Data Governance and Physical Security

by John Gallagher | Jun 28, 2017 8:37:39 PM

Data protection has been in the news a lot recently; not only the issues around hacking and malware, but perhaps more importantly on the issues of how data is handled within (and across) organizations. In 2018 the EU will have the General Data Protection Regulation (GDPR) go into effect, covering millions of people’s personal information. As shown in this chart from DLA Piper, much of the world today is covered by either “heavy” or “robust” data protection. To pull one number out of many to make the point, the State of California alone has over 25 data privacy and governance laws.

Data governance and data protection have some unique angles for physical security professionals, including chain of custody, required retention periods, use of data in analytics, and how security information is shared. Security integrators need to be aware of these issues as more customers become subject to data governance regulations and the penalties for violations continue to increase.

Solutions like Viakoo that provide system and data verification for physical security systems can be used by integrators as a service offering to address customer issues around data governance. Not only does it provide additional RMR to the integrator, but it also deepens the overall security relationship with the customer. For example, for surveillance footage to be used as evidence in a courtroom the chain of custody is extremely important for it be admissible. Having an automated service that verifies the video was recorded properly and stored correctly can make-or-break your customer’s case (and the benefit of them using surveillance in the first place).

Retention of video evidence is an area that integrators should be asking their customers about, especially if they need to prove compliance. Many organizations that use surveillance systems are required by regulations, industry standards, or internal compliance standards to retain video evidence for a period of time (typically 30 to 90 days). Auditors for industry standards such as PCI, NIST, NERC, FedRAMP, and others are now required to confirm that an organization is systematically retaining video data for the required retention period in order to achieve compliance certification. Viakoo’s patented solution is the only automated approach for independently proving retention compliance, giving integrators an advantage in offering it in an RMR-based service offering.

Whether as the end user or the security integrator, data protection and governance requirements are continuing to grow and extend into physical security. Rather than treating it as a burden, these requirements should be seen as an opportunity to use automation to ensure everything is working as it should. Ready to see that automation in action? Viakoo offers free demo accounts, and we’re always happy to jump on a video conference to show our solution in action. Please visit to get started.

Subscribe Now

Additional Reading