SIA Security Privacy: Weak US GuidelinesBy John Honovich, Published on Sep 14, 2010
The SIA privacy framework recommends a few guidelines related to surveillance video:
- "Privacy impact assessments undertaken by system owners" with no elaboration on the type or criteria of the assessment
- "Adequate protection" of database and system with no qualifcation of what adequate means (or entails)
- "A retention policy for personally identifiable information: If video, a time period for retaining (storing) video for both non-incident and incident video."
These guidelines are far weaker and less substantive than the approach used in most European countries. As we examined in our global video surveillance laws review, in Europe surveillance systems can be shut down, owners can be fined and, in general, surveillance users must justify the use of appropriateness of their surveillance.
On the other hand, for US standards, this should be surprising. The US regulation of video surveillance is very lax, with minimal barriers to public use of surveillance.
SIA explains their motivation for their new framework, "Over the past several years, there has been an increasing level of state legislative activity that is intended to severely limit or restrict the use of electronic physical security technologies." This framework is a step/tool to help mitigate those activities.
While we do not find these guidelines to be substantive, SIA does recommend an earlier documentation which we do believe is very helpful. See the Guidelines for CCTV for Public Safety and Community Policing.