Best practice for video redaction
Best practice video redaction (data masking) is essential to fulfil the increasing number of subject access requests (SARs) and to avoid fines and reprimands for privacy breaches, which are also on the rise.
Many companies experienced a rise in SARs during the pandemic and the trend has continued. Some public sector organisations, such as the NHS, struggle to cope with the level of incidents reported. The current situation, with less staff and limited government funding, places video redaction practices in the spotlight.
Make the most of technology to redact video
It’s incredibly important that organisations have the right redaction software in place to empower their Data teams to action SARs efficiently and effectively.
In the ICO’s incident trend reports, statistics show that incidents of “failure to redact” are being discovered and reported frequently.
Best practice 1: checking redacted output
Proper processes must be in place to reduce the risk of a data breach to as near to zero as possible. Critical aspects of effective privacy processes are training and policy awareness.
When it comes to sharing data, double-checking and triple-checking data prior to release is an obvious measure to put in place.
It greatly increases the risk of error if one person has sole responsibility for checking privacy compliance before releasing information or video footage.
Manual intervention and manual checking are likely to remain an important component of data privacy management. However, a large percentage of data protection and privacy processing can be undertaken using proven technology.
Automating video data redaction eliminates human error, subject to final manual checks prior to the release of data.
Best practice 2: staff awareness
Data privacy best practice involves having comprehensive privacy protocols that are circulated to your staff to ensure they know what data is kept and how to work with it compliantly.
Elements of data privacy best practice include:
Train staff to handle data compliantly
Ensure staff have read privacy policies
Issue periodic reminders to keep the importance of data privacy in people’s minds
Privacy redaction training and policy publication are cited as essential by the ICO.
Best practice 3: in-house video redaction
The overwhelming majority of Data Officers argue that in-house video data privacy processing constitutes best practice. In the public sector, many NHS Trusts, for example, mandate that data must be handled within the Trust’s secure IT environment.
Facit’s customers suggest that the idea of outsourcing video redaction, or of data ever leaving their organisation’s own environment, concerns them as it introduces unnecessary risks.
Compliance teams suggest that Cloud redaction tools do not redact fast enough, require significant manual intervention, and may not provide 100% compliant subject(s) redaction.
As well as introducing external risk factors, Cloud redaction solutions have not provided the sought-for cost-efficiency nor the data privacy assurance required.
Best practice 4: technology selection
When it comes to GDPR video redaction requirements, there is no room for miscalculation, skipped frames, or unsecure transmissions. Cloud redaction solutions may look attractive but come with attendant risks:
Feature loss: The best video redaction software systems are built with AI capabilities that reduce human error and significantly increase processing times. In the Cloud, these features can be lost or degraded.
Bandwidth pressures: Videos take a long time to process and processing them in the Cloud takes huge amounts of bandwidth. Rendering video files in the Cloud can be very slow, and can compromise an office’s bandwidth.
Quality degradation: Cloud video editing software frequently use proxy files, which results in faster Cloud processing, but the output can be a lower quality video file.
Storage costs: When every budget is being scrutinised, it does not make economic sense to pay for processing time or storage costs for large videos.
Security issues: Cloud-based systems do not offer the same amount of security as in-house systems.
Concerns about legacy video redaction
The majority of established organisations and businesses have some form of video redaction in place, whether it is outsourced, or managed via online tools, or involves manual processes.
However, the bulk of Facit’s recent enquiries are from Data professionals who worry that their solutions are:
Not scalable
Not cost-effective.
At risk of redaction reversal
The solution for most operators has been to throw additional resource at the problem, which results in strained and unpredictable budgets, and increased staff costs.
Best practice 5: reduce risks of human error
The major data breaches making headlines tend not to be the result of phishing, hacking or cyberattacks. It transpires that data protection is all too frequently undone by human error.
Redaction automation and encryption should be standard measures in place to prevent not only hacking, but also accidental data breaches.
Personal data breaches frequently occur when emails are sent by people who use ‘copy’ rather than ‘blind copy’.
