As each generation of mobile mapping technology improves on the last, the data these tools capture gets crisper and more realistic. This is good news, but there are downsides.
When the scanner captures finer details, you’re not just capturing the general environment anymore. You’re also capturing information that could be used to identify a specific person. Think faces, name tags, and license plates.
That’s why capturing 3D data in today’s technological landscape means contending with serious privacy challenges — and that’s true whether you’re a laser scanning professional or an enterprise. 3D scanning requires a whole new level of care and responsibility from you, your partners, and your customers, all of whom need to act with care to protect personal information from getting into the hands of malicious actors.
Today, we’ll talk about the privacy challenges of 3D data capture. And then, we’ll show you how to minimize those risks, so you can continue to run your business with confidence.
The new risks of 3D capture
There are numerous ways your data can leak during a project, which will let personal information get into the wrong hands.
For example, when permissions are not locked down effectively, it becomes possible for unauthorized employees to access your data. If your security is inadequate, your data is open to a hack or breach. If you send data on physical drives, they could be intercepted in the mail.
There are obvious negatives to letting malicious actors access personal data. But here are a few you might not have considered
Due to several highly publicized breaches in recent years, regulators are passing strict protections around the use and storage of personal data. European readers are undoubtedly familiar with the General Data Protection Regulation (GDPR), which went into effect in 2018. This legal regulation is intended to give people control over their personal data by prohibiting the use of that data without their consent.
The important thing for you to know is that GDPR will impose strict punishments on businesses that allow the misuse or breach of data. Fines for businesses that violate GDPR can reach 20 million euros or more, which could do seriously damage your finances, no matter how big you are.
And it’s not just European LSPs who should be aware of these regulations. The list of governments with similar protections is growing. Today Canada, Japan, California, and more have already instituted similar laws.
The answer? Data anonymization by blurring.
You might think that you can protect data by keeping it in an on-premises database, or not sharing the data publicly. But as we’ve already covered, that data may still be accessed by malicious actors in the case of a breach, so this method is clearly inadequate.
You may also think you are already protecting data by limiting what you capture in the first place. No doubt you or your team already put in a great deal of work to minimize the number of people moving through the scan, thus preventing the capture of their personal data. That likely works well enough for most scenarios, but no one can control the scanning environment completely. You or your team may capture personal data without even knowing it.
That’s why the best response is a process called data anonymization.
To anonymize data, you need to change or distort the portion of the image containing personal data so that the data is no longer discernible and cannot be recovered. This second point is worth noting since it ensures that a malicious actor won’t be able to recover the data by any means. Using a tool like Photoshop to “swirl” a face may deceive the human eye, but a computer can quickly reverse the operation to uncover the face.
The most widely accepted method for anonymizing mobile mapping data is blurring, which means changing a pixel’s color to the average color of its neighboring pixels.
The benefits are numerous. Any personal data that is anonymized will be unreadable to malicious actors even if they gain access to the data set. And many personal-data regulations, such as GDPR, do not apply to anonymized data. The process of anonymization through blurring virtually eliminates the risk of a crushing fine in the case of a data breach.
But what’s the best way to blur your data? You have a few options.
Many LSPs that anonymize data will process the capture and then hand it to an internal team — or outside contractor — that will use an image-editing tool like Adobe Photoshop to blur any people in the data set. After that, they pass it back for uploading to the capture instance.
This works OK since it doesn’t interrupt the post-processing workflow and offers easy control over who can see the unblurred panoramas.
But this method presents some significant problems:
- It requires exporting and importing data and moving it a number of times, which increases the chances of a leak.
- Manual blurring for large data sets is extremely time-consuming.
- The process is unreliable since human operators are prone to mistakes.
- This method does nothing to blur data within the point cloud data itself.
Automated blurring software
As a result of these pain points, some LSPs and enterprises use automated third-party solutions, or similar solutions developed in house. These applications are designed to scan the point clouds and panoramas and automatically detect and blur faces, bodies, and more. Simply upload the data, select what you want to blur, and process.
However, these automated tools are not perfect either:
- In-house solutions are extremely costly to develop and maintain
- The quality of the processing can be unreliable
- These tools are often only semi-automated, meaning they still require significant oversight and labor to ensure adequate blurring
- These tools may lead to vendor “lock-in”
- Proprietary tools like these are often poorly integrated with existing workflows, so they require time-consuming import and export throughout the process
Integrated blurring functionality
But automated blurring solutions can still offer the best option, as long as they are good quality and integrated into the processing software itself. This kind of solution can eliminate the remaining pain points of blurring for LSPs and enterprises.
This ideal solution offers significant benefits:
- Automated blurring
- Improved safety and efficiency because the process won’t require moving data
- One-click processing that saves significant time
- Blurring of the point cloud itself, not just the panoramas
- Easy and guaranteed compliance with GDPR
Until recently, very few vendors offered this functionality in their processing software. But NavVis recognizes the changing landscape and the growing necessity of blurring your data. That’s why the company will soon offer an integrated solution for NavVis IVION Processing.
This additional functionality will make it easier for you and any of your partners to work with confidence that your team’s personal data and your clients’ personal data are protected. And that your business is protected, too.
Sean Higgins is an independent technology writer, former trade publication editor, and outdoors enthusiast. He believes that clear, buzzword-free writing about 3D technologies is a public service.