SIA Security Privacy: Weak US Guidelines

•Published Sep 15, 2010 00:00 AM

PUBLIC - This article does not require an IPVM subscription. Feel free to share.

The largest US security trade association, SIA, has issued very weak security guidelines. Their so-called 12 point "Privacy Framework" is not only vague but it touches only the most basic elements.

The SIA privacy framework recommends a few guidelines related to surveillance video:

"Privacy impact assessments undertaken by system owners" with no elaboration on the type or criteria of the assessment
"Adequate protection" of database and system with no qualifcation of what adequate means (or entails)
"A retention policy for personally identifiable information: If video, a time period for retaining (storing) video for both non-incident and incident video."

These guidelines are far weaker and less substantive than the approach used in most European countries. As we examined in our global video surveillance laws review, in Europe surveillance systems can be shut down, owners can be fined and, in general, surveillance users must justify the use of appropriateness of their surveillance.

On the other hand, for US standards, this should be surprising. The US regulation of video surveillance is very lax, with minimal barriers to public use of surveillance.

SIA explains their motivation for their new framework, "Over the past several years, there has been an increasing level of state legislative activity that is intended to severely limit or restrict the use of electronic physical security technologies." This framework is a step/tool to help mitigate those activities.

While we do not find these guidelines to be substantive, SIA does recommend an earlier documentation which we do believe is very helpful. See the Guidelines for CCTV for Public Safety and Community Policing.