A lack of privacy training – and sometimes malice – accounts for video being shared irresponsibly with third parties, either directly or in chat groups such as WhatsApp.
Staff training on data handling should be a priority and the consequences of failure to follow guidelines, to the business and to responsible staff, should be made very clear.
Best practice 6: data breach notification
A basic tenet of data privacy matters is that the organisation that experiences a data breach is mandated to inform the ICO AND those whose personal data has been exposed or potentially exposed.
The ICO cites a deadline of 72 hours and states: “If the breach is likely to result in a high risk of adversely affecting individuals' rights and freedoms, you must also inform those individuals without undue delay.”
Best practice 7: understand the scope of redaction
Be sure to understand all elements that comprise personally identifying information that require redaction, which includes faces, car number plates and location indicators.
Best practice 8: maintain video quality
Ensure that video quality is clear and note that indistinct and grainy footage will not be accepted as evidence in court.
Best practice 9: use the right tools
Note that the use of manual processes, cloud services and non-specialist software packages carry risks of privacy breaches. Automated redaction tools are the most accurate and reliable.
Conclusion
The best practices for video redaction are essential for balancing transparency, privacy and legal compliance in the use of video recordings, particularly in sensitive environments like law enforcement, healthcare and public spaces.
Effective redaction ensures that personal information, irrelevant details and non-consenting individuals are protected at the same time as preserving the integrity and usefulness of the footage for its intended purpose.
Implementing standardised redaction processes, using advanced software tools and maintaining strict oversight helps organisations achieve a privacy balance.
As video technology continues to evolve, staying updated with the latest redaction technology and legal requirements will be crucial to ensure ethical and effective use of video recordings.
Video redaction: budgets and automation
Facit’s video redaction solution allows you to redact an unlimited number of video files for a predictable low cost, when compared with processing and storage costs associated with Cloud solutions, manual processing or outsourcing.
Facit’s data masking, video redaction solution, Identity Cloak, incorporates auto-tracking and artificial intelligence to enable users to remove all but the subject(s) of interest rapidly in video footage that is to be shared with third parties.
GPU speeds mean that companies achieve the fastest possible redaction times, while automation means that reliable redaction processes run in the background without tying up valuable staff resources.
The Facit solution is simple to use and guarantees cost-effective compliance.
Identity Cloak also has the capability to extract audio files in order to add context and clarification to recorded data.
If you have questions about best practice video redaction, or think your processes are susceptible to human error, Facit would be pleased to help you with an exercise to pinpoint potential weaknesses that could lead to data breaches.
Summary FAQs on Video Redaction and Data Protection
Q: What should be redacted in video footage?
A: Any personally identifiable information (PII) should be redacted, including faces, name tags, documents, computer screens, license plates and distinguishes features and objects. Sensitive or private details that could lead to privacy breaches must also be obscured, especially in compliance with GDPR and data protection laws.
Q: How can organisations reduce the risk of human error in video redaction?
A: Organisations can minimise human error by using automated redaction tools, implementing strict quality control measures, training staff on data protection policies and standardising redaction procedures. Regular audits and peer reviews help ensure accuracy.
Q: How quickly should organisations report a data breach?
A: Under GDPR, organisations must report a data breach to the Information Commissioner’s Office (ICO) within 72 hours of becoming aware of it. If the breach poses a high risk to individuals, they must also be informed without undue delay.
Q: What are the benefits of using automated video redaction tools?
A: Automated tools speed up the redaction process, reduce human error and ensure consistent application of privacy standards. Automated redaction tools improve efficiency, lower costs and help organisations comply with data protection regulations more effectively.
Q: Is it better to use in-house or cloud-based video redaction solutions?
A: In-house solutions provide greater control over data security but may require investment in hardware and expertise. Cloud-based solutions offer scalability and remote access but may raise concerns about data storage and compliance. Cloud solutions sometimes compromise the output quility of the redacted video. For some organisations - for example, in the healthcare and finance sectors - data is highly sensitive which means that on-premises solutions are the only viable option from the point of view of compliance. The choice depends on an organisation’s security needs, budget and regulatory requirements.
