In the March 2015 DVR-NVR supplement a year ago we looked at what the Surveillance Camera code of practice had to say. Here we offer an update.
Last month the Surveillance Camera Commissioner brought out guidance for local government councillors, asking them how well does their council comply with the 12 guiding principles of the code of practice. Tony Porter, the former senior policeman now the commissioner, uses the concept of surveillance by consent, on the same lines as policing by consent. In other words, just as we in the UK do not submit to the police but see the police as there for our benefit, so it should be with public space CCTV, which after all citizens are paying for. Lose that consent, and CCTV does resemble Big Brother, something done to people, rather than for them. The stakes then, are high.
The principles
Recording – what happens to the images – is very much part of the 12 principles. A CCTV user should store no more images or data than is strictly required; store those images securely; and have safeguards in place as to who can view images. To recap, the code, which came into force in England and Wales in 2013, seeks to balance the need for cameras in public places with people’s right to privacy. Use of public space CCTV ought to be for a purpose – ‘a pressing need and legal justification’ – whether on the street, in council property such as libraries or town halls, or body-worn video of street or parking wardens; or number plate recognition, or even use of drones. The guidance recommends that an operational requirement (OR) is completed for each system. Surveillance might not turn out to be the best option (whether in terms of value for money or effectiveness). That OR will help ‘to document the process ensuring that the proposed system is fit for purpose, has sufficient funding and public approval as well as specifying the technical requirements and a review process’. Review at least annually is one of the 12 principles, as things change and surveillance might become less valid. On storage, the guidance sets out: “No more images and information should be stored than that which is strictly required for the stated purpose of a surveillance camera system, and such images and information should be deleted once their purposes have been discharged.” As people are entitled to a copy of images of themselves, it is essential to have a policy on access requests. That said, disclosure of images should only happen for such a purpose, or for law enforcement. In a word, access to recorded images should be according to ‘clear rules’ and staff should know what those rules are.
Exportable?
As for data security, the guidance asks if the system is connected across an organisational network or intranet; if so, what are the controls? If the CCTV is there to prevent and detect crime, the system ‘should be capable of producing images and information that are suitable for the criminal judicial system’. Are the images in a format that is easily exportable? Do you have an audit train, and safeguards to ensure the forensic integrity of the images? Because there is little point in having CCTV and even storing images, if they aren’t of ‘evidential value’. p
