Posts

Are we living in the most secure era ever? That depends on your definition of the word and the context, but there’s no doubt that today’s security technology has made many of our public and private spaces far safer than in the past. From ultra HD surveillance cameras with facial recognition technology to ultra-secure biometrics, the tools that organizations have at their disposal to prevent or respond to unwelcome or emergency incidents are truly unprecedented. So much so that privacy concerns are now running up against security innovations, fueling legal and social tensions along the way.

Case in point: there is a fast-growing movement across Canada to limit the use of some advanced tools, specifically surveillance cameras equipped with facial recognition software. Last month the Canadian Civil Liberties Association issued a call  for a moratorium on the use of facial recognition technology in a wide range of settings. While stakeholders from law enforcement officials to business and commercial property owners would make an argument for the tech’s utility, social advocates counter that the privacy trade-off is far too great at this point. Better to stall a widespread rollout until a proper legal and regulatory framework can be built to control its use.

That comes on the heels of a new Ernst and Young report  indicating that COVID-19 seems to have changed Canadians’ expectations of data privacy. Fully 63 per cent of survey respondents said knowing how their data was collected and stored was of prime importance, along with control over what data is being shared (57 per cent), their trust in the organization sharing their data (51 per cent) and knowing how their data is managed, shared and used (45 per cent).

“The pandemic has ushered in significant changes that may have altered consumers’ attitudes toward data privacy, but they are unwavering about the importance of security,” the report’s authors note.

Security vs. privacy

In residential settings, those expectations are reaching new heights. Rental tenants and condominium owners alike are growing increasingly concerned that their movements are being monitored on a daily basis. In some cases, they are. Surveillance systems have long kept track of the movement of people and packages across residential environments, but new technology has delivered exponential enhancements in monitoring capabilities. In the vast majority of cases, however, their deployment is intended strictly to deter crime or inappropriate behaviour. The reality is that most commercial and residential property management firms–who are dealing with a raft of new challenges related to COVID-19–lack the staff (let alone the desire) to leverage that data in ways that would be of any reasonable concern to residents.

It’s simply available as a tool to review traffic flow in case of an incident, or to piece together timelines in the event of an accident. Reviewing an incident using surveillance footage is usually a key tool in preventing a similar occurrence from happening in future. The real question that residential stakeholders need to answer is whether privacy trumps protection in residential settings.

With license-plate recognizing cameras collecting data in parking lots and garages, and biometrics recording even more sensitive information every time residents enter a building, do new technologies cross an ethical—and even legal—line? Throughout the COVID-19 crisis, some residential communities in Canada have gone as far as to implement contact tracing and temperature monitoring (sometimes using high-tech cameras) to protect their residents and mitigate risk of an outbreak on their premises.

The urgent circumstances of the emergency aside, will we eventually regard these health and safety measures as a step too far?

Balancing privacy and protection 

The obvious solution involves implementing an effective security strategy that balances the right to privacy with the need for protection. That means customizing tactics to suit the needs of the residential community in question, be it housed in an ultra-tall downtown tower or a densely-packed rental building. Property managers are best advised to develop a series of privacy protocols that outline how personal data will be collected, stored, managed and eventually expunged. Access to that data must be tightly controlled. And that not only means limiting the personnel who can review it, but determining how it will be stored (e.g., on a local server or in the cloud). What cybersecurity tools will be used to mitigate the risk of a breach?

The best way to ease residents’ concerns over how their data is used is to build trust and remain transparent. By communicating on a regular basis—in some cases perhaps even developing a committee comprised of management and residents that’s tasked with setting guidelines to handle that data—reviewing and revising policies as needed and then erasing that data at predetermined intervals, most residents will be comfortable with having their personal details collected and stored.

Work with your security provider or a specialized data-management consultant to start and manage this process. Handling sensitive data is best left to the experts. Rest assured, your residents will appreciate the time and attention to detail in managing their personal information.

