Domestic CCTV May Breach Data Protection Rules and Other Insights from the SSAIB Installer Forum

Households with CCTV systems may soon have to register with the Information Commissioner’s Office following a landmark EU ruling.

Courtesy of the Surveillance Camera Commissioner’s Office, this was one of many fascinating insights to emerge from the latest SSAIB/BT Redcare Installer Forum, which first took place in 2014. The 2016 event, which was held again at the iconic BT Tower in central London, had a forward-thinking programme.

Touching on home automation, the dearth of engineering skills and the regulatory framework for drone-based surveillance, it suggested the organisers were mindful of the importance to installers of keeping abreast of a rapidly changing industry.

Like last year, SSAIB CEO Alex Carmichael kicked off proceedings, reassuring the audience that EU standards would continue to apply in the event of a vote for Brexit on 23 June.

Office of the Surveillance Camera Commissioner

Kishor Mistry, head of policy and support at the Office of the Surveillance Camera Commissioner, said surveillance drones unequivocally fall under his organisation’s auspices (and, indeed, the Civil Aviation Authority), which means the Surveillance Camera Code of Practice applies.

Mistry elucidated the code’s 12 key principles and philosophical underpinnings – best described as ‘surveillance by consent’. And public consent effectively hinges on the public having confidence that CCTV deployment is “proportionate, transparent and effective.”

A goal not always attained, of course, and Mistry said many residential landlords had told him about inheriting fixed cameras that were close to useless, while they still had to pay for their ongoing maintenance. Is that an effective use of money, asked Mistry?

ANPR cameras often fail to adhere to the code’s principles too, he said, as the public is often unaware that their numberplates are being captured.

Data protection remained a major issue, with Mistry recalling the sacking of seven police officers after sensitive footage had been shared among officers without relevant permission.

The present government’s ‘light touch’ regulatory agenda is being somewhat undermined by a recent EU ruling which one installer in the audience – hitherto unaware of the ruling – feared would have a chilling effect on the nascent home-automation industry.

Following the František Ryneš case in the Czech Republic, the EU has ruled that some CCTV may now breach data protection rules. This means homeowners will now have to register with the Information Commissioner’s Office if their CCTV cameras overlook public space, including their neighbour’s garden (difficult to avoid, as one audience member pointed out – “round cameras for square spaces”). Although another attendee suggested privacy zones, Mistry offered a less technical solution: speak to your neighbour; they might even appreciate the extra security.

Mistry also directed the audience to the Surveillance Commissioner’s self-assessment tool for checking compliance.

BT Redcare        

BT Redcare’s presentation – a lively team effort – tested the audience’s knowledge with a quiz. Cleaving to Who Wants to be a Millionaire principles, they kicked off with a fairly easy question (and yet so many in the industry don’t know the answer): true or false, is there is a legal requirement for third-party certification on fire detection and alarm equipment? (True, in case you didn’t know).

We also discovered that BT Redcare is the only UK company with third-party certification for LPS 1277 on fire-alarm signalling systems. The company’s Approved Installer Programme, meanwhile, has just been rolled out to fire installers, who can now enjoy their share of the 2,000 sales leads shared between installers through the scheme.

Perhaps the most surprising fact was that 46% of all UK fires are started deliberately.

How to win business from large corporates

The organisers made an astute choice in Letitia Emeana, Lloyds Banking Group’s UK building lead for physical, people and electronic security. Here was someone from their pool of target customers who delivered not just an interesting presentation (which helps) but one that was useful on the thing that matters: winning new business.

Speaking from experience of appointing security firms Emeana, the physical security board member for the Women’s Security Society, offered installers advice on winning custom from large corporates. This she distilled into six core principles:

• Know your prospective client key point/requirements
• What products/systems are they currently using?
• How should we contact them?
• Can we offer the coverage needed?
• Are we structured to advise clients with subject matter expertise?
• Can we deploy resource in the challenging timescales required?

