1. Purpose

This Privacy Impact Assessment (PIA) Policy outlines Minnovation’s commitment to protecting personal information collected, processed, or stored through the XVision system. The purpose of this document is to inform customers, partners, and stakeholders of the privacy considerations, legislative obligations, and governance practices Minnovation applies to XVision Pro (edge processing) and XVision Lite (cloud processing).

This PIA also serves as a reusable reference for customers undertaking privacy reviews, procurement, or compliance audits involving video analytics and AI-based surveillance.

2. Scope of the XVision System

XVision is Minnovation’s AI-based video analytics platform used in smart city, traffic, and safety applications. The system consists of:

• XVision Pro: Processes live video on-site at the edge. Personally Identifiable Information (PII) is removed before transmission.
• XVision Lite: Processes static images in a secure Azure cloud VM. No live streaming or permanent image storage occurs.

Both versions may involve:

• License plates
• Facial imagery
• Vehicle images
• Geolocation data

3. Privacy by Design Measures

Minnovation embeds privacy into the architecture of XVision through:

• Edge PII Removal: XVision Pro strips PII before cloud transmission.
• Privacy Masking: XVision applies blurring/low-resolution filters to faces and license plates.
• Data Minimization: Only necessary metadata is retained.
• No Live Video Storage: XVision does not archive continuous video streams.

4. Legislative Compliance

Minnovation ensures compliance with:

• Privacy and Data Protection Act 2014 (Vic) and its Information Privacy Principles (IPPs)
• Australian Privacy Act 1988 (Cth) and Australian Privacy Principles (APPs)
• State-based requirements inherited via contracts with local councils or agencies

5. Data Security Measures

• 256-bit encryption in transit and at rest
• Role-based access controls and multi-factor authentication
• Isolated Azure VM environment for XVision Lite
• Audit trails and access logging
• Data retention and deletion policies based on client needs and legal standards

6. Roles and Responsibilities

• Customer (e.g., Council): Acts as the Data Controller – determines data use and ensures lawful collection.
• Minnovation: Acts as Data Processor – operates the system under contract, only using data for agreed purposes.
• Privacy and data handling responsibilities are formally defined in customer contracts.

7. Transparency and Public Engagement

We recommend that end-user organizations (e.g. councils) implement clear signage at monitored locations and publish a privacy notice outlining:

• What data is collected
• Purpose of monitoring
• Contact point for inquiries

Minnovation is available to assist with public communication where needed.

8. Ongoing Governance and Reviews

Minnovation commits to:

• Reviewing privacy measures annually or when system features change
• Conducting regular security audits
• Training staff on privacy and data protection
• Maintaining clear documentation and incident response protocols

9. Customer Use and Distribution

This document may be provided to customers, stakeholders, and auditors as part of privacy reviews or procurement processes. It may also be published on Minnovation’s website to increase transparency and public trust.

10. Contact