380 likes | 391 Views
Join the "Regulating Smart Cities: Policing & Privacy" conference by CameraWatch at the University of Strathclyde on March 31, 2015. Learn about UK Data Protection Acts and best practices for CCTV systems to ensure compliance and privacy protection.
E N D
Designing Smart Cities Conference University of Strathclyde, Glasgow 31st March 2015 “Regulating Smart Cities: Policing & Privacy” Paul Mackie Chief Executive and Compliance Director CameraWatch compliance@camerawatch.org.uk www.camerawatch.org.uk
What is CameraWatch? • A UK surveillance compliance organisation • An independent, not for profit company founded in February 2006 with the aim of raising awareness of CCTV Data Protection compliance issues and helping those connected with CCTV to improve compliance and standards • Deals with all sectors with an interest in CCTV – installers, manufacturers, users, security companies, legal, law enforcement, government, data protection departments etc • Fully supportive of CCTV when used correctly
CCTV and the UK Data Protection Act • “Over 90% of CCTV Systems observed in the UK by CameraWatch are currently not compliant” (CameraWatch 2006) • “8 out of 10 images presented were not fit for purpose” (UK Home Office / ACPO Report 2007)
Common sense data protection.… Does the CCTV system actually do what we think it does? • Correct Purposes and Use of the CCTV System • Siting of the Cameras • Signs – Content and Placement • Quality and Authenticity of Images • Access to - and Management of - Images • Security of Data (Images) and Equipment • Training for those involved in CCTV • Procedures • Documentation
Purposes of the System • Is there a need / justification for using CCTV • Decide the purposes of the system and register them • Registration Updates / Changes • Is the system being used for the correct purposes • Is the system proportionate • Regular Reviews and Justification
Siting of the Cameras • Do the cameras only monitor what should be monitored • If workers are monitored are they aware • Is there a regular review of camera positions and indeed requirement • Are cameras protected from vandalism • Covert / Overt
Signage • There are clear and specific legal requirements for signage • Awareness of those whose images are captured – transparency and openness • Visible and readable • Correctly worded and sited
Image Quality and Accuracy • The system properly & regularly maintained • A regular check of recorded images must be carried out • The system produces quality images • Quality, Process and Storage of Images / Personal Data / Personal Information • Retention • Maintenance
Access to Images • All access to the recording medium documented • Access to images and recording equipment restricted and documented • Staff with responsibility must be fully aware of legal procedures • Subject Access Requests • Disclosure
Security of Data (Images) and Equipment • Is recording device totally secure • Persons must be fully trained for reviewing data (images) • Reviewing of data carried out in a secure and limited access area • Signed agreements regarding data processors • Are recorded images always secure • Is data shared with third parties • “The Cloud”
Training • All appropriate staff must be trained in the legal issues of CCTV • Correct action for requests of images by the public • Staff recognise requests to prevent processing of images • Legal Requirement for Training • ICO Code of Practice • Correct SIA Licence requirement
Procedures • Accountability for the system • Evidence copying • Image retention • Organisation and site-specific procedures • Regular audit of system • Procedures for all aspects of the management of the CCTV data
Documentation • All aspects of the management of the CCTV system must be documented to allow a full audit trail of the lifecycle of the personal information (CCTV images) captured. • Organisation-level and site-specific documentation • Codes of Practice • Attendance Logs • Hardware Logs • Request for Information forms and information • Maintenance and good practice operating logs • Data movement forms • Third party agreements
Just because the technology is there to do it, it doesn’t mean that it has to be done. Justify it and make it transparent – that way the public will support it.
Ensure that your CCTV system does what it should do ……No More..….No Less…... and LEGALLY. Comply with the law. Paul Mackie Chief Executive and Compliance Director CameraWatch compliance@camerawatch.org.uk www.camerawatch.org.uk
Common sense data protection.… Does the system actually do what we think it does? • Correct Purposes and Use of the CCTV System • Siting of the Cameras • Signs – Content and Placement • Quality and Authenticity of Images • Access to - and Management of Images • Security of Data (Images) and Equipment • Training for those involved in CCTV • Procedures • Documentation
Common sense data protection.… ......covers the 12 Guiding Principles of the Surveillance Camera Code of Practice and more…. • Correct Purposes and Use of the CCTV System P1, P2 • Siting of the Cameras P2 • Signs – Content and Placement P3 • Quality and Authenticity of Images P6, P11, P12 • Access to - and Management of Images P4, P7, P9 • Security of Data (Images) and Equipment P9, P11 • Training for those involved in CCTV P8 • Procedures P2, P3, P5, P10 • Documentation P2, P3, P10
The Differences……. • Data Protection is a UK law – not just covering England and Wales • Data Protection covers all but domestic CCTV systems – the new code covers only local authorities and police authorities – a reported 3% to 4% of the CCTV systems users in the UK