Winston Stewart

President and CEO

When news broke recently that the Swedish Data Protection Authority fined a local municipality more than USD $20,000 for privacy violations, it marked the emergence of a potential new front in the struggle to balance privacy rights and security requirements.

Under the European Union’s General Data Protection Regulation (GDPR)—sweeping legislation that governs everything from website tracking to data collection practices across the 28-member European Union and European Economic Area—the use of data gathered with the help of facial recognition and biometric software is restricted and tightly controlled. Apparently a school board in Sweden didn’t get the memo and used facial recognition software to track high school student attendance over a three-week trial period intended to test out new technology.

The school board saw the tracking software as a more efficient use of teacher’s classroom time. According to media reports, attendance-conscious educators had apparently been devoting about 17,000 hours a year to keeping tabs on their pupils. The SDPA saw the matter differently and issued the significant fine, a first for Sweden.

Tech as a security tool, but to what end? 

The European Union has taken the lead in legislating to secure privacy rights and protect citizens, just as authorities in other regions have turned to cutting-edge new technology designed to enhance protection measures for the general public. In the wake of recent shootings in Toronto, for example, the city’s community housing agency has announced plans to increase video surveillance in at-risk neighbourhoods, all to help deter crime and aid police enforcement efforts. In the United Kingdom, cities such as London have long relied on street-level surveillance to maintain safety. The U.S. government has been using biometric technology, including the fingerprinting of foreign visitors, at border crossings for years.

The challenge that arises, of course, is when governments abuse these tools. China has faced widespread criticism for its use of facial recognition and data collection programs in its western provinces to track the local Uyghur community. In other parts of the country, Beijing actively uses technology to help silence or monitor anti-government voices. Many liken the tactics to an Orwellian invasion of privacy, an effort to enforce government-sanctioned values on an unassuming populace.

If a school board in Sweden uses facial recognition technology to track students, some argue, it’s not far-fetched to expect a more widespread application of that software across society. In the hands of a trusted few there isn’t much concern. But what happens if those individuals can no longer be trusted?

Legal systems adapting to new technology 

The reality is the use of technology as a protective tool is hardly novel and, in most cases, isn’t nearly as sinister as some may contend. The big question, as with the example from Sweden, is to what degree governments will tolerate its use. Authorities in Canada are beginning to weigh in on the safety and security vs. privacy debate.

In Ontario, for example, a labour arbitrator recently ruled in Teamsters Local Union No. 230 v Innocon Inc., that a concrete delivery company (Innocon) had the right to install cameras in its trucks to help improve driver safety and highlight potential driver misconduct by recording a driver’s actions, but only in the event that the vehicle swerved unexpectedly or took some form of evasive action that could indicate erroneous or erratic driving. In the arbitrator’s view, some level of in-cab monitoring was justified because an employer’s business interests can supersede an employee’s right to privacy under specific circumstances.

Security strategies for business

Business owners should be aware that at any point, our legal landscape could shift and new laws could limit the use of biometric or facial technology when used in public spaces or workplaces. But I predict that governments will take a measured approach to balancing privacy and security concerns. It’s likely that we will see a tightening of privacy restrictions in Ontario and across Canada at some point. In the meantime, however, your focus should be on assessing your organization’s security vulnerabilities and taking an integrated approach to protecting your people and assets.

That means reviewing the plethora of tech tools available on the market and deciding which ones make sense for your organization based on its operational needs. Facial recognition technology may make sense for a retailer with several busy locations, for example, but could provide little benefit to a software development firm with much simpler security needs. Be prepared to customize your strategy and invest in security components that will make a decided impact in helping mitigate risk and advancing your organization’s strategic goals (e.g., not being robbed, having your data held hostage or seeing your commercial property or workplace invaded).

But first, take the time to understand your jurisdiction’s privacy laws. Make sure your security strategy doesn’t violate any rules when the time comes to implement cutting-edge—yet potentially controversial—security technology.

Winston Stewart, President and CEO

Wincon Security