The Security Industry Association (“SIA”) announced the revised SIA Privacy Framework on April 1, 2014. Building on the initial framework released in 2010, the revised SIA Privacy Framework is designed to provide guidance to companies seeking to establish adequate privacy policies to protect personally identifiable information and other sensitive data. This release outlines a core set of principles and best practices for privacy protections in the deployment of security technologies.
The SIA Privacy Framework purports to: 1) serve as a guide for manufacturers, integrators and distributors of electronic physical security technologies; 2) inform policy makers about how the security industry protects privacy when collecting, securing and storing personally identifiable information; and 3) help educate end users on the implementation of privacy protections.
Ten (10) Privacy Principles under the SIA Privacy Framework include: 1) Mitigation by Design; 2) Assessment; 3) Legal Compliance; 4) Use Limitation; 5) Database Safeguards; 6) Secure Communications; 7) Transparency; 8) Breach Notification and Response; 9) Data Retention Policy; 10) Accountability.
The SIA Privacy Framework also includes a five (5) step approach to Privacy Impact Assessment.
To read the announcement, please access the SIA website here.
The SIA Privacy Framework is available here.
Written by Maki DePalo, Associate, Privacy & Data Security | Alston & Bird LLP
