VeriFi - The Simple Solution to CCTV Data Protection Act Compliance
Failure to comply with the data protection act can result in a £5,000 fine, unlimited civil damages and/or a criminal record. The real danger for most organisations, however, is that having spent thousands of pounds on their CCTV system the evidence it produces may be rejected in a court of law as it is deemed to come from and 'illegal' system. For this reason it is in an organisation’s best interest to spend the small amount necessary to ensure that their system complies with the DPA in order that the large amount they have spent on CCTV is not totally wasted.
It is to prevent the above problems that the government Data Protection Act CCTV Code of Practice states “… there should be a periodic review (at least annually) of the system’s effectiveness to ensure that it is still doing what it was intended to do. If it does not achieve its purpose, it should be stopped or modified….Is a system of regular compliance reviews in place, including compliance with the provisions of this code, continued operational effectiveness and whether the system continues to meet its purposes and remains justified? Are the results of the review recorded, and are its conclusions acted upon?”
The problem for most organisations is how to instigate a professional assessment of their system and ensure that it meets the 62 legal requirements of the Data Protection Act. It is not unknown for the person being tasked with this duty to spend weeks researching the DPA (and equally important the The Home Office CCTV Operational Requirements Manual) incurring a labour cost that can run into four figures.
(Contact us if you are planning to install a new CCTV system as it is easier and less expensive, to ensure that the system is designed in line with the Data Protection Act rather than pay for compliance retrospectively.)
- 1 The VeriFi solution
- 1.1 Information Commissioners Office
- 1.2 Policy Document
- 1.3 Operational Requirement
- 1.4 Privacy
- 1.5 CCTV Signage
- 1.6 Annual CCTV Audit
- 1.7 Management Documentation
- 1.8 Recording Media
- 1.9 Right of Access Management
- 1.10 Public Information
- 1.11 Staff Awareness
- 1.12 Public Complaints Procedure
- 1.13 Security of Images
- 2 Other Services
The VeriFi solution
VeriFi can supply an Independent Consultant to conduct a CCTV Compliance Assessment, provide full documentation and comprehensive advice on where your system meets or fails to meet current legislation and official guidelines. However, a VeriFi Assessment goes much further than this in that it sets up a complete framework on which to base your CCTV management. The following are all covered by the VeriFi service.
As costs vary according to the size of the CCTV system please contact us for further details.
Information Commissioners Office
Almost all CCTV systems must be registered with the Information Commissioners Office. VeriFi will inform you of shortcomings in regard to your ICO notification.
You will require a statement itemising how your CCTV system is to be managed and stating who is fulfilling the roles of Data Controller and Data Processor.
According to the Home Office an Operational Requirement should be drawn up before any CCTV system is specified and form the basis for the design of the system. This document then provides evidence for the relevance of your system in respect to the DPA. VeriFi will reverse engineer an Operational Requirement and advise you of any shortfalls or redundancy within the system.
It is a serious infringement of the DPA for your CCTV system to invade the privacy of other people and their property. VeriFi will inform you of any such breaches and advise on the steps that should be taken to correct the situation.
You must ensure that you inform people before, or as, they enter an area where there is CCTV surveillance. As you can only use your CCTV system for the purposes which are stated on the signage it is important that the correct wording is used. VeriFi advise you on the correct wording for your organisation and can arrange the purchase of all necessary signage.
Annual CCTV Audit
To comply with the Information Commissioners Office CCTV Policy Document VeriFi undertakes a manual audit on behalf of its clients and provides them with comprehensive advice on any shortcomings. This is designed to ensure that your staff for contractors will effectively manage your CCTV on a continuing basis.
Clients of VeriFi receive, free of charge, a comprehensive package of the necessary documentation required under the DPA as well is training in its use.
To help ensure that images are usable in a court of law it is essential that any CDs or DVDs are Data Compliant (media purchased from retail outlets will not be suitable). Also supplied free of charge to VeriFi clients are the necessary compliant CD's/DVDs. Should you require more documentation or recording media this can be ordered online and is normally supplied on the next working day.
Right of Access Management
Under the DPA members of the public have a right to access of their recorded images. The VeriFi Application Form that is supplied as part of this service includes a statement of the individual's rights and how Subject Access Requests are managed. This service is designed to ensure full legal compliance.
As you must provide for the public a statement of how you manage and operate your CCTV this can be provided to VeriFi clients in either an online or paper format.
If you have not made your workforce fully aware of the purpose of the system and how it may apply to them video evidence may be ruled inadmissible. VeriFi clients receive as part of the package, a specific sign for display in staff areas.
Public Complaints Procedure
As it is rare to receive a complaint from the public with regard to the management of CCTV companies normally have no complaints procedure put in place. Where VeriFi manage enquiries on your behalf this includes complaints logging and resolution.
Security of Images
VeriFi will provide an audit of the method you use to secure recorded images. This will include, logging of those people allowed access, the method of access & control of images taken from the system and the tracking any hard disk drives that have been removed from the site.
Although not part of the above Compliance Assessment, the Following Services Are Also Available from VeriFi:
Discreet Evidence Download Service
It is sometimes necessary that evidence be downloaded from the system by someone who is independent from the day-to-day management. A reliable and effective service can be provided by VeriFi should such an event to occur.
Professional Evidence Editing
Where substantial amounts of irrelevant information is downloaded the result is often a noble long and complicated presentation of the facts. To avoid this VeriFi can offer a professional evidence editing service.
Contact us if You would like further details of the VeriFi service along with the cost to your organisation.