Video data management demands a strategic and secure approach

Video footage is a valuable target for criminals, writes George Moawad, Genetec’s Country Manager, Australia & New Zealand. A robust video data management lifecycle minimises the risk of footage falling into the wrong hands.

Threat actors are constantly on the lookout for their next valuable target. The rise of AI and machine learning has made video footage an increasingly valuable target as it can be used for creating deep fakes with images and voices that help them execute fraud and other malicious acts. Protecting video data is critical for blocking those attacks and as part of a responsible video data management lifecycle program.

New Zealand’s Privacy Act dictates that data must only be collected for a specified purpose with the consent of parties whose data is collected. It must be held securely and securely disposed of when it is no longer needed. Video data is simple to collect. Once a camera is deployed, the only significant limitation to data collection is storage. A robust video data management lifecycle ensures data is ethically collected, stored safely, used correctly and permanently destroyed. But it also helps to manage operation and capital costs my minimising storage costs as the only data that is retained is what is specifically needed. This reduces organisational risk and means that if a threat actor does overcome the defences, they will have access to a limited amount of data.

Building a robust video data management strategy requires a systematic view of data at every stage of its life. That starts at collection and ends with destruction.

1. Video collection

Only collect video data that which is required. The Privacy Act makes it clear that collecting data ‘just in case’ is not a reasonable justification for recording someone. If cameras are in place, people should be notified that they may be recorded and the purpose of those recordings.

2. Secure storage

Data must be handled securely. It should be encrypted when stored and when in transit across networks. That ensures that if a malicious party access to internal systems that the footage is of no value to them.

3. Controlled access

Video footage should only be accessed by authorised parties. Strong access control ensures that footage can only be viewed by people with specific permission. It also protects video from being accessed by rogue employees.

4. Retention periods

There may be regulatory obligations to retain some data such as when video captures a specific incident such as a criminal act, a workplace accident, or some other matter of importance. But a lot of other data is only of value for a transitory period. Review the footage on file and make decisions about what data needs to be kept and for how long.

5. Secure destruction

Data that is not needed should be securely deleted. This includes archival and backup systems as well as from operational environments. Secure deletion goes further than hitting the delete key. There are specific methods for deleting data so that it is unretrievable. The ease with which video data can be collected means a robust video management system that ensures secure storage and access, support for data retention policies and enables secure deletion is essential. Without a video data lifecycle management approach, organisations can find themselves fighting rising storage costs while holding a valuable asset that criminals will target.