Privacy & Cookies CEO addresses the limited awareness of the art of the possible, the need to embrace 3rd generation services and to help organisations hold vendors to account.
UK (LONDON) Privacy & Cookies (P&C) announces the launch of a Request for Proposal (RFP) template to assist organisations with the procurement of a Cookie Consent Management Platform (CMP) in response to the damning research that 89% of UK websites are non-compliant with the General Data Protection Regulation (GDPR) in respect of cookies. The RFP template is free to download from the P&C website at www.rethinkingprivacy.com
Lawrence Shaw, P&C CEO, recently took part in a week-long ‘ask the expert’ Q&A session arranged for the clients of online effectiveness experts Bowen Craggs, which include some of the world’s leading global brands and 9 of the top 10 FTSE companies.
The Q&A session supported P&C’s own findings that 71% of organisations believe that they have the problem of cookie management in hand, and virtually all those interviewed were not aware of the capabilities and what to ask for when acquiring a CMP.
These conclusions were further amplified in a study by MIT, UCL and Aarhus University, which estimated that only 11.8% of the top 10,000 websites in the UK are currently compliant with GDPR, despite deploying one of the 5 leading CMP solutions (by market share) on their websites.
“As awareness grows and regulatory enforcement ramps up, organisations that value trust have to rethink privacy and focus on earning consent from their CMP service” says Shaw.
“Organisations can make more informed purchasing decisions by understanding the art of the possible. Most websites have first or second generation CMPs deployed which are generally inadequate” continues Shaw, “Today’s third generation CMPs, utlilising the latest automation and machine intelligence technology, are key to earning consent and delivering GDPR compliance.”
More than 10 years of privacy experience and technology development of automated compliance software, in addition to managing one of the largest CMP global deployments, with thousands of websites across hundreds of countries, has enabled P&C to offer the RFP template.
Neelie Kroes, former Vice-President of the European Commission, commented “Whilst it’s not for me to endorse any particular tool or service, I applaud this overall development which is bringing some genuine innovation.”
“Talking to our clients and partners, it became apparent that there was nothing readily available to help them evaluate CMP services and compare vendor offerings.” says Shaw, “That’s why we created the RFP template”.
DVS, one of the UK’s leading CCTV camera and components distributors, will become the first UK distributor to provide the Facewatch facial recognition crime deterrent solution to their installer and reseller network.
The use of facial recognition as a deterrent to stop shop theft and violence in retail stores is rapidly gaining acceptance. The Facewatch system has been successfully tested across a range of retailers over the last 18 months. With demand increasing making Facewatch available via the established UK reseller channel will ensure the product, training and support is provided at the very highest level and a rapid roll out can be achieved.
Facewatch, which is sold as a licenced product is GDPR compliant and the uploaded criminal data is the responsibility of Facewatch under a data sharing agreement has been signed by the user. Facewatch will be available to ‘approved’ installers who have been trained on both the practical setup of the cameras and aspects of managing and running the system.
Gavin Dunleavy, Commercial Director, DVS Ltd
“Facial recognition is being discussed within businesses and the wider world by those who understand that the best technologies can deter and prevent crime. Facewatch is the leading facial recognition solution with a focus on the retail sector and other verticals alike. With GDPR compliance and privacy controls built into the system the solution becomes powerful and legally deployable. Facewatch combines simple CCTV hardware with a secure cloud-based software solution, so accredited training and support is of the upmost importance for our installers to deliver this incredible solution. We will be running training from our HQ initially then across the UK with a plan to have trained and accredited strategic partners in place throughout 2020.”
DVS Company Background
A fast paced and energetic organisation, DVS has embraced innovative technological advances in the industry and are now one of the industry’s most proficient distributors of IP CCTV products. Formed in 2003, DVS has quickly established itself as one of Europe’s most successful multi-brand distributors of electronic surveillance products. This has been built on significant investment into our superb sales and technical teams, and a state-of-the-art demonstration and training facility located at DVS HQ. Professional and proficient staff, with a fantastic working environment, ensures that customers and suppliers alike always receive a positive impression.
Nick Fisher, CEO, Facewatch Ltd
“DVS are a perfect partner for us. They have a highly technical team; they are used to working with the very latest CCTV technology and have a great team on the road and at their HQ offering sales and technical support. Facewatch is a sophisticated SAAS (software as a service) product that requires training and support and DVS have a well-established training team who will work with us to establish a network of approved Facewatch installers. Facewatch is supplied on licence and therefore creates a new recurring income stream for installers who will provide lifelong technical, product management and training support to their customers. We are very excited to announce DVS as our channel partner.”
Facewatch company background:
Facewatch have been providing crime prevention solutions to the retail industry for over 10 years. The business was started by Simon Gordon owner of London’s oldest wine bar on the Embankment in London. The Wine bar was a target for pick pockets and bag thieves and he wanted to provide a relaxed and safe environment for his customers. Being technology minded and working with the local police he launched the first ever online crime reporting system including CCTV footage. This led to the launch of the first facial recognition solution in 2017, enabling retailers to deter habitual criminals who were shoplifting, abusing staff or causing criminal damage.
