Data protection Act 1998, Summary relating to CCTV surveillance

The Data Protection Act 1998 relates to data processing of all types. The definition of data under the new Act is “Information which is being processed by equipment operating automatically in response to instructions; or is recorded with the intention that it should be processed”.

Having regard for these definitions, it will be recognised that the use of CCTV for surveillance purposes is encompassed in the new Data Protection Act.

Data in the case of CCTV recordings is in the form of recorded images of individuals that can be identified from these images.

The Act came into force on the 1st of March 2000 and system owners must formally notify the Office of The Information Commissioner that they are processing data unless they have already done so for other purposes covered by the Act.

If the system was installed before the 24th of October 1998 you should have notified the Information Commissioner by the 24th of October 2001.
To notify the Office of the Information Commissioner you may either do so on the DPA web-site www.dataprotection.gov.uk or telephone 01625 545700.

Data Protection Principles
The Data Protection Act has eight principles that data should be processed in
accordance with. The principals are as follows:

1. “Personal data should be processed fairly and lawfully”.
2. “Personal data shall be obtained for one or more specified purposes, and shall not be further processed in any manner incompatible with those purposes”.
3. “Personal data should be adequate, relevant and not excessive in relation to the purposes for which they are being processed”.
4. “Personal data should be accurate, and where necessary, kept up to date”.
5. “Personal data processed for any purpose or purposes shall not be kept for any longer than is necessary for that purpose or those purposes”.
6. “Personal data shall be processed in accordance with the rights of data subjects under this Act”.
7. “Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to personal data”.
8. Personal data shall not be transferred to country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedom of data subjects in relation to the processing of personal data”.

How does this translate to the way we operate CCTV systems? A system should be evaluated using the following criteria.

Evaluation Criteria

1. Objectives of the scheme in question.
2. Fairness of the scheme.
3. Confidentiality of images recorded and handled.
4. The rights of individuals of whom data is being collected.

These four points are developed as follows:

Objectives/Purposes of the Scheme (Second Data Protection Principle).
Operators must have access to a clear documented statement of the objectives of the scheme. This document must also include the responsibilities of those involved in operating and managing the system.

The purpose for operating the scheme should be lawful.

(First Data Protection Principle).
Individuals should be made aware that they are entering an area where CCTV recordings are active. This is normally achieved by the use of signs. Signage should display the following information:
• A warning that CCTV recording is taking place.
• The purpose of the scheme.
• The operators of the scheme.
• Contact details for the operators of the scheme.

If the correct signage is not in place the scheme will be considered covert. Covert recordings can only be made under the following circumstances.
• If you have assessed that informing individuals that recording was taking place would prejudice your objectives.
• You have reasonable cause to suspect specific criminal activity.
• That the covert processing is only carried out for a limited and reasonable period of time and relates to specific criminal activity.

If you decide in principle to adopt covert recording, you would be advised to have a clear documented procedure, which sets out how you determine whether the use of covert recording is appropriate in an individual case. If you decide that covert recording is appropriate, you should document your decision and the reasons for reaching that decision. 

Recommended Sign Sizes and Designs
Whlst the DPA Code of practice makes certain suggestions as to the size of signs it makes no reference to colour. The obvious choice of high impact colour would be a traffic yellow background printed in black as standard industrial warning signs. Such a choice of colour is acceptable in most industrial, commercial and government applications, however, a more subtle engraved brass or stainless steel finish would be more appropriate in certain applications. In the case of BANK ATM machines with CCTV recording, an on screen statutory information sign would be ideal providing that the sign is visible before the start of any recording that takes place. There is no substitute for common sense, but as a guide:

A3 size for outdoor perimeter applications and multi-storey car parks.
A4 size for large building entrances.
A5 size for single leaf doors.

Confidentiality (Seventh Data Protection Principle)
This is one of the most important sections of the Data Protection Act 1998. It is not a very difficult concept but has far reaching effects as far as traceability, security and accountability is concerned. All the images that you record are considered confidential, this would include video prints etc.

Traceability
To ensure confidentiality the Data Protection Act requires traceability of images. This implies that each image could be traced to a specific date, time, recording device, recording medium and the individual responsible for the recording. This is normally achieved by means of a written log.

Time and date stamping

By inserting the time and date and the camera reference on the images it enables you to refer to a specific incident.

