A Guide to Complying with Current Legislation
The following article considers the legislative problems with the majority of CCTV systems and how these can be avoided. It is written by Brian Larkins the Managing Director of VMS which is considered by many to be the leading specialist company serving the Compliance and Forensics requirements of the CCTV industry. Please contact us if you would like help in complying with the issues raised by this document.
CCTV 90% Illegal 80% Ineffective
Whether CCTV is an existing element of your security/management strategy or you are considering investing in CCTV, you need to be sure that the system will provide unequivocal evidence.
Imagine your frustration at having your CCTV evidence rejected in a health & safety claim or employment law dispute due to poor quality images or procedural mistakes. The financial impact of such cases could amount to tens if not hundreds of thousands of pounds, by comparison most instances of theft can appear almost inconsequential in terms of loss.
The quality of images as seen on TV News and crime reporting programmes is a damning indictment of CCTV standards. Consider the numbers quoted in the headline, 90% Illegal stated by CameraWatch is based on ‘initial research’ and refers to total or partial shortfall in Data Protection Act compliance. 80% Ineffective refers to the efficacy of CCTV evidence examined by the Police and is stated in the Home Office National CCTV Strategy.
These statistics are largely based on anecdotal evidence, nevertheless practical experience of those professionally involved in the assessment of CCTV systems would broadly agree with these estimates.
Another interesting number is the 3.2 to 4.2 million CCTV surveillance cameras employed in the UK. Which figure is closest to reality no one knows, but there is probably 1 camera for every 15 members of the population, capturing our images as we go about our lives.
According to current folklore our image is captured 300 times a day and stored for a month or more. Should we be worried?
Provided that CCTV images are managed in accordance with Data Protection Act principles and you are a law abiding citizen, there should be no concern and in countless high profile cases CCTV has proven to be an invaluable aid to investigation. The enquiry into the Jean Charles de Menezes shooting on the London Underground was greatly assisted by CCTV evidence; similarly evidence of the immediately preceding terrorist bombings was of fundamental importance to the Police investigation.
Data Protection Act legislation is at the very core of protecting our Human Rights when it comes to the use of CCTV, so are we safe to assume we are protected from its misuse? The law is certainly adequate and has been since the 1998 Data Protection Act encompassed CCTV images. The Information Commissioner is responsible for enforcement and serious cases of non compliance can result in a substantial fine or even a custodial sentence.
You must let people know that they are in an area where CCTV surveillance is being carried out. The most effective way of doing this is by prominently placed signs at the entrance to the CCTV zone and reinforcing this with further signs inside the area. The signs should contain details of the organisation responsible for operating the system, the purposes for using CCTV and contact details.
The Data Protection Act does not prescribe any specific minimum or maximum periods which images should be retained for, the archive period should reflect the organisation’s own purposes although 30 days is the accepted norm.
A little known aspect of DPA law is Right of Subject Access, you have a legal right to request a copy of your images captured on CCTV and subject to certain reasonable conditions the organisation responsible for the CCTV system (the Data Controller) must provide a copy.
You will need to make the application in writing: stating where you were, the time & date and provide photographic identity so that the relevant images can be searched for. The Data Controller is entitled to charge up to £10 for the search including the cost of providing a CD or DVD. The images must be provided to the applicant within 40 days of the date of application or a valid reason for not being able to comply must be given within 21 days.
Legislation is weighted in favor of the applicant and the Data Controller can incur substantial costs in producing the copy recording, particularly if it is found to include images of third parties as well as the applicant. These third party images must be masked in order to protect the identities of others.
A frequent dilemma faced by Facilities Managers of multi tenanted buildings is when a tenant demands access to recordings that may assist them in criminal or civil law matters. In the case of criminal investigation the response is clear cut, the tenant must report the matter to the Police who will request a copy of any video evidence they may require.
Non criminal cases are more complex and disclosure of images directly to the tenant may result in a breach of Data Protection Act law, on the other hand refusal may result in bad feeling if tenant holds the reasonable view that; ‘security is included in the service charge that I am paying and I should be allowed access to CCTV recordings that relate to my business’.
A reasonable response would be to establish the parameters of the recording; date, time and cameras. Then download images in the same manner as for a criminal investigation, but without allowing the applicant to view the images. You have at this point protected the required images from being overwritten by the recording equipment. The next move is to suggest that the tenant instruct their lawyer to request a copy, subject to an undertaking that the law firm becomes Data Controller for the issued copy.
In this article we refer to digital recording only, on the basis that video tape is redundant technology that is no longer serviceable and unlikely to be effective.
Digital images are primarily recorded to hard drive and are only downloaded on demand, the recording equipment should be held in a secure enclosure fixed to the building fabric or located in a security control room. Access to the system to download images should be password protected and only available to nominated Data Processors.
Images should be downloaded to non rewritable media such as CD or DVD and be playable on any video enabled PC or laptop without the need for additional software. It is good practice to download two copies of an incident, one being the Working Copy for issue and the other being an Archive copy held securely on site for backup or verification purposes. It is vital that a robust audit trail is created by means of Unique Reference Numbers printed on the disc during the printing process. The audit trail should be supported by suitable documentation. Download to memory stick, re-recordable media or the internet without secure encryption will compromise the veracity of the evidence.
If CCTV is an existing element within your security & management strategy, make sure that you have a CCTV policy in place describing how it should be managed in compliance with Data Protection Act law. Don’t then file and forget, but ensure that your security staff are issued with a copy and carry out an annual assessment of management and equipment performance, thereby ensuring that your CCTV continues to meet current needs and best practice.
If you are considering the installation of CCTV get a professional to assess your risks and system requirements in the form of an Operational Requirement based on the Home Office model. This is in effect a performance specification that can be issued to those responsible for the technical design and bid process, you can thus be sure of obtaining comparable quotations on which to base your buying decision. Furthermore you will have created a benchmark against which performance can be objectively assessed as a part of an effective professional handover process that will include; System Operating Manual, CCTV Policy, Management Documentation, Statutory CCTV Warning Signs and training of those responsible for managing the system.
We are able to supply a range of services from a Data Protection Act Information Pack through to an Operational Requirement, full professional design for a CCTV system (or upgrade) or Audit of an existing system. As many of our services are free of charge please contact us for more information.