NoldusViso
Data protection regulated in NoldusViso
NoldusViso – the Noldus AV recording tool – is used in many different fields: psychology, healthcare, education, user experience, and more. In all these applications, Noldus software provides a high degree of security to protect the data from illicit use.
Data protection is part of the fundamental right to privacy – but on a more practical level, it is really about building trust between people and organizations.
Applicable legislations
Noldus complies with the governing laws presiding over our customers for data protection. The legislations of the European Union (EU) and United States of America (USA) are most prominent.
European regulations
In the EU, the General Data Protection Regulation (GDPR) legislation went into effect on 25 May 2018. GDPR applies to all forms of data that targets or is collected in relation to people in the EU. As a global professional IT company, Noldus complies with all GDPR regulations.
American regulations
- checkHIPAA – Protects patients' medical records with rules on collecting and storing patient information
- checkHITECH – Supports health information management across computerized systems and secure exchange of health information
- checkFERPA – Protects the privacy of student education records
NoldusViso: a closed network solution
NoldusViso is a closed network software solution. Data is stored on video servers in the NoldusViso network under the control of the security procedures of the user's network.
Noldus IT does not require access to any video files, secure health information, or educational records. Even when we provide technical support or perform upgrades, all our activities are carried out independently of patient information access.
Noldus IT does not maintain an active connection to any NoldusViso system at any time. Such a connection can only be initiated, authorized, and supervised by NoldusViso users. Noldus IT therefore falls into the category of 'Software Vendor' rather than 'Business Associate.'
Three layers of security
Administrative
Policies and procedures designed to manage the selection, development, implementation, and maintenance of security measures. Noldus IT trains its employees on how to identify protected data and ensure it is never accessed without permission.
Physical
A locked door in the facility is the first safeguard. Since Noldus IT never collects or transfers data, it is the responsibility of the NoldusViso users to secure their facilities, workstations, and mobile devices.
Technical
Built-in user management with different access levels, TLS encryption for data in transit, audit trail functionality, and automatic logout after inactivity.
NoldusViso features for compliance
Password encryption
NoldusViso can integrate with your own LDAP, or generate encrypted local credentials. Passwords must contain at least 10 characters with uppercase, lowercase, numbers, and special characters.
Sophisticated user management
The Administrator can assign four levels of dedicated user roles, providing a high level of security and complete control over who sees which recordings.
Audit trails
Creates a log file with all activities regarding video creation, deletion, and access. The retention period can be set to comply with GDPR and HIPAA.
Privacy switches
Cameras can be equipped with a physical privacy switch. When turned on, a black cover prevents recording. An optional light indicates whether the feed is live or recording.
Certifications
GDPR has no statutory compliance certification yet. However, all Noldus software and activities, including those related to NoldusViso, are carefully screened to comply with GDPR.
HIPAA rules do not certify software and off-the-shelf products. Noldus requires all its employees who may be exposed to patient health information to go through a training course.
Noldus Information Technology is ISO 27001 certified, demonstrating our commitment to information security management.