Serial numbers
The recording medium can be made traceable by using serially numbered cassettes. Cassettes should be dedicated to specific recording devices and should not be interchanged between machines. Tapes should not only be traceable through their lifetime, but also through their individual uses.

Security
We have already mentioned the fact that these images are confidential. This creates the need for security of both the recording media, the images on this media and the recording devices.
Tapes should be stored in lockable cabinets. This would restrict access to all unauthorised parties. It would also ensure the archiving period is maintained. Tapes should be kept in secure cabinets even in a control room situation.
Equipment should be kept in tamper proof conditions. Access to the recording equipment should be restricted to maintenance staff and operators. Access to recording equipment by maintenance engineers should be logged.

Erasure

Tapes should be erased between recordings and at the end of their lives. Because the information is confidential it is important to destroy the evidence on the tapes before they are discarded. Erasure of tapes should be checked and logged.

Archiving
(Fifth Data Protection Principle)
Information should not be stored longer than necessary. The generally accepted norm is 31 days. Images may be stored for longer periods if it can be justified, for example 90 days in the case of Bank ATM where a customer may not be made aware of a problem until a bank statement is received.

Quality of Images
(Third and Fourth Data Protection Principles)
Images should be of such quality that the purpose of the scheme can be achieved. The equipment should be restricted to record sufficient information to achieve this purpose. Care should be taken that no unnecessary information is gathered.

Information Sharing
(Eighth Data Protection Principle)
Section 115 of the Crime and Disorder Act 1998 creates the power to share information, from the system owner/operator to the Police Authorities, Probation Committees, Local Authorities and Health Authorities. All relevant information should be documented, including the reason for information sharing. For the avoidance of confusion it would be good practice not to issue recordings to any third parties other than the Police.

Evidence Recordings

Any recordings used for evidence should be segregated from the normal tapes and kept in a secure manner.
Copies of recordings may be admissible as evidence providing there is a clear audit trail to the original copy.

Tape Copies and Video Prints
Any copies of recorded material should be documented and made traceable.

Rights of the Individual
(Sixth Data Protection Principle)
ACCESS
Individuals may request a copy of any recording that exists of the, this would normally be in the form of a video recording on a VHS cassette. He/she must be made aware of their rights regarding such recordings by means of a summary of the rights of the individual and the system owner/operators. For recommended procedures refer to the DPA. If the owner/manager cannot comply with the request without disclosing identifiable images of third parties, the manager or a designated member of staff should determine whether the images of the third party is held under a duty of confidence. In which case the images shall be edited to disguise the identities of such parties.
If you have any doubts regarding this matter it would be prudent to err on the side of caution and arrange for third party images to be electronically masked.
Access may be denied where such an action would compromise the detection or prevention of crime, or where it may impede the apprehension or prosecution of offenders.

PRIVACY
IMPORTANT. THIS PRINCIPLE APPLIES TO ALL SYSTEMS WHETHER OR NOT RECORDING IS TAKING PLACE.

Cameras should be set to view only images that they were intended in order to achieve the objectives of the scheme. If this is not possible without viewing domestic or other areas which would be reasonably considered private, the owner of these areas should be consulted.
If you have any doubts regarding this matter it would be prudent to electronically or physically obscure the view such cameras have of private areas.
Intentional voyeurism via operation of CCTV cameras is an invasion of privacy in any circumstances.
Employers of CCTV operatives should consider making evidence of such unacceptable behaviour grounds for disciplinary procedure.

Definitions
In order to have accurate and complete documentation to accompany your system, you need to understand some of the terms used in the Data Protection Act.

Data Controller

“A person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data are, or are to be processed”.
In the case of situations where CCTV is the only data being processed this individual would be the senior person within the system owners organisation who has responsibility for security policy.

Personal Data
Data which relates to a living individual who can be identified:
a) from those data, or
b) from those data or other information which is in the possession of, or is likely to come into the possession of, the data controller.

Sensitive Personal Data

Section Two of the Act 1998 separates two distinct categories of personal data, which are deemed sensitive.
A full list of these categories are available in section two of the Act. The following are the main two reasons that would deem data to be considered as sensitive.
a) The commission or alleged commission of any offences.
b) Any proceedings for any offence committed, or alleged to have been committed, the disposal of such proceedings or the sentences of any court in such proceedings.

Beneficial Owner
The owner of the system being the person or organisation that receives benefit from the operation of the system. In the event that the system is leased from a finance company the lessee would be considered to be the owner for the purposes of the DPA not the finance company.