The problem with privacy in photography
Why school photography has to look at cyber-security as a risk to the business
When most photo-industry executives think about privacy, they think in terms of security breaches like Equifax, Wannacry, Google or Facebook (or, in our own industry, 500px, Animoto and more). The Dead Pixels Society recently spoke with Ken Taylor, a longtime security expert about the challenges facing school portrait firms. Taylor is an entrepreneur and founder and managing partner of Kyvr Connect, a strategic Canadian VC fund dedicated to Canadian cybersecurity companies.
Despite the headlines (and Apple’s privacy-focused marketing efforts, Taylor says there’s still a lot of education needed. “Education and awareness is the number one issues for users and consumers,” says Taylor. “The end user lacks awareness. That’s across the board.” Losses are due to cybercrime and privacy loss are in the billions worldwide.
Taylor adds there is going to be increasing government regulation regarding privacy, as companies will become more and more responsible for the data collected by companies. In Canada (where Taylor resides), there is PIPEDA, the federal privacy law for private-sector organizations which sets the ground rules for how businesses must handle personal information, and CASL, which is Canada’s anti-spam legislation. In the United States, Federal laws haven’t been enacted to protect privacy, but it is happening at the state level. The California Consumer Privacy Act of 2018 (CCPA), signed into law by Calfornia governor Jerry Brown in 2018, “grants consumers new rights with respect to the collection of their personal information.” He adds New York and other states are working quickly on their own legislation.
“The government is going to force you to be liable from a legal standpoint,” says Taylor. “One doesn’t have to think very hard that an industry like school photography has not built itself to contend with this.” This is because of the nature of the information gathered by school photo companies and the sensitivity of it.
“School photo companies have a photo, an address, credit card info, etc., that a nation-state needs (for cybercrimes or even human trafficking,” he explains. “The importance of school photography companies is the platform where they place the vital information about children better be protected and compliant with the laws of Canada, GDPR and the states. It is a global business.”
Also, due to the nature of school photography, there is potentially increased risk at all stages of the process. Privacy impacts all levels of the process, from the photographer in the field to the transmission of the images and order information, to the printing of the products, to the delivery of the products to the schools and parents… and beyond, he says. “Cyber-security,” in Taylor’s view, encompasses protections of connected systems, the data itself, and all the systems, from attacks.
“We have to change the way consumers purchase the product and the technology that will encompass it,” says Taylor. “Even if you use a third party (for data storage, etc.), there would still be compliance requirements. And that will have to be seamless to the consumer.”
While privacy is going to be an increasing concern for school photo companies, Taylor says firms have time to come up to speed and learn about compliance. For example, anti-SPAM laws took four years to actively enforce.
“It does take time to build capacity, especially from law enforcement, but there’s a tipping point coming,” he says. “It has come to the point where people will no longer tolerate [not being secure]. Technology will drive how we behave, and it’s coming fast.”
Privacy trends on tap for Pro Imaging Connect
Next week’s Pro Imaging Connect conference will continue the cyber-security and privacy conversation, with a candid conversation with Dan Boudreau, CEO and Mike Watkinson, CTO from Edge Imaging, which has made privacy a key driver of its future business. Join them for a dynamic session exporing why cyber security and privacy is the greatest threat to the industry and what we can collectively do to mitigate it.