- Security TWENTY
- Women in Security
The new data protection law, under the European Union-wide General Data Protection Regulation (GDPR) came into force one year ago on May 25, 2018. A vacant property security company suggests there’s alarming levels of non-compliance especially over the use of CCTV.
Clearway’s UK CCTV Manager, Andrew Crowne-Spencer says: “The whole point of CCTV is security, and its deterrent factor in part, as well as recording the criminal activity to assist law enforcement bodies in detecting the perpetrators. Therefore, if trespassers or criminals don’t even realise they’re on camera, as is what we suspect in a lot of cases, what sort of useless deterrent is that? And, just how good are the images the cameras are supplying? If they’re grainy or blurred due to old or faulty equipment, or not set up correctly, that doesn’t help anyone except the trespassers or criminals.
“Ten years ago it was reported that 95 per cent of murder cases investigated by Scotland Yard used CCTV footage as evidence, yet latest data suggests 80pc of footage now available is of such poor quality it’s almost worthless. That apart, don’t these companies or organisations, even public sector ones, realise if they’re not properly complying with the GDP Regulation they can be penalised because of it? Sometimes to the tune of many thousands of pounds?”
One year on from the GDPR, Andrew cites some of the key failures that came to light in Clearway’s look at its own nationwide client and contact list. In no particular order:
– Failure to fit signage or keep the information on it accurate.
– Failure to carry out a GDPR risk assessment prior to CCTV deployment.
– Leaving DVRs (digital video recorders) unlocked or unsecured so anyone, not just designated security personnel, have access to footage.
– Failure to ensure the lenses of CCTV cameras are not appropriately directed or are masked so that inappropriate footage is not recorded, and, if the data is shared with other parties, for example to monitor specific individuals, then innocent people are blurred out, a simple matter to deal with using appropriate modern software.
– Having CCTV monitors which are viewable by the public.
– Failure to have trained staff to monitor the CCTV.
– Leaving usernames and passwords as default settings or noted next to the equipment.
– If the images are to be shared with other organisations, such as the police, TfL, or other security service providers, failure to manage this appropriately to conform to Regulations.
On one site recently which Andrew Crowne-Spencer calls a great example of common compliance failings:
– DVR on reception desk with monitor on top – no one at reception – someone leaned over the desktop to look at the monitor to see if their taxi was at the front door!;
– User name and password on a sticker attached to the monitor;
– We walked outside to find all of the CCTV signage was so worn and old that the contact details had faded away and were illegible.
Andrew says: “That might sound petty, but there was a break-in and when the intruder was arrested police showed the CCTV footage in court. The defence barrister then asked for all camera footage to be played at the same time. As the intruder was seen on two systems at the same time (due to the timers not being synced) the barrister claimed the evidence was inadmissible as it was clearly inaccurate since how could the intruder be in two places at once? Case dismissed due to lack of evidence!”
The message from all this is simple, Clearway adds. Check your CCTV systems are doing what they should and you are complying with the Regulations. Because someone, somewhere will be watching what you’re doing sooner or later.
Picture by Mark Rowe; Edinburgh.