No organisation wants to breach the Data Protection Act (DPA) because doing so would have serious consequences for their business: fines, bad publicity and even criminal sanctions. However, many do not realise that the Act also applies to the CCTV systems they may use to secure their premises, as well as protect tenants or staff members.
Businesses typically install CCTV to protect staff and their assets. Nonetheless, according to our recent survey, many worry that the images they are collecting are not actually good enough to identify perpetrators should criminal activity take place. This leaves them wide open to breaching the DPA, which states that data recorded with the purpose of identifying individuals performing criminal activities must be of sufficient quality to do so, otherwise its capture is unjustified.
For a CCTV system to serve its purpose, i.e. to deter crime and protect people while meeting the demands of the DPA, the recordings must be of sufficient quality to identify individuals performing criminal activity and be easily accessible by the police, with the right credentials to be used as evidence, such as accurate timestamping.
Only footage relating to the purpose of the CCTV system should be recorded, so it is important to be able to schedule recording periods, redact areas of a camera ‘s view to prevent collateral intrusion and ideally to trigger recording by way of an event such as motion detection. Any recordings taken must be stored securely to prevent unauthorised access and hacking; this means using encryption wherever possible.
All concerns around the effectiveness of CCTV, from image quality, secure access and image sharing to accurate time-stamping, can easily be addressed through integration with the Internet of Things (IoT). Cloud based solutions enable users to record and store high definition images and video footage securely. Data can be fully encrypted and time stamped, then stored securely with access available through an authorised web-enabled device. Such systems are designed to handle large volumes of data and are also highly scalable to accommodate any future growth of a business such as new locations and the need for increased security.
Using the cloud makes sharing of images easy within a highly-secure, proven technology platform, thus crowdsourcing a community which can help to piece together any suspicious activity. Some can also be retrofitted to existing systems without the need to replace cameras or cabling, enabling users to take advantage of the IoT with minimum additional cost.
Not only does this make the data much safer but it is also easier to use, giving users secure, encrypted storage for high quality images, accurate time and date stamping and immediate access to their data if it is needed by the police – helping to ensure that even older analogue systems comply with the DPA and providing peace of mind that their physical assets and their people are protected.
CCTV may seem like an unlikely area for concern, and the data it collects may seem very innocuous in comparison with other personal data. However, with the potential of heavy fines and even criminal sanctions applying to any breach of data protection regulations, organisations need to ensure that they take the quality and security of their CCTV extremely seriously.
Words by James Wickes, CEO and co-founder of Cloudview