Hanwha Techwin has published a White Paper which sets out the impact on video surveillance systems of the new General Data Protection Regulation (GDPR) which comes into force in May 2018.
This article is intended to summarise the key aspects of the White Paper which addresses in detail the responsibilities of those who are in control of video surveillance systems. It also explains what steps Hanwha Techwin has taken to ensure the features and functions of its Wisenet cameras, recording devices and video management software (VMS), are able to assist operators in complying with GDPR.
A serious violation of GDPR could be subject to a fine of up to 4% of a company’s annual revenue or EUR 20 million, whichever is higher. In addition, non-compliance with GDPR violation could result in a class action or civil law suits against individuals.
It is highly recommended that those who are responsible for managing an end-user’s data, e.g. a control room manager, should take appropriate action to ensure there is no ability for unauthorised access, while also taking into account that personal data needs to be processed lawfully, fairly, and in a transparent manner. It must be collected for specific and legitimate purposes and not further processed in a manner which is incompatible with those purposes.
Right of Access
GDPR states a person has the right to see the data which is being stored about them.
Hanwha Techwin Solution: Wisenet video recorders and VMS offer a wide range of search facilities to assist operators to quickly locate specific recorded video. These include keyword, calendar and time-slice search options. In addition, using facial recognition, face detection, motion detection, video summary, and Smart searchfunctionality provided by Hanwha Techwin products, the operator can more easily comply with an individual data subject's right to access or the right to request erasure.
Future Developments: Next-generation image processing chipsets being developed by Hanwha Techwin will feature deep learning-based video analysis technology for identifying a wider range of objects such as people, vehicles, and animals, making it possible to cope with the needs of controllers and processors more quickly.
Principle of Storage Limitation
GDPR stipulates data should only be kept for as long as necessary.
Hanwha Techwin Solution: Hanwha Techwin products are equipped with features to ensure images are not retained beyond the storage period specified by relevant laws or guidelines. For example, in the case of network video storage devices, the maximum storage period of video data can be set to between 1-400 days. The data is auto-deleted as the specified storage period expires.
Principles Related to Privacy by Design and Default
GDPR requires the provision of privacy areas within a camera’s field of view.
Hanwha Techwin Solution: All Wisenet cameras manufactured by Hanwha Techwin have masking capabilities. In particular, Wisenet PTZ cameras are able to maintain a degree of accuracy in terms of the synchronisation of masking of areas with their pan and tilt operation. Furthermore, the range of pan and tilt is limited by default and can have additional limitations set by the user.
Whilst complying with the request to provide access to video data, there is also a need to protect the privacy of other individuals who may appear in the recorded video.
Hanwha Techwin Solution: Hanwha Techwin understands the importance of providing privacy whilst helping customers achieve maximum benefit from their video surveillance systems. We are collaborating with our technology partner, Facit Data Systems, to provide the option to blur faces and other distinguishing features throughout the whole time the individuals appear in the recorded video.
GDPR deals with issues which relate to a high risk of invasion of privacy when there are recordings of conversations between individuals. The ability to record audio via a camera should only be allowed when it is justifiable to do so.
Hanwha Techwin Solution: In compliance with the Privacy by Default principle, the audio recording feature is disabled on Hanwha Techwin products by default. In addition, the audio detection, sound classification, audio echo cancellation and audio noise reduction features incorporated into selected Wisenet cameras are processed without the actual audio being recorded.
Cyber Security Issue Management
Hanwha Techwin products provide the opportunity to create lists of users or user groups with varying authorised levels of access. Using this feature, the system’s administrator has the ability to permit only the minimum functions required by the user.
Hanwha Techwin also provides a variety of log storage and log checking features, including logs about permission grants, changes, and deletions so that controllers and processors can analyse the intrusion path using device logs or determine how security incidents took place.
To prevent the use of easily predictable passwords, Hanwha Techwin enforces a minimum complexity level of combining letters, numbers, and special characters, and repetitions (e.g., 1111, aaaa, etc.) and sequences (e.g., 1234, abcd, etc.) are not permitted. By enforcing this password rule, Hanwha Techwin prevents access by intruders through guessing or brute force attacks.
Firmware used in Hanwha Techwin cameras and recording devices are encrypted, so that the critical information included in the firmware cannot be arbitrarily analysed, forged, or tampered with.
Safe transmission: Hanwha Techwin uses HTTP Digest authentication during HTTP transmissions from cameras, recording devices, and VMS to the server and client to protect the user's password. Use of HTTPS protects the user's password and video streams transmitted via RTSP. Please note: As HTTPS mode only protects the data sent in HTTP protocol, such as user authentication information, additional configuration of tunneling RTSP to HTTPS is required on the client end to protect video streams transmitted via the RTSP protocol.
Recorded and stored personal data, e.g. video files, should be protected so they cannot be played or abused arbitrarily by unauthorised users, even if they are released (backed up) from the system.
Hanwha Techwin solution: Hanwha Techwin applies password protection when backing up files to SEC file formation which is a proprietary backup format, from the storage devices and VMS, and also encrypts the video files. Once the file is encrypted, it cannot be played by unauthorised users.
WE MOVE together
To negate the risk of data misuse, it is important for end-users, system integrators and manufacturers to work closely together. Hanwha Techwin will be unceasing in its efforts to provide privacy-friendly products which assist end-users to comply with GDPR.