Today the Facewatch system provides a GDPR compliant solution that is easy to install, can be used and managed by small stores and is scalable for use by large retail groups due to its unique cloud-based servers and using Intel® NUC mini PCs. Data is managed securely by Facewatch. Facewatch doesn’t store information about the general public, just those for whom their retailer subscribers have uploaded confirmed evidence of criminal activity. If a facial image is not matched to a relevant watch list the algorithmic data is instantly deleted.
Facewatch solution overview:
Facewatch uses the software-as-a-service technology model, making advanced facial recognition affordable for even small businesses. The company’s watchlist lives on the cloud. It’s a centralized, managed database of biometric data corresponding to the faces of people who are reasonably suspected of having shoplifted or committed other crimes at businesses that subscribe to the service (Figure 1).
The hardware to run Facewatch is simple to deploy. It includes a standard HD CCTV camera and Intel® NUC, a mini-PC that is only 4×4 inches in size and consumes very little power. Its performance enables it to play and record video at 4K Ultra HD clarity, making it ideal for a facial recognition system. The cameras—placed at store entrances—send an image to an on-site NUC loaded with software that converts the image to an algorithm. The algorithm is compared to those in the Facewatch relevant watchlist for that property and if there is a match an alert—along with an accuracy reading—is sent to the retailer’s smartphone or other device, warning it that a known criminal on the watchlist has entered its business.
To add a shoplifter to the watchlist takes only six key presses and about 20 seconds, making it easy for store or security staff, and it doesn’t interfere with their normal duties. “They simply follow a dropdown menu, the time and date are automated, tick the box, the whole thing’s designed to be simple but highly secure and includes a confirmatory legal statement confirming that the information is accurate.” said Nick Fisher, CEO of Facewatch.
The solution does not retain any personal data on anyone not on the watchlist. “If no match is discovered, the image is deleted in 0.3 seconds” Fisher said, “and the entire process—from the moment a known shoplifter comes through the door, to the instant the retailer gets an alert—takes less than two seconds.”
The successful TV thriller series “24” focused on a single day in a US government agent’s career, constantly reminding the audience that this was “the longest day” in his life as he overcame a series of seemingly insurmountable challenges.
“Events occur in real time,” agent Jack Bauer’s voiceover portentously announced at the start of each episode.
The EU’s General Data Protection Ruling which came into effect in May of 2018 (GDPR) means that company information security officers (CISOs) and IT Directors may too find themselves facing the “longest three days in their life” while attempting to comply with the EU’s rigid 72-hour deadline to make an accurate assessment of the incident, with supporting information relevant to the breach.
The event, “Managing Data Breaches Under UKGDPR” is taking place in London on Wednesday 27 November and will recreate a series of events from the perspective of different roles in the business. These stakeholders will attempt to make sense of sometimes conflicting information while ever conscious of meeting the GDPR 72-hour deadline. It will outline procedures that can be put in place to cope with and manage the three days of massive pressure when a company must not only supply Supervisory Authorities with information relevant to the breach, but also work urgently with 3rd parties, contact affected customers and manage communication consequences.
This event will open with security researcher and white-hat hacker Igor Yuklyanyuk will give a practical demonstration of a real-life hack, based on the one that cost British Airways (BA) a £180m in GDPR fines. Attendees with then be taken through the incident discovery and internal communications and action based on real-life experience, with a warts and all approach. Taking a step back, the presenters will then discuss steps they take to be better prepared for the future. There will be a panel for questions afterwards, and booths where you can get some hands-on experience with the tools used in the presentation. The following skills and procedures form the core of the event:
Making key decisions with limited information and under mounting stress
Top communications steps to avoid
What, when and how to notify regulatory authorities
Post incident clean-up procedures that can be prepared in advance
Aside from the recent fines imposed on BA and Marriott, companies who have suffered a breach frequently suffer irreparable damage to customer and investor confidence. Just to add to the pressure over the three days, failure to convince the regulator that the company took every precaution in advance to prevent a breach, can also leave the CEO and senior executives facing personal prosecutions for professional negligence.
With such high stakes riding on the first crucial 72 hours after the breach, there is very little time to identify the precise source of the breach, carry out damage limitation and discover the full extent of theft and damage. Event organisers, GDPR compliance firm UKGDPR and the leader in privacy, security and third-party risk management technology, OneTrust, will present a step-by- step guide on how best to allocate time and resources in the critical first 72 hours of an incident.
Data Protection Impact Assessments (DPIA) are an essential, and often mandatory, process under the regulation. Attendees at Managing Data Breaches Under UKGDPR will receive a free copy of UKGDPR’s new handbook: “Running Successful DPIAs”.