Cloudview urges CCTV end users to rigorously check Data Protection Act compliance

Cloud-based video surveillance company Cloudview is warning that many of the CCTV systems businesses employ to protect property, staff or tenants risk breaching current data protection-centric legislation, in turn placing companies at risk of fines, bad publicity and even criminal sanctions.

The warning comes after Cloudview commissioned a Briefing Note from independent solicitor Wright Hassall to clarify how the Data Protection Act (DPA) relates to CCTV systems. This sets out five key requirements for DPA compliance, from secure storage and encryption through to the ability to switch the surveillance system on and off so that recording is not continuous.

The detailed Briefing Note warns that even tighter regulations come into force in 2018, with fines of up to €20 million or 4% of global turnover (whichever is higher) for a serious breach of the European General Data Protection Regulation.

Cloudview’s co-founder and CEO James Wickes believes many organisations may not realise the extent to which their CCTV recordings are covered by the DPA.

Potential breaches of the DPA

“Poor image quality, inaccuracy in the time/date stamp and being unable to access recordings easily when requested are problems I hear about frequently when visiting CCTV end users, and these are all potential breaches of the DPA,” stated Wickes. “The Information Commissioner’s Office points out that, if data is to be recorded, this must be done securely and accurately in order to be used properly. If not, its capture is unjustified.”

James Wickes

James Wickes

Wickes continued: “Similarly, if recorded footage isn’t stored securely to prevent unauthorised access and hacking, then the host organisation is at risk of a fine or a more serious penalty. Many of the organisations we speak to don’t know how many CCTV systems they use or whether they’re actually working because they’re not managed centrally. This could make CCTV a litigation time bomb waiting to go off.”

The DPA requires all organisations that collect CCTV data to have a legitimate reason for doing so. The recordings must be of sufficient quality for their intended purpose. In other words, if the aim is to identify individuals performing criminal activity, then the recordings should be of sufficient quality to do so and must be easily accessible by members of the police service. They must be held securely, using encryption wherever possible, and should be stored no longer than is necessary.

Making older systems compliant

“Organisations use CCTV to provide security, but it’s vital that they remember it falls under the same regulations as all the other personal data they hold,” concluded Wickes.

“The simple truth is that it’s very impractical to try and make old style systems compliant. Adding security usually makes them less accessible and usable.”

*Cloudview has now made the briefing note available via its website

Founded in 2012, Cloudview is the developer of a corporate-grade, secure, cloud-based video surveillance system that enables authorised users to view, manage and share footage generated by CCTV from multiple locations on any smart phone, tablet or PC.

The company was recently awarded ‘Police Preferred Specification’ status: the only CCTV product of any description to have received this accolade.

Headquartered in Hampshire, the firm works in partnership with Care Protect, which has adopted Cloudview’s technology across a number of care homes to protect the well-being of thousands of residents and staff.

About the Author
Brian Sims BA (Hons) Hon FSyI, Editor, Risk UK (Pro-Activ Publications) Beginning his career in professional journalism at The Builder Group in March 1992, Brian was appointed Editor of Security Management Today in November 2000 having spent eight years in engineering journalism across two titles: Building Services Journal and Light & Lighting. In 2005, Brian received the BSIA Chairman’s Award for Promoting The Security Industry and, a year later, the Skills for Security Special Award for an Outstanding Contribution to the Security Business Sector. In 2008, Brian was The Security Institute’s nomination for the Association of Security Consultants’ highly prestigious Imbert Prize and, in 2013, was a nominated finalist for the Institute's George van Schalkwyk Award. An Honorary Fellow of The Security Institute, Brian serves as a Judge for the BSIA’s Security Personnel of the Year Awards and the Securitas Good Customer Award. Between 2008 and 2014, Brian pioneered the use of digital media across the security sector, including webinars and Audio Shows. Brian’s actively involved in 50-plus security groups on LinkedIn and hosts the popular Risk UK Twitter site. Brian is a frequent speaker on the conference circuit. He has organised and chaired conference programmes for both IFSEC International and ASIS International and has been published in the national media. Brian was appointed Editor of Risk UK at Pro-Activ Publications in July 2014 and as Editor of The Paper (Pro-Activ Publications' dedicated business newspaper for security professionals) in September 2015. Brian was appointed Editor of Risk Xtra at Pro-Activ Publications in May 2018.

Related Posts