The elephant in the room: Data security and privacy in the photo industry

There isn’t an industry today that hasn’t been affected by cybersecurity and data privacy; as recently as this week, CafePress was reportedly affected by a breach. There have even been examples of cameras being hijacked by ransomware attacks. And industry members don’t need any reminder of the havoc caused by the well-known PNI Media and Colorado Timberline breaches.

Dan Boudreau, Mike Watkinson and Jordan Moore of Edge Imaging discuss privacy at a fireside chat at PI CONNECT

Mike Watkinson, chief technology and privacy officer of Edge Imaging, has come forward with an industry message to raise awareness of this issue. He and CEO Dan Boudreau appeared at the inaugural Pro Imaging CONNECT conference earlier this year on the “Greatest Threat to School Photography” panel discussion.

As Canada’s largest, coast-to-coast school photography company with 1.5 million portraits taken annually, Watkinson says the company has a special responsibility to secure customer data privacy due to the subject matter of Edge Imaging’s photos: Young children.

In this week’s “The Hanging Pixels Podcast,” Watkinson discusses with host TW Woodward the importance of cybersecurity and how privacy has become a business necessity of portrait photography businesses. Further, the national Canadian government enacted sweeping privacy laws, the Personal Information Protection and Electronic Documents Act (PIPEDA), which covers how personal information is collected from customers and how it is used. Specifically, PIPEDA has been around since 2000 – longer than Edge Imaging itself – and is continually being revised. From the beginning, Edge Imaging took compliance into account.

“We had to make sure we had the policies and procedures in place conforming with PIPEDA,” said Watkinson. “You have to consent where needed, and that’s becoming more prevalent in any online transaction or relationship right now.” For example, there is pending legislation that, if there is any cross-border transmission of information – even within the same company – there has to be explicit consent by the customer. “And by ‘explicit consent,’ it can’t be buried in a policy.”

The penalties are potentially crippling to photo companies. In Canada, at $100,000 per breach, imagine the exposure faced by a photographer at one school with 400 students, says Watkinson.

In spite of the potential pitfalls, however, Watkinson maintains having excellent privacy hygiene is just good business. “It’s good for your marketing to schools, it’s good for your customers and you are mitigating your risks by having good cybersecurity practices,” he says.

Listen to the podcast here:

Download the cyber-security white paper from Edge Imaging

Edge Imaging has published a free white paper, “Planning for a Certainty: SMEs and the Importance of Planning for and Mitigating Cyber Risk.” The global cybersecurity landscape is extremely fragmented, making it difficult for small- and medium-sized enterprises (SMEs) to have a clear understanding of the real threat and how to be prepared for a cyberattack. This white paper is as an educational resource to help SMEs recognize, prioritize and plan for the very real threat of cyber within their businesses. Unfortunately, most organizations are targeted based on their ability to pay a ransom. Often there is a trend, once a cyber-criminal has successfully received a ransom payment, they will target similar organizations. Municipalities are a prime target due to existing government funding. As cybersecurity policies and regulations strengthen the responsibility to safeguard personal information on schools, districts/boards, educational institutes and vendors who work with them continues to grow.