CCPA (California Consumer Privacy Act) and BIPA (Biometric Information Privacy Act) are two recent laws (BIPA actually goes back to 2008) that put restrictions on what type of consumer information a company can collect.
In this article, we’ll give some background on each law, how to be compliant, and then discuss how they relate to companies that want to use security cameras at their office locations within California or Illinois.
CCPA is one of the latest consumer privacy laws that has recently been passed and shares many similarities to the EU’s GDPR. It was passed in 2018 and officially went into effect on January 1st, 2020, although California won’t start enforcing (imposing fines) the law until July 1st, 2020.
In simple terms, companies must notify users if they intend to monetize their data and also give consumers (California residents) the right to opt out of that monetization. Below are the basic intentions of the act for consumers.
This law generally applies to any company that exceeds one of the below thresholds:
Starting in July 2020, violations can start being assessed with fines.
So how does CCPA relate to video surveillance tools? While a vendor like Rhombus might not be the intended target of CCPA, many of our customers fall under its regulations which means our solution would fall under the regulations as well.
The most applicable part of CCPA with regards to video security is generally anything to do with facial recognition. Facial recognition is considered personal data and in order to make sure our customers stay compliant with CCPA, we will be giving them tools to handle consumer requests before July 1st, 2020.
These tools will include the ability to give a full report on all data our system has about the consumer that has requested their information. It will also give customers the ability to “forget” a specific person in the case that someone asks to delete all information about them. This “forget” ability will delete all associated face images and identifiers.
We will also give our customers data broker agreements so they can see exactly how we handle customer data and know exactly the steps they have to take with us in order to stay compliant with CCPA and their consumers.
Our team is constantly staying on top of the laws so that as they become further defined, we will continue to do everything we necessary to ensure our customers stay compliant to these regulations.
BIPA pertains to Illinois and applies to companies that collect and store biometric information (including fingerprints, voiceprints, and scans of the hand or face geometry). The requirements for those companies include:
BIPA applies to all “private entities” defined to include individuals, partnership, corporation, limited liability company, or other group.
For video security, BIPA really only applies to facial recognition and it’s fairly cut and dry in that respect. If you are going to deploy facial recognition for any purpose, then you need consent from anyone the cameras might identify.
Given the challenges with getting consent from everyone (unless you run some type of locked down facility), it’s usually a best practice to not deploy facial recognition in Illinois due to BIPA.
Within Rhombus, it’s a simple setting to enable or disable facial recognition for a specific camera.
If you’re a company with a presence in California or Illinois and want to use video security, then it’s important to choose a video security vendor that will help you fully comply with CCPA and/or BIPA to reduce any potential liability exposure. You will want to choose a vendor that understands these regulations and provides you with the necessary tools to be compliant with these regulations. If you have any questions or would like to learn more about ensuring CCPA and BIPA compliance with video security, please reach out to firstname.lastname@example.org
On December 9th 2021, the Apache Log4j project disclosed a zero day vulnerability that affects Log4j. This vulnerability is also known as Log4Shell. Upon learning of this exploit, Rhombus took immediate action to see if any of its services used Log4j. Our analysis over the last few days found the following.
Cybersecurity is becoming an increasing priority for enterprise organizations. Because cybersecurity deals with data, privacy, and security, organizations today are finding that cybersecurity and physical security—especially video surveillance—are unavoidably linked. But what exactly do you need to worry about when it comes to cybersecurity and video surveillance? How can you protect your video security system against breaches and cyberattacks? How do you know that the data privacy of your employees, customers, and more is secure? This guide will help you understand what good cybersecurity standards and practices look like in a video security context. You’ll learn what best practices you personally can follow, and what best practices you should look for in a vendor.
Many CJIS-compliant organizations wonder how video surveillance fits into their security policies. Security cameras help criminal justice organizations secure their facilities and protect employees. However, it’s crucial to maintain CJIS compliance to protect Criminal Justice Information (CJI) while using a video security solution. In this article, you’ll learn how to use security cameras in a CJIS-compliant way, and how you can use video surveillance to strengthen overall CJIS compliance throughout your entire organization.