When it comes to security, there are two big areas of life that spring to mind- your home security and your personal online presence. The truth is, in today’s world, these two things are not as far apart as you think.
In picking a home security system to protect your home and family, one often looks at the most obvious tech requirements- indoor and outdoor cameras, motion sensors, alarm sirens, two-way talk and more. However, all security cameras are not created equal when it comes to protecting your data privacy.
In the US, the National Defense Authorization Act 2019, Section 889 (NDAA) restricts the use, procurement, or sale of certain brands of surveillance equipment. Federal agencies are prohibited from purchasing equipment from these brands.
For example, the NDAA specifically bans security cameras produced by Dahua andHikvision. The ban also includes brands that may function under these companies, such as EZVIZ, in the case of Hikvision.
“When looking for your home system, it is important to make sure it is NDAA-complaint and does not use banned components . The entire product portfolio must be compliant,” says Alex Talevski, CTO of Swann Security, a leader in DIY home security for more than 40 years.
Another standard to consider is the General Data Protection Regulation (GDPR) which is the toughest consumer privacy and security law globally. Though it was drafted and passed by the European Union (EU), it imposes obligations onto organizations anywhere in the world, as long as they target or collect personal data.
“Companies must be be GDPR compliant and they should update their security systems, protocols and processes regularly. User data should be stored to GDPR requirements and not leave your region. At my company, we store the minimum data to ensure products and services are secure and perform well. Data is not shared or sold externally,” adds Talevski.
In addition, when it comes to hosting, you want your security company to use a web service that is a Certified Strategic Service Provider under the Hosting Certification Framework which provides guidance to customers, enabling them to identify and source hosting services that meet enhanced privacy, sovereignty, and security requirements. The Hosting Certification Framework Strategic Certification represents the highest level of assurance to customers and offers the most secure storage solutions for customer held data.
“For example, Swann uses Amazon Web Services (AWS) in controlled AWS Regions to ensure that all personal data is held locally according to the Amazon agreement. Both Swann and AWS attest that we will not move customer content from the AWS region or country selected by you,” says Talevski, CTO of Swann Security.
In recap, to make sure your security system not only protects your home, but also your data, make sure it meets the following requirements:
- Select a brand whose portfolio of products are fully NDAA complaint
- Make sure your security system stores data in a way that meets the GDPR requirements
- Web Hosting for your security system must be a certified strategic service provider under the Hosting Certification Framework.
- Ideally select reputable products that are designed and developed to local standard, ethics and values. (something like that)