Intriguingly, she suggested that security decision-makers in large organisations were increasingly hands-off – preferring to defer to the installer’s expertise. Demonstrating your expertise in a proactive manner, she told the audience, would greatly impress prospective customers.

Installer debate

A diverse range of presentations culminated in an audience Q&A, led by IFSEC International’s senior marketing manager, Claudia Whitcombe. Asked what their biggest challenges were as installers, the audience was particularly animated by the chronic dearth of engineering skills.

One attendee called it a “nightmare”, saying his firm effectively had to train installers themselves. Even electricians often lacked basic skills like doing a two-way light switch, he said.

That an industry as large as the security trade lacked a formal qualification structure was also cited as a problem.

The tension between traditional physical security and IP-based, interoperable systems was also discussed. IT and security engineers need to work closely together in the modern industry, said one installer. And younger workers, it was noted, are noticeably more at ease with the IT dimension of modern systems.

The failure of standards to keep pace with evolving technology was raised as a concern, as was the profusion of certifications and affiliations. A website, business card or van covered in logos claiming certifications do help contractually, for insurance purposes, said Letitia Emeana, but not “on the ground” if work is substandard.

One audience member noted that many end users were unaware of their legal responsibilities and felt installers should play a key role in educating customers.

Asked about products, one attendee complained of a massive run on failed alarms and cameras – and “we foot the bill”, not suppliers.

Another recommended a dedicated staff member for big contracts – “we would expect that”, said Lloyd Banking Group’s Letitia Emeana, backing this point.

Mike Jay from RISCAuthority said competition law was “the sword of Damocles” hanging over the industry, insofar as cooperation over standards and other areas could be seen as collusion.

The SIA Licensing Review, which was blocked by the Department for Business, Innovation & Skills over the costs to small businesses, was mentioned. SSAIB’s Alex Carmichael said implementation of the licensing scheme was also being hampered by the use of the term ‘consultant’, which was so broad as to encompass professionals across the supply chain.

One installer in the audience also said the insurance industry was sometimes too cautious in its requirements, for example prescribing a grade four intruder alarm in environments when grade three would often suffice.

RISCAuthority

From RISCAuthority, Security Working Group Convenor Mike Jay provided an overview on the research scheme’s aims and activities, including its free publications S12 (police response for intruder alarms), S13 (audible-only intruder alarms), S14 (police response for intruder alarms) and S17 (intrusion and hold-up alarms).

He also discussed S29, covering access control, which he dubbed a “Cinderella” sector – ie, often neglected.

The organisation’s current focus is on the defining threats of our age – cyber crime and terror – as well as safety deposit boxes in the wake of the Hatton Garden Raid (a surprising lack of standards in this area, he remarked). Lacking the technical expertise for such a complex and fluid subject, Jay said their work on cyber crime/security was more about signposting to authoritative sources.

Health and safety

There was also a useful session on health and safety by Shaunna Thornton, an H&S Consultant with Citation, covering manual handling, COSHH and PPE regulations as well as the relevant enforcement, inspection and audit agencies.

She asked the challenging question: why have health and safety protection measures? Besides the moral obligations on people to behave in a reasonable manner and care for others, there are legal reasons (including the 1974 Health and Safety at Work Act and the Managing Health and Safety at Work Regulations 1999), as well as financial imperatives: 27 million days are lost annually (approximately one day per worker).

Free Download: The Video Surveillance Report 2023

Discover the latest developments in the rapidly-evolving video surveillance sector by downloading the 2023 Video Surveillance Report. Over 500 responses to our survey, which come from integrators to consultants and heads of security, inform our analysis of the latest trends including AI, the state of the video surveillance market, uptake of the cloud, and the wider economic and geopolitical events impacting the sector!

Download for FREE to discover top industry insight around the latest innovations in video surveillance systems.

Download The Video Surveillance Report