Is it possible to prevent unauthorized copying or recording of data by photographing screens?
There is mainly two kind of people to consider in this question:
- The person working on the computer. This person is your employee, they went through your HR screening and abides by your policies. They have been trusted to access and work with some data. Due to this, since they need to see, no technical measure can prevent them from taking photographs (using a phone, a pen camera, ...), taking notes or remembering what they saw.
- The people around the computer. The computer could be a laptop in an airport or at a customer site, a desktop at a front desk etc., the other people may be unknown people, customers, or even other employees. Here the issue is not the same, and for this use-case you can buy privacy screen filters. These filters reduce the viewing angle of the screen, ensuring that only the person right in front of the screen can see its content (this person being obviously assumed to lock the computer when not in front of the screen).
In my view, unfortunately the answer is: unless you're willing to go with the two pretty radical options I mention below, probably not with any kind of really strong guarantee of security.
Other answerers have suggested technical measures that, in theory, might possibly allow users to see information on screens properly while preventing cameras from doing so. With all respect to those views, frankly, I'm a little skeptical that there are any such measures that would reliably work, at least if we're talking about facing an opponent actor with some minimal ability to do things like use photo and video editing software to recover any information from pictures/frames that might indeed be successfully made difficult to see on ordinary viewing. At the least, I would not rely on any techniques like that to meet the security need you're talking about without first having some extensive, independent testing in-hand demonstrating strong effectiveness. Which I dount you're going to be able to find.
If we limit ourselves to measures that we know will work with a high degree of likelihood if implemented properly, unfortunately we are left with two admittedly not-great options:
Implement tight, physical security searches to prevent any employees from bringing any kind of electronic devices into a highly-secured area where the computer screens thatshow the sensitive info are kept.
Rework or replace the software that displays the sensitive data on screen (or the ways that you use that software) so that, well, the data is never actually on screen.
Option 1 is how governments and enterprises secure super-sensitive information that they must protect in high-security facilities. It is difficult, and often-times expensive, to implement. (You need, at the very least, dedicated security personnel screening each person who enters the secure area.) Option 2 is more palatable in many ways, except that depending on your workflow and how your workers need to do their jobs they might well need to see the actual clear-text sensitive information on screen. Whether that's a practical course or not depends on how your business or organization actually uses sensitive information.
Now, all of the above being said that doesn't mean that there aren't measures you can take to reduce the risk of an employee deciding to whip out his or her phone and take a photo of on-screen information. Obviously, you can impose a policy ban on bringing devices with cameras in the areas where computers with sensitive info on them are located, and let your employees know that if they are caught breaking that rule punishment will be significant. And of course you can and should do background checks on anyone before allowing them access to sensitive information in the first place. But those policy-based measures are, obviously, very far from foolproof.
In sum, the taking-a-picture-of-a-screen scenario is just a really rough one to combat. If you can prevent sensitive data from ever really being on screens to begin with that's probably your best of a bad set of possible options if you aim to very strongly protect the confidentiality of it.
One solution could involve physically altering a monitor, by removing one or more of the "filter" layers it has and sticking them on glasses or something else to be worn by the designated user, so the "unfiltered" image would appear blank or hardly visible to everybody and everything that does not possess the extra filter, although I might be wrong and some lenses might still see the image, do let me know if that's the case.