allow the parameters of data usage to guide you through appropriate installation.
- Data Minimization Principles – Design your surveillance system to have a minimum impact on citizens’ privacy, personal values, and constitutional rights. Perform a cost analysis and compare installation and management costs of the surveillance system and its data with other security options. A combination of security policies may also minimize the number of cameras needed. Talk with local law enforcement agencies to discover how the surveillance system can help with community safety.
- Limitations of Use Principles – Create policies that prohibit the sharing of video data with third parties. This policy includes limiting access to law enforcement and other government agencies. Before the installation of intrusive camera angles, be sure to have procedures to safeguard these additions by a thorough investigation of its use with privacy professionals who can better guide you through any appropriate changes. Set in place policies that require special approvals before any data is shared, to whom, and any new changes to the system and its operation.
- Principles of Data Quality and Integrity – Incorporate safeguards within the system to protect any stored data from the surveillance cameras. Use watermarks to designate ownership of the video data. Provide safeguards and training sessions with any employees with access to any personally identifiable data or video. These employees should face some background check and security clearance. Establish data retention policies so that any video data that is not being used has a limited life span. Set a date for the destruction of data.
- Principles of Security – Provide notice of company policies for sanctioning against the misuse or abuse of any personally identifiable data, including film footage. Establish a standard for remedies to any consumers who are violated by a breach or misuse of their personal data. Create a system of safeguards to help eliminate any abuse of data by employees, the public, or consumers.
- Principles of Accounting and Auditing – Be accountable for the data collected and the use of data along with supervising the data trail. Establish a control log that will keep track of all employees and administration that access the data. Use an automated operator log-on and passcode. The control log and policies protect not only the safety and security of the data but also the employees and staff. Review your policies and available applications that can be used to audit data usage. Use encryption, watermarking, and all choices available to help safeguard the data.
Redaction Software Provides Safety
With all the details of a surveillance system, digital data is easy to get piled up and overwhelm staff when implementing digital data policies. Using a single person or even multiple employees to redact private or personally identifying data can become costly. CaseGuard redaction software provides answers to saving employee hours and staying ahead of your company’s reputation management. The application of CaseGuard software makes the impact on your bottom line by creating cost savings for employee time and preventing penalties from failure to comply with privacy legislation.
CCTV and retail surveillance are needed to secure your business, protect you from loss, and protect your employees. Think about how your profit margin can increase with the use of video analytics, which is now available with most professional systems. These tools will help you study the foot patterns of traffic in your company and identify people, cars, and places. The key to understanding the implications of installing a retail surveillance system is “to make sure that the use of the video — the value that is being attained — is equal to or greater than the cost of deploying the solution.”
Without additional privacy solutions, such as CaseGuard’s intelligent automated redaction system, the value of what is attained is lost without protecting the data. CaseGuard protects that value. CaseGuard provides vision technology, research, and tools to analyze video data accurately and quickly. Using artificial intelligence and machine learning-based CaseGuard tools provides a means for compliance with data privacy laws. Encryption and blurring or masking of images retain the data for further study and protect the company from exposure during a data breach. In the matter of law enforcement or other legally obtained data from the video, the technology exists to unmask and recover the personally identifiable information at a later date.
As the decision-maker or owner of a retail establishment, comprehending the large amount of data that a retail CCTV system generates makes creating effective privacy policies manageable. Some of the challenges that a company can face is information overload. Creating powerful information management, retrieval, and destruction policies protects the business and allows the company to be able to use its surveillance system effectively.
As the global leader in redaction technology, CaseGuard’s automated redaction system provides the best solutions for managing your data. The system can be a comprehensive data privacy tool for managing more than just surveillance data and written documents, databases, and images. Also, CaseGuard has additional tools incorporated in its redaction system that can help expand your customer base. Using the language tools, which includes 28 languages, can help transcribe, translate, and caption spoken words captured in the video and any other video that is created for social media and company promotion. The system provides object tracking features, automatic redaction, and data encryption that can provide the most secure surveillance and data gathering system installed. Overall, it saves money and protects the company’s reputation. A reputation that once lost is not easy to regain.