Actions for Responsible Use, Data Privacy and Human Rights

It has been said that power and responsibility go hand-in-hand. In a world where technology and surveillance are now universal, it is our obligation as a leading global video management software (VMS) provider to help set the agenda for secure and responsible video technology use.

In 2017, Milestone Systems joined more than 150 representatives from technology companies around the world to author and sign the Copenhagen Letter. The letter is a declaration that calls on tech companies of all types to put people first—rather than business and profits—when designing and using technology.

At Milestone, we live by the values outlined in the Copenhagen Letter, and we want our global community of partners and customers to do the same. That’s why in our latest release of XProtect VMS, we put high focus on the responsible use of technology by providing a range of GDPR-compliance tools for our customers, and by embracing the UN Universal Declaration of Human Rights for our platform’s use. As the Copenhagen Letter states:

It is time to take responsibility for the world we are creating. Time to put humans before business. Time to replace the empty rhetoric of “building a better world” with a commitment to real action.

GDPR-Ready Certification 

The EU General Data Protection Regulation (GDPR), enacted mid-2018 by the European Union, has dramatically reshaped the way data is handled across every business sector. The regulation gives all EU citizens greater control over their personal data and how it is used. The U.S. and other regions are in the process of implementing similar regulations. The Australian Privacy Act (APA) is already in force, as well.

Milestone XProtect Corporate 2019 R2 in July obtained the highly-sought-after EuroPriSe (European Privacy Seal) GDPR-ready certification. With this certification, end users can be confident that they have the right foundation to build GDPR-compliant video surveillance installations.

What is Required to be GDPR Compliant?

Ensuring compliance with GDPR and similar data privacy laws requires high organizational maturity, with careful planning and preparation of the video surveillance system, including the policies and procedures regulating how it is used.

To help system integrators and end users design, implement and operate video surveillance systems that are compliant with such privacy regulations, Milestone provides a holistic set of tools; including privacy guides, best practices and training resources to build privacy awareness.

Strong cybersecurity resilience is the foundation for keeping private data safe.  The first applies to the protection of computer systems from theft and damage to hardware, software or information, as well as from disruption or misdirection of the services provided. This then affects the protection of personal data and the privacy of individuals. Concrete examples include how Milestone software addresses cybersecurity in its system architecture, features, release process and education.

  • Milestone has invested heavily in getting our product GDPR-certified by EuroPriSe.
  • Our software makes use of established security standards for user access and use management.
  • Our agile R&D process means we release new software versions 3 times yearly, so partners and end users can regularly update to ensure latest security measures.
  • Milestone’s Learning & Performance program raises industry expertise in IP video installation and maintenance, requiring bi-annual certification of our partners. Our eLearning courses are free online for all skill levels – also for end users.
  • Milestone offers a Hardening Guide for system configuration and maintenance to ensure proactive management of cybersecurity risk.

Milestone’s VMS is architected for security: secure by design, secure by deployment and secure in operation. Beyond the product design and methodology, it’s all about authentication and authorization.

Standing Up for Human Rights

To prove our commitment to privacy protection, Milestone has updated our End User License Agreement to contain language based on GDPR regulations, the UN Universal Declaration of Human Rights, and the Copenhagen Letter—combined with our own interpretations. We are prepared to refuse customers who might use our VMS technology irresponsibly:  we don’t want our software to be abused. If that happens, we are prepared to disable the license.

We are taking these steps to take accountability for what we do, who we are, and how we want the world to be. In today’s hyper-connected, super-data-driven environment, all organizations must take responsibility to protect their users and customers, and the society at large.

We encourage everyone in the security and surveillance industry to join us in helping to build a secure and ethical community. The Copenhagen Letter sums it up best, and you can sign it if you agree:

“We are a community that exerts great influence—we must protect and nurture the potential to do good.”

By Bjørn Skou Eilertsen, Chief Technology Officer, Milestone Systems

(This article is published in a shorter version on the ASIS International website in the September 2019 magazine Security Technology.)