Date post: | 11-Jan-2016 |
Category: |
Documents |
Upload: | kristian-lewis |
View: | 215 times |
Download: | 3 times |
Designing Smart Cities ConferenceUniversity of Strathclyde, Glasgow
31st March 2015
“Regulating Smart Cities: Policing & Privacy”
Paul MackieChief Executive and Compliance Director
CameraWatch
What is CameraWatch?What is CameraWatch?
• A UK surveillance compliance organisation
• An independent, not for profit company founded in February 2006 with the aim of raising awareness of CCTV Data Protection compliance issues and helping those connected with CCTV to improve compliance and standards
• Deals with all sectors with an interest in CCTV – installers, manufacturers, users, security companies, legal, law enforcement, government, data protection departments etc
• Fully supportive of CCTV when used correctly
UK Data Protection Act 1998UK Data Protection Act 1998
UK Data Protection Act 1998UK Data Protection Act 1998
UK Data Protection Act 2001UK Data Protection Act 2001
The Common Perception……The Common Perception……
• “Over 90% of CCTV Systems observed in the UK by CameraWatch are currently not compliant”(CameraWatch 2006)
• “8 out of 10 images presented were not fit for purpose” (UK Home Office / ACPO Report 2007)
CCTV and the UK Data Protection Act
System Audit Processes…
Common sense data protection.…Common sense data protection.…
Does the CCTV system actually do what we think it does?
• Correct Purposes and Use of the CCTV System• Siting of the Cameras• Signs – Content and Placement• Quality and Authenticity of Images• Access to - and Management of - Images• Security of Data (Images) and Equipment• Training for those involved in CCTV • Procedures• Documentation
Purposes of the SystemPurposes of the System
• Is there a need / justification for using CCTV
• Decide the purposes of the system and register them
• Registration Updates / Changes
• Is the system being used for the correct purposes
• Is the system proportionate
• Regular Reviews and Justification
Siting of the CamerasSiting of the Cameras
• Do the cameras only monitor what should be monitored
• If workers are monitored are they aware
• Is there a regular review of camera positions and indeed requirement
• Are cameras protected from vandalism
• Covert / Overt
SignageSignage
• There are clear and specific legal requirements for signage
• Awareness of those whose images are captured – transparency and openness
• Visible and readable
• Correctly worded and sited
Image Quality and AccuracyImage Quality and Accuracy
The system properly & regularly maintained
• A regular check of recorded images must be carried out
• The system produces quality images
• Quality, Process and Storage of Images / Personal Data / Personal Information
• Retention
• Maintenance
Access to ImagesAccess to Images
• All access to the recording medium documented
• Access to images and recording equipment restricted and documented
• Staff with responsibility must be fully aware of legal procedures
• Subject Access Requests
• Disclosure
Security of Data (Images) and Security of Data (Images) and EquipmentEquipment
• Is recording device totally secure
• Persons must be fully trained for reviewing data (images)
• Reviewing of data carried out in a secure and limited access area
• Signed agreements regarding data processors
Are recorded images always secure
Is data shared with third parties
“The Cloud”
TrainingTraining
All appropriate staff must be trained in the legal issues of CCTV
Correct action for requests of images by the public
• Staff recognise requests to prevent processing of images
• Legal Requirement for Training
• ICO Code of Practice
• Correct SIA Licence requirement
ProceduresProcedures
• Accountability for the system
• Evidence copying
• Image retention
• Organisation and site-specific procedures
• Regular audit of system
• Procedures for all aspects of the management of the CCTV data
DocumentationDocumentation
All aspects of the management of the CCTV system must be documented to allow a full audit trail of the lifecycle of the personal information (CCTV images) captured.
Organisation-level and site-specific documentation
Codes of Practice
Attendance Logs
Hardware Logs
Request for Information forms and information
Maintenance and good practice operating logs
Data movement forms
Third party agreements
Just because the technology is there to do it, it doesn’t mean that it has to
be done.
Justify it and make it transparent – that way the public will support it.
Ensure that your CCTV system does what it should do
……No More..….No Less…...and LEGALLY.
Comply with the law.
Paul MackieChief Executive and Compliance Director
www.camerawatch.org.uk
Common sense data protection.…Common sense data protection.…
Does the system actually do what we think it does?
• Correct Purposes and Use of the CCTV System• Siting of the Cameras• Signs – Content and Placement• Quality and Authenticity of Images• Access to - and Management of Images• Security of Data (Images) and Equipment• Training for those involved in CCTV • Procedures• Documentation
Common sense data protection.…Common sense data protection.…
......covers the 12 Guiding Principles of the Surveillance Camera Code of Practice and more….
• Correct Purposes and Use of the CCTV System P1, P2• Siting of the Cameras P2• Signs – Content and Placement P3• Quality and Authenticity of Images P6, P11, P12• Access to - and Management of Images P4, P7, P9• Security of Data (Images) and Equipment P9, P11• Training for those involved in CCTV P8• Procedures P2, P3, P5, P10• Documentation P2, P3, P10
The Differences…….The Differences…….
• Data Protection is a UK law – not just covering England and Wales
• Data Protection covers all but domestic CCTV systems – the new code covers only local authorities and police authorities – a reported 3% to 4% of the CCTV systems users in the UK