SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Australia

Guides

#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware

Search

Mathieu chevalier(2)
#
Data Protection
#
Smart Cities
#
Surveillance

Genetec sets privacy rules for physical security data

Tue, 27th Jan 2026
Author image
By Joseph Gabriel Lagonsin, News Editor

Genetec has issued a set of data privacy practices for organisations that run physical security systems, with a focus on how teams collect, store and share sensitive information such as video footage and access records.

The company said physical security tools generate large volumes of information. It cited video footage, access control records, and licence plate information. Genetec said this data now plays a larger role in daily operations and investigations.

Genetec linked that growth to increasing pressure on organisations. It pointed to privacy regulation changes, cyber threats and expectations around transparency.

"Physical security data can be highly sensitive, and protecting it requires more than basic safeguards or vague assurances," said Mathieu Chevalier, Principal Security Architect, Genetec.

Chevalier also criticised some vendor approaches to data use.

"Some approaches in the market treat data as an asset to be exploited or shared beyond its original purpose. That creates real privacy risks. Organisations should expect clear limits on how their data is used, strong controls throughout its lifecycle, and technology that is designed to respect privacy by default, not as an afterthought," said Chevalier.

The guidance arrives as security and privacy teams face more scrutiny over how they manage surveillance and identity-related information. Physical security data can include personal data. It can also carry operational sensitivity for organisations.

Data strategy

Genetec said organisations should begin with a clear data protection strategy. It said teams should regularly assess what data they collect and the purpose for collection. It also said teams should check where the data is stored, how long it is retained, and who has access.

The company said organisations should document their practices. It said documentation reduces unnecessary exposure and highlights policy gaps. It also said the process can support compliance as regulations change.

Genetec also pointed to transparency as a factor in trust. It said organisations should communicate data handling practices to employees, customers, and the public.

Privacy by design

Genetec said privacy-by-design should shape system design and governance. It said organisations should limit privacy risk through security controls. It also said organisations should consider how personal data is collected and used.

The company recommended purpose limitation and data minimisation. It said organisations should collect and retain only data that relates to defined security objectives.

Genetec also listed security measures. It said organisations should encrypt data in transit and at rest. It recommended strong authentication. It also recommended granular access controls.

The company said privacy-enhancing technologies can reduce exposure of personal identity. It cited automated anonymisation and masking. Genetec said these approaches can preserve operational value while reducing identification risk.

Ongoing cyber defence

Genetec described data protection as continuous work rather than a one-off project. It said organisations should treat privacy and cybersecurity as ongoing operational responsibilities.

The company highlighted system hardening, vulnerability management and timely updates. It said these steps matter as new cybersecurity risks emerge.

Cloud deployments

Genetec said cloud-managed and software-as-a-service deployments can affect how quickly organisations apply patches and privacy controls. It said such deployments can keep systems current with security updates and compliance features.

It also said cloud approaches can reduce operational burden on internal teams. Genetec noted that many organisations use mixed approaches that combine on-premises and cloud environments. It pointed to scalability, control and data residency requirements as factors in deployment choices.

Vendor scrutiny

Genetec also urged organisations to evaluate technology partners in greater detail. It said organisations should examine how vendors govern personal data and set limits on data use. It also said vendors should communicate privacy practices transparently.

The company cited independent security standards and attestations as one indicator of how systems and data are managed. It referred to ISO/IEC 27001, ISO/IEC 27017, and SOC 2 Type II reports. Genetec said such assessments provide assurance around protection and management of systems and data.

It also recommended checks on vulnerability disclosure processes and data governance practices. Genetec said organisations should review how vendors develop and deploy artificial intelligence when personal data is involved. It said organisations should look for transparency, safety and human-led decision-making in those approaches.

The company is headquartered in Montreal and sells video management, access control and automatic number plate recognition products, alongside intrusion detection, intercom and digital evidence management tools.

Related stories
Fime opens Melbourne lab to bolster SoftPOS security
Object First triples growth on ransomware-proof backups
Telehouse Europe appoints Chris Lamb as Enterprise Director
Study finds 28,000 fake domains mimic top websites
Bitsight unveils dark web tool to secure supply chains

Top stories

Kyndryl unveils policy-as-code guardrails for AI agents
Genetec adds case investigation tools to Security Centre SaaS
Gigamon named 2026 public sector observability leader
SmarterMail flaw exploited in China-linked ransomware push
Hackers ditch noisy ransomware for stealthy data theft