CCPA (California Consumer Privacy Act) and BIPA (Biometric Information Privacy Act) are two recent laws (BIPA actually goes back to 2008) that put restrictions on what type of consumer information a company can collect.
In this article, we’ll give some background on each law, how to be compliant, and then discuss how they relate to companies that want to use security cameras at their office locations within California or Illinois.
CCPA is one of the latest consumer privacy laws that has recently been passed and shares many similarities to the EU’s GDPR. It was passed in 2018 and officially went into effect on January 1st, 2020, although California won’t start enforcing (imposing fines) the law until July 1st, 2020.
In simple terms, companies must notify users if they intend to monetize their data and also give consumers (California residents) the right to opt out of that monetization. Below are the basic intentions of the act for consumers.
This law generally applies to any company that exceeds one of the below thresholds:
Starting in July 2020, violations can start being assessed with fines.
So how does CCPA relate to video surveillance tools? While a vendor like Rhombus might not be the intended target of CCPA, many of our customers fall under its regulations which means our solution would fall under the regulations as well.
The most applicable part of CCPA with regards to video security is generally anything to do with facial recognition. Facial recognition is considered personal data and in order to make sure our customers stay compliant with CCPA, we will be giving them tools to handle consumer requests before July 1st, 2020.
These tools will include the ability to give a full report on all data our system has about the consumer that has requested their information. It will also give customers the ability to “forget” a specific person in the case that someone asks to delete all information about them. This “forget” ability will delete all associated face images and identifiers.
We will also give our customers data broker agreements so they can see exactly how we handle customer data and know exactly the steps they have to take with us in order to stay compliant with CCPA and their consumers.
Our team is constantly staying on top of the laws so that as they become further defined, we will continue to do everything we necessary to ensure our customers stay compliant to these regulations.
BIPA pertains to Illinois and applies to companies that collect and store biometric information (including fingerprints, voiceprints, and scans of the hand or face geometry). The requirements for those companies include:
BIPA applies to all “private entities” defined to include individuals, partnership, corporation, limited liability company, or other group.
For video security, BIPA really only applies to facial recognition and it’s fairly cut and dry in that respect. If you are going to deploy facial recognition for any purpose, then you need consent from anyone the cameras might identify.
Given the challenges with getting consent from everyone (unless you run some type of locked down facility), it’s usually a best practice to not deploy facial recognition in Illinois due to BIPA.
Within Rhombus, it’s a simple setting to enable or disable facial recognition for a specific camera.
If you’re a company with a presence in California or Illinois and want to use video security, then it’s important to choose a video security vendor that will help you fully comply with CCPA and/or BIPA to reduce any potential liability exposure. You will want to choose a vendor that understands these regulations and provides you with the necessary tools to be compliant with these regulations. If you have any questions or would like to learn more about ensuring CCPA and BIPA compliance with video security, please reach out to sales@rhombussystems.com
Initially introduced in 2020, Cybersecurity Maturity Model Certification (CMMC) establishes cybersecurity standards for defense contractors who handle sensitive information. It affects all contractors who perform work for the Department of Defense (DoD) in the United States. In this blog, we’ll look at CMMC, how it pertains to video security cameras, and how you can use video surveillance to strengthen overall security compliance throughout your organization.
NIST represents a high standard of cybersecurity and data privacy that all organizations should aspire to. For federal agencies in the United States, NIST compliance is required. Organizations that require NIST compliance may wonder how video surveillance fits into their security strategy. In this blog, we’ll look at NIST, how it pertains to video security cameras, and how you can use video surveillance to strengthen overall security compliance throughout your entire organization.