Best practice data privacy includes in-house redaction
When it comes to implementing best practice data privacy protocols, one of the commonly overlooked requirements is the need always to keep data in-house, including when redacting data.
Core data privacy best practice components
In an age in which data is generated and collected at an unprecedented rate, ensuring that data is kept private is essential.
Every organisation holds data on staff and customers in various formats including databases, documents, photographs and video footage. Each data format is susceptible to privacy breaches, be it through hackers, malware, wilful nuisance or human error, and the number of reported breaches increase year on year.
The following is a minimum checklist for data privacy best practice.
Data privacy best practice shortlist
1. Know what data you hold
The first step in protecting data is knowing what data you hold. It is important to know what data is sensitive and how to store it in compliance with security and privacy regulations.
2. Control access to data
Access to data should be limited strictly to authorised personnel to avoid internal breaches, data theft and loss.
3. Encrypt data
Cybersecurity breaches have increased exponentially in the past few years. Encrypt data to protect it from hackers.
4. Publish data usage policies and train staff
Create and publish a clear data usage policy and train staff to understand who, what, where, when and how data can be accessed.
5. Create strong passwords and enable two-factor authentication
Create strong passwords, change them periodically, and enable two-factor authentication to add an additional layer of protection.
6. Comply with privacy regulations
Security regulations such as GDPR are in place to protect people’s personal information and data. Comply with privacy regulations to earn the trust of staff, customers and the public.
7. Never send private information by email
Email is highly susceptible to data breaches as the information travels between computers.
8. Comply with data retention and purge schedules
Be aware of mandated retention schedules for different types of data, and purge data as soon as it is no longer required.
9. Anonymise data when sharing information
GDPR requires that identifying information associated with all but the subject(s) of interest be replaced, removed or redacted when sharing data, for example when fulfilling a data subject access request (DSAR).
10. Maintain video quality
Ensure video quality is good. Indistinct images and grainy video footage is unlikely to be accepted as evidence in court.
11. Understand the scope of redaction
Elements that need to be redacted when sharing video footage include faces, car number plates and anything that could identify all but the subject of interest.
12. Use the right tools
Use redaction tools that are proven to be reliable and acurate in protecting the privacy of individuals captured on video. Using manual systems, Cloud solutions and non-specialist software packages all involve compliance risks. Explore automated video redaction tools that work in tandem with post-processing checks.
Why would you ever allow data to leave your environment?
When we are asked at Facit, “Can I redact data in-house?” we always reply “You should never let data leave your secure environment.”
When we first began working with compliance professionals, we found that data in the form of both documents and video footage were being sent outside the client organisation to be redacted, and were transmitted by post, email or online upload. We concluded that the pressures of GDPR, such as DSAR deadlines, force businesses into risky practices.
The reasons businesses allowed - and still allow - data to leave their own environments include:
Lack of in-house expertise and resources
Tick-in-the-box compliance expediency
Insufficient risk analysis
Lack of familiarity with available tools
Outsourcing data to a redaction bureau may present itself as an opportunity to conserve staff resources and save time. However, allowing data to leave your secure environment and become exposed to third parties introduces significant risks of a data breach, and ultimately involves a high unpredictable cost. Not to mention the transmission options, which themselves are hard to protect and leave no reliable audit trail.
Currently, the senior Compliance Officers we work with are horrified at the idea of having anything less than total in-house control of their data processing. They actively seek best-in-class technology to empower trusted staff to carry out data privacy tasks in the most efficient way.
Conclusion: video redaction best practices
The best practices for video redaction are essential for balancing transparency, privacy and legal compliance in the use of video recordings, particularly in sensitive environments like law enforcement, healthcare and public spaces.
Effective redaction ensures that personal information, irrelevant details and non-consenting individuals are protected at the same time as preserving the integrity and usefulness of the footage for its intended purpose.
Implementing standardised redaction processes, using advanced software tools and maintaining strict oversight helps organisations achieve a privacy balance.
As video technology continues to evolve, staying updated with the latest redaction technology and legal requirements will be crucial to ensure ethical and effective use of video recordings.
There is no excuse not to ‘own’ data redaction processes
The glaring omission from best-practice data privacy checklists is advice to exploit the latest in compliance technology, automation and AI that generate self-sufficiency for data professionals.
Best practice document data redaction means having the in-house ability to remove sensitive data from documents, and not merely masking text. Removing data from documents, rather than masking it, means that redaction cannot be reversed and metadata cannot lead to data breaches when data is shared.
GDPR deadlines should not force organisations to scramble for substandard video redaction solutions in haste. Video data redaction today is automated, fast, reliable, flexible and cost-effective for in-house use. The business case for implementing video redaction software and taking ownership of redaction processes in-house is proven, clear and compelling.
Facit specialises in empowering data professionals around the world to address the challenges of regional compliance regulations while retaining full in-house control of document redaction and video redaction data privacy processes.
Learn more about video redaction here.
