Guidelines for Preventing Misuse of CCTV Security Footage

Out in the alleyway by the wheelie bins in Sunderland…

The ‘super soaraway’ Sun, is part of Rupert Murdoch’s global media empire. It built its reputation featuring portraits of topless models alongside stories containing sexual content, such as the indiscretions of celebrities and political figures.

Despite doing away with topless models, The Sun continues to use ‘sexationalism’ as a way to keep copies flying off newsstands. With around 1.7m circulated every day, it still comfortably leads the Audit Bureau of Circulations (ABC) ranking for a UK national daily, leading its second-place rival by around 10%.

On 20 March 2017, it ran a story about how CCTV security footage of sexual activity from outside a night club in Sunderland which had been posted on a porn site receives an enormous number of views.

Questions for the night club and the ICO

This story raises serious questions for the night club and the Information Commissioner’s Office (ICO).

The article suggests the footage is from a security camera and was captured in November 2001. However, ownership of the data and how it got online is not clear. The footage was posted on the porn site in 2015 and it seems to have been retained for an unusually long time.

If the footage is from a security camera operated by a business, the recordings should be dealt with in accordance with the guidelines contained in the document, ‘In the picture: A data protection code of practice for surveillance cameras and personal information’, published by the ICO in October 2014.

Posting the footage on a public internet site is clearly in breach of compliance and the guidelines designed to prevent misuse and unauthorised sharing of such data, and it is likely this matter will attract the interest of the ICO.

CCTV and data protection: Some basic guidelines

If you are unclear about the rules for managing CCTV data captured by your firm’s security cameras, here are some basic guidelines.

• Processing personal information
  • The Data Protection Act (DPA) governs the capture, storage and use of CCTV data.
  • It is designed to prevent the misuse of personal information. Legal obligations are placed on anybody who handles this type of information.
  • The DPA provides a means of regulatory control on the use of CCTV to ensure that individuals may enjoy security of their safety and possessions whilst being assured that rights to personal privacy will not be unduly compromised.
  • Declaring that an organisation or firm is processing personal information captured by CCTV has been a requirement since 24 October 2001.

• Data retention
  • A retention time of 31 days is commonly used for most CCTV applications and is recommended by police.
  • In the event of a major incident it may prove invaluable to the business and the Police to be able to review the video of the days, hours and minutes prior to the event, as well as of the event itself.
  • The advice of the Information Commissioner is that data should not be retained for longer than necessary.

Compliant management of CCTV personal information with iC2

iC2 works with its clients to ensure that CCTV security solutions are operated and managed in full compliance with the regulatory code.

To find out more about how iC2’s consultancy services help businesses to capture, store and manage CCTV data in line with the regulator requirements of the ICO, simply get in touch today.

Click here to see ‘ALLEYWAYHEY! Unsuspecting couples caught romping on CCTV in dingy passage behind Sunderland nightclub become viral hit’ at thsun.co.uk

Image Source: Unsplash