Avatar photo

Contributor

Author Bio ▼

Adam Bannister is a contributor to IFSEC Global, having been in the role of Editor from 2014 through to November 2019. Adam also had stints as a journalist at cybersecurity publication, The Daily Swig, and as Managing Editor at Dynamis Online Media Group.
August 25, 2016

Download

Whitepaper: Enhancing security, resilience and efficiency across a range of industries

Did Virgin Trains breach data protection laws by releasing CCTV footage of Jeremy Corbyn?

Virgin Trains has “clearly breached the Data Protection Act” by releasing CCTV footage featuring Jeremy Corbyn into the public domain, a CCTV control room manager has told IFSEC Global.

Richard Branson, founder of the rail operator, landed himself in trouble with the Information Commissioner this week after tweeting out the footage, which was captured on one of his trains, and identifying the Labour leader in order to rebut his accusations that the train was “ram-packed”.

A spokesperson for the Information Commissioner’s office (ICO) said: “We are aware of the publication of CCTV images of Jeremy Corbyn and are making enquiries. All organisations have an obligation to comply with the Data Protection Act and must have legitimate grounds for processing the personal data they hold.

“Where there’s a suggestion that this hasn’t happened, the ICO has the power to investigate and can take enforcement action if necessary.”

(Prompted by the ‘Traingate’ row, Brian Pender, chairman of the Security Institute CCTV Special Interest Group, sought to answer the question ‘when is it appropriate to disclose CCTV images to a third party?‘ for IFSEC Global.)

A CCTV control room manager, who wishes to remain anonymous, told IFSEC Global: “Corbyn can be clearly identified from the footage and even if they had pixelated his face, because they have stated who it was and what he does, we know it’s him and therefore that would make no difference. Virgin Trains, in my opinion, have clearly breached the Data Protection Act.”

This could be a case of companies not engaging with their security teams to fully understand the ramifications of CCTV release.  The ICO guidelines are clear and security functions should help shape company policies to make clear how CCTV data is treated.” Letitia Emeana, corporate security professional and member, Women’s Security Society physical security board

Virgin Trains declined to respond to requests from The Independent for comment. A spokesperson did point out that it had pixelated passengers’ faces, although it did initially release a time-stamped image with some faces visible. It later withdrew the image and released a new version with faces blurred. The Labour leader’s face was never blurred in any of the images or footage.

“ICO guidelines are clear”

Letitia Emeana, a member of the Women’s Security Society physical security board, told IFSEC Global: “My personal view of this is that this could be a case of companies and some departments not engaging with their security teams to fully understand the ramifications of CCTV release.  The ICO guidelines are clear and security functions should help shape company policies to also make clear how the CCTV data or information should be treated.”

Continues Emeana, who has held several senior corporate security positions: “If the ICO info is understood and the inclusion of the security function is that of a stakeholder in the release of data, it reduces the likelihood of mishandling and dealing with evidence to refute minor media wranglings that could be dealt with within the confines of data protection.”

Guidance on CCTV and data protection published by the ICO in 2015 seems to suggest that Virgin Trains has at the very least a case to answer:  “It can be appropriate to disclose surveillance information to a law enforcement agency when the purpose of the system is to prevent and detect crime,” says the guidance. “But it would not be appropriate to place them on the internet in most situations. It may also not be appropriate to disclose information about identifiable individuals to the media.”

Even more damningly for the company, the guidance also says that release to the public “should not generally be done by anyone other than a law enforcement agency”.

The CCTV control room manager quoted earlier, who works in public transport, outlined the processes in his own organisation to shed some light on the issue.

“We process personal information to enable us to provide a transport service to our customers, maintain our accounts and records, promote our services and manage and support our staff. We also process personal information for the purpose of safety and security, the prevention and detection of crime and prosecution of offenders, and the verification of claims, including using CCTV systems to monitor and collect visual images for these purposes.”

“Verification of  claims”

Asked whether he thought there had been a contravention of data protection laws by Virgin Trains, he said: “Well firstly we need to look at what they have registered with the ICO.”

“It can be clearly seen from this statement that CCTV can be used for the verification of claims. It does not state insurance claims and therefore could be used for the purposes of verifying complaints/claims made by passengers as to the service they have received from Virgin.

“Then we need to also look at what it can be disclosed for. We sometimes need to share the personal information we process with the individual themselves and also with other organisations.

“Where this is necessary we are required to comply with all aspects of the Data Protection Act (DPA). What follows is a description of the types of organisations we may need to share some of the personal information we process with for one or more reasons.

“Where necessary or required,” he says his organisation shares information with:

  • family, associates and representatives of the person whose personal information we are processing
  • current, past or prospective employers
  • suppliers and service providers
  • insurance companies
  • business associates and professional advisers
  • financial organisations
  • persons making an enquiry or complaint
  • educators and examining bodies
  • employment and recruitment agencies
  • credit reference agencies
  • debt collection and tracing agencies
  • central government
  • police forces and security organisations
  • group companies

“Nowhere does it state within this that they can release images to the media without permission of the person captured on those images.  Therefore they had every right to view the footage and use it for the purpose of verifying the claim, but should not have released the image to the press without permission.”

Asked if there had also been a contravention of the CCTV Code of Practice he added: “There is no need to even look at the CCTV Codes of Practice and this would only quote the DPA as a reference anyway.”

In a section about CCTV footage Virgin Trains’ privacy policy states: “In certain circumstances we may need to disclose CCTV images for legal reasons. When this is done there is a requirement for the organisation that has received the images to adhere to the Data Protection Act.”

 

Free Download: The Video Surveillance Report 2023

Discover the latest developments in the rapidly-evolving video surveillance sector by downloading the 2023 Video Surveillance Report. Over 500 responses to our survey, which come from integrators to consultants and heads of security, inform our analysis of the latest trends including AI, the state of the video surveillance market, uptake of the cloud, and the wider economic and geopolitical events impacting the sector!

Download for FREE to discover top industry insight around the latest innovations in video surveillance systems.

VideoSurveillanceReport-FrontCover-23

Related Topics

Subscribe
Notify of
guest
12 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
James Wickes
August 30, 2016 5:41 pm

Corbyn has squarely placed himself in the public domain.
Therefore I would imagine that Virgin will argue that the publication of the
footage is in the public interest. – remember Naomi Campbell vs MGN Ltd – https://en.wikipedia.org/wiki/Campbell_v_MGN_Ltd.
More to the point is that Virgin’s On-board CCTV systems
were not time-stamping accurately which means that any evidence may not be fit
for purpose.

Arnold Tarling
Arnold Tarling
August 30, 2016 5:52 pm

The release of this film was definitely in the public interest.  It will be counter productive for Corbyn and his supporters to complain breach of the Data Protection Act.  The film was undertaken in what I would consider to be a public place.  As far as I am concerned the Data Protection Act is too restrictive and is used by people in authority or in business to cover up the facts.

Adam Bannister
Adam Bannister
August 30, 2016 5:54 pm

James Wickes Interesting to hear an opposing viewpoint!

James Wickes
August 30, 2016 6:04 pm

Adam Bannister James Wickes If I were in Mr Branson’s position I would have sent a polite email to Mr Corbyn explaining that the on-board CCTV does not corroborate his statement and asked him for