Commercial Building Surveillance Ethics and Compliance
From retail stores to office buildings, businesses in the commercial sector are increasingly reliant on surveillance systems. In 2022, 88% of business and security leaders reported an increase in physical threats to their organizations,1 making surveillance systems more important than ever for protecting employees, customers, and assets.
Surveillance systems can help security teams deter crime, monitor activities on the premises, and provide evidence if criminal activities occur.
But with modern surveillance technologies such as facial recognition and artificial intelligence raising concerns among human rights groups worldwide, it's important to follow ethical standards that ensure compliance with commercial surveillance privacy laws.
Read on to learn what you should keep in mind when developing a commercial surveillance policy for your business.
Why Are Ethical Surveillance Practices in the Commercial Sector Important?
The use of surveillance in the commercial sector is a heavily debated topic, but the importance of ethical surveillance practices can't be overstated. While using security cameras and other surveillance technologies in the workplace is legal in the U.S., businesses must ensure their surveillance systems don't violate anyone's right to privacy.
A 2021 study found that 59% of employees feel stressed or anxious about workplace surveillance, and 48% would take a pay cut if it meant not being watched.2 Here's how implementing ethical surveillance practices can alleviate these challenges:
Organizations frequently implement ethical surveillance practices to promote a culture of trust in the workplace.
Businesses must strike a balance between ensuring security and respecting the privacy of employees, customers, and visitors. By implementing transparent surveillance policies, you can foster trust and demonstrate your commitment to protecting individual privacy.
Enforcing ethical surveillance practices helps prevent the misuse and abuse of your surveillance systems.
Put clear guidelines and oversight mechanisms in place to protect personal data and mitigate the potential for malicious parties to exploit your surveillance technology for personal gain, harassment, or discrimination.
Ethical surveillance practices contribute to a safer and more secure environment.
Employees and customers know how important surveillance is for preventing criminal activities like theft and vandalism. By keeping sensitive data from surveillance systems protected, you can ensure your information assets are safe without compromising data privacy.
When implemented ethically, surveillance systems can promote accountability and compliance with company policies. Businesses can monitor operations to identify areas for improvement, address safety concerns, and facilitate a culture of responsibility and professionalism.
Transparency is a fundamental part of ethical surveillance practices.
Openly communicating the presence of surveillance cameras, the purpose of data collection, and how you'll use it promotes transparency and trust. Employees and customers are more likely to embrace surveillance when they understand its benefits.
Commercial Surveillance Technologies and Their Implications for Privacy and Civil Liberties
Surveillance technologies typically help businesses improve security and efficiency, but they can also raise privacy and civil liberties concerns. Here are some common types of commercial surveillance technologies and their potential for infringing on civil rights:
Video cameras are common in commercial settings. Organizations frequently use security cameras and closed circuit television (CCTV) systems to monitor entrances, exits, parking lots, and warehouse floors.
Because they capture visual information about your employees and visitors, cameras can impact privacy if not implemented ethically or are used to monitor private spaces, such as restrooms or changing rooms.
Employee Monitoring Software
The demand for employee monitoring software has been 51% higher on average since the start of the pandemic.3 This type of software tracks computer usage, email communications, keystrokes, or screen activity.
While monitoring software can improve productivity, it can also create a culture of mistrust, so striking a balance between monitoring for legitimate reasons and respecting employee privacy is crucial.
Organizations frequently use biometric technologies, such as facial recognition or fingerprint scanners, to control building access, track employee attendance, or identify customers.
While these tools offer convenience and security, they can raise concerns about consent and the potential for misusing personally identifiable data. For example, if a hacker steals biometric data or creates false identification, they can potentially enter a building or obtain information they wouldn't otherwise have access to. In fact, some states – including Illinois – have strict rules governing the capturing, processing, and storing of biometric data.
Location Tracking and RFID
Tracking technologies, including GPS systems or radio frequency identification (RFID), are used to monitor assets, track employee movement, send targeted advertisements, or analyze customer behavior. These tools can collect sensitive location data, which may raise concerns about unauthorized tracking, profiling, or the potential for surveillance creep – which happens when initially benign tracking practices expand into more invasive monitoring.
Smart Sensors and IoT Devices
Internet of Things (IoT) devices, such as sensors, beacons, or wearable technology, enable data collection on employee behaviors or environmental conditions within a building. These devices can optimize energy usage and improve safety, but concerns over protecting data, ownership, or profiling can arise because they may gather personal information without explicit consent.
Surveillance technologies often use data analytics to extract insights and patterns into employee or customer behaviors. 92% of employees are open to data collection if it improves performance or well-being.4 However, collected data can be used for profiling, potentially resulting in algorithmic discrimination and impacting individual autonomy.
Audio surveillance technologies like microphones or voice recognition systems can capture audible interactions, like a telephone conversation, in commercial settings. Although these tools aid in security and customer service, they can also raise concerns about the invasion of private conversations and potential abuse if not properly regulated.
What Are the Benefits of Commercial Building Surveillance?
While surveillance technologies can raise concerns about privacy and civil liberties, they offer several benefits to businesses, employees, customers, and the broader community. Here are some key advantages of deploying a commercial building surveillance system:
Employee and Customer Safety
Monitoring areas such as parking lots, loading docks, or public spaces can help your security team quickly identify and provide backup to potential threats. Surveillance footage can also help reconstruct events and aid emergency response teams if an incident arises.
Crime Prevention and Loss Reduction
Surveillance systems can help to deter and prevent theft, inventory shrinkage, and fraudulent activities. Case in point: businesses with security cameras are 33% less likely to have criminal activity occur on-site.5 The right surveillance tools can reduce financial losses and build a safer environment for your employees and customers.
Using surveillance technologies to monitor operations can help you uncover areas to improve and optimize processes. By analyzing video recordings and other such data, you can more easily assess employee performance, ensure adherence to safety protocols, and raise productivity.
Commercial building surveillance can serve as evidence in legal matters, protecting your business from false claims, disputes, or lawsuits. Surveillance footage can help establish facts, resolve conflicts, and mitigate potential liabilities between interested parties, which can be particularly useful in cases of accidents, workplace incidents, or misconduct allegations.
Remote Monitoring and Management
Surveillance systems often offer remote monitoring capabilities, allowing owners or managers to monitor the business even when physically absent. You can use these tools to monitor operations, respond to emergencies, and address issues in real time, enhancing overall management and control.
Many insurance companies offer reduced premiums or discounts for businesses with surveillance systems. Because surveillance cameras can reduce the risk of theft, vandalism, or other criminal activities, businesses that use these technologies are more attractive to insurers and can potentially receive lower insurance costs.
By analyzing consumer data collected via surveillance technologies, businesses can better understand customer preferences. These insights can help you make informed decisions to enhance service quality and improve the overall customer experience.
What Regulatory Frameworks Govern Commercial Surveillance?
Commercial surveillance usage laws and regulations vary across different jurisdictions. Some common regulatory frameworks businesses may encounter include:
The General Data Protection Regulation
The General Data Protection Regulation (GDPR) is a data privacy law designed to protect the personal data of European Union (EU) citizens.
The GDPR applies to all businesses based in the European Union and any other company that processes the personal data of EU citizens, even those in other parts of the world. The law states that businesses need a lawful basis for processing protected data, which can include contractual necessity, legal obligations, and legitimate interests.
Under GDPR guidelines, organizations must consider privacy and data protection strategies at all times. Businesses are required to demonstrate GDPR compliance through documentation of data management and data protection policies, and any that fail to comply can face fines of up to 4% of their annual turnover or €20 million, whichever is higher.
The California Consumer Privacy Act
The California Consumer Privacy Act (CCPA) was enacted in California in 2020. The CCPA is a data protection policy designed to enhance California residents' privacy rights and consumer protection. It is widely considered to be one of the most significant United States surveillance laws.
The CCPA grants California consumers rights such as knowing what personal information is collected, accessing and deleting personal information, opting out of the sale of personal information, and non-discrimination for exercising their rights. Businesses need to provide clear notices to consumers about the types of information being collected and its purpose for collection, as well as the rights available to them under the CCPA.
The California Consumer Privacy Act has greatly impacted data security practices, not just within California but for businesses across the U.S. It gives the average consumer more control over their personal information and requires businesses to be more accountable in their data management, resulting in better data protection strategies overall.
What Are the Best Practices for Ethical Surveillance?
Implementing ethical surveillance practices is a must for balancing the need for security with respect for privacy and civil liberties. Here are some best practices for ethical surveillance:
Transparency and Advance Notice
Make sure to communicate to employees and visitors that surveillance is taking place. Visible signs should inform them of the presence of video surveillance or other monitoring technologies and the purpose, scope, and duration of surveillance activities.
Lawfulness and Consent
Keep your business compliant with applicable surveillance laws and regulations by obtaining explicit and informed consent from your staff, customers, and visitors when required.
Deploy security measures to protect personal data from unauthorized access, breaches, user errors, or misuse. Organizations frequently use tools like encryption, access controls, secure online and offline storage technologies, and regular system updates to protect sensitive information, prevent data loss, and aid in disaster recovery.
Minimize the collection and retention of protected data to whatever is necessary for your company's intended purpose. Avoid collecting irrelevant or excessive information that could infringe on privacy rights.
Data Retention and Deletion
Establish clear policies for retaining and deleting surveillance data. Only retain data, including tape libraries, for as long as you need it to fulfill its purpose, and securely dispose of it afterward.
Assign responsibility for personal data privacy oversight and regularly audit surveillance processes to ensure every employee adheres to ethical standards.
Educate your employees about the ethical implications of surveillance and their responsibilities when handling personal data. Provide training on the key principles of data privacy, data security practices, and the importance of respecting privacy rights.
Review and Assess
Continuously monitor your surveillance practices to assess their effectiveness, necessity, and impact on data privacy. Make improvements as needed based on feedback, changing circumstances, and evolving technologies.
Companies That Have Mastered Ethical Surveillance
Collecting protected data isn't a new concept, and many companies have already embraced ethical surveillance and data privacy practices. Here are five businesses to model your personal data protection strategy after:
Google is committed to protecting its customers' privacy using a variety of technologies, including encryption, secure online and offline storage technologies, and system updates. The tech giant also employs a wide range of security measures to protect surveillance data from unauthorized access, such as physical and logical security controls, intrusion detection systems, firewalls, and regular security audits.
If you use the internet (and who doesn't these days?), you're likely already familiar with how Google enables users to control their protected data. Users can manage privacy settings, choose the level of data sharing, and exercise consent preferences through various Google account settings and privacy controls.
Google's privacy and security practices vary depending on the specific service or product, but the company always encourages users to review its privacy policies, terms of service, and settings to understand how their data is being protected and managed.
Another technology company that takes data privacy seriously is Apple. Apple employs end-to-end encryption technology to protect data transmitted between devices and stored on its servers. The company also provides customers tools for managing privacy settings and consent preferences across each Apple product and service.
Apple also encourages users to review its privacy policies and terms of service to understand how their data is managed across all platforms. And with the addition of the App Tracking Transparency feature, Apple users are now explicitly asked for permission before applications can track their activities across other apps and websites.
The global ridesharing app Uber has many measures in place to ensure its customers are protected. Uber maintains strict access controls to protected data, ensuring only authorized personnel can access it using strong authentication controls and access management protocols.
Uber has also developed data protection policies and procedures to guide its employees in handling sensitive data appropriately. These policies cover data access, storage, sharing, and retention. The company regularly provides employee training on privacy and data protection practices, and its third-party service providers are contractually bound to handle customer data securely.
Microsoft uses several unique measures to ensure personal data stays safe, including multiple encryption layers, privacy controls, and data management options. Information shared with Microsoft is safe both during transit, where data is encrypted during transmission between devices and Microsoft's servers, and at rest, where data stored on Microsoft's servers is protected from unauthorized access.
The media supergiant also maintains a comprehensive security framework to protect personal data, which includes implementing physical and organizational security measures that safeguard against unauthorized access and other security threats. Microsoft also maintains accountability for its privacy practices and regularly conducts audits to ensure compliance with privacy commitments and regulations.
Salesforce, the popular cloud-based software provider, uses several security principles to protect its users' private data. The company employs encryption, role-based access controls, and data minimization policies to safeguard personal data, along with regular security assessments and data management for ongoing protection.
Salesforce's privacy practices can vary across the company's portfolio. Customers are encouraged to refer to the company's privacy policies and settings for more information on how their personal data is protected within specific Salesforce services.
Secure Your Business Ethically With Andromeda Technology Solutions
Securing your business with ethical surveillance practices isn't impossible with the right approach. By following best practices, staying aware of privacy regulations, and deploying compliant surveillance technologies, you can protect your customers' personal data while keeping your employees and assets safe.
Andromeda has helped over 2,500 clients keep their businesses safe, secure, and running in our 28-year history, and we can help you too. Whether you need advanced building security services or IT tools to secure protected data, we have the experience and know-how to help you safeguard your business ethically. Reach out to Andromeda today to learn more.