5 questions your Infosec team may have about image processing

In the realm of data security, the integration of image processing technologies presents both opportunities and challenges. As businesses increasingly leverage visual artifical intelligence (AI) like Captur to enhance operations, teams encounter critical questions regarding compliance, data privacy, and risk management.

Here are the top five inquiries your InfoSec team may have about image processing, along with strategies for addressing them effectively:

1. Let’s start with the basic: what’s the standard for security certifications in AI?

In AI security, SOC 2 certification is the standard.

SOC 2 focuses on protection against unauthorized access to data and systems, particularly within service organizations. It assesses various aspects of security, availability, processing integrity, confidentiality, and privacy.

While SOC 2 is widely recognized and suitable for many organizations, ISO 27001 certification is often recommended for highly regulated industries such as banking, where strict adherence to comprehensive information security management systems (ISMS) is crucial.

2. When choosing a partner to manage my data, which certification should they possess?

When selecting a partner to handle your customers’ image data, prioritize one with a certification aligned with your specific security and compliance needs.

Both SOC 2 and ISO 27001 are reputable for safeguarding data, with SOC 2 focusing on protection against unauthorized access and ISO 27001 focused on having an internal Information Security Management System (ISMS).

It is worth noting that for AI, SOC 2 is the standard. Therefore, Captur holds SOC 2 certification, showcasing dedication to meeting stringent data security standards.

3. If they do not have these certifications, what controls should they have in place?

If these certifications are not met, they should still implement strong controls which includes encryption, access controls, consent management, compliance monitoring, and regular audits to address security gaps specific to image data processing.

4. What is an image? And what type of personal information do images contain?

An image can be anything that is perceptible with or without the aid of a machine, so it is extremely broad. Images are capable of protection as an artistic work of authorship under various copyright laws. Today, images may be generated by open-source AI models, such as DALL-E or Midjourney. If an image is generated by an AI model, this is often called ‘synthetic data.’

Images can contain a plethora of personal information, including facial features for identification, location data revealing whereabouts, timestamps indicating activity, surrounding objects indicating interests, and textual content disclosing names or addresses. This highlights the importance of implementing robust privacy measures when handling and processing image data to safeguard individuals' sensitive information effectively.

5. How do we handle images with a person’s face in it?

When handling images containing facial data, meticulous attention to privacy and security is our priority. There are multiple methods for removing facial data after receiving an image, such as blurring or manual deletion. At Captur, we take a proactive approach of preventing users from submitting images containing faces in the first place. Our AI automatically prompts users to retake the photo, excluding humans to ensure privacy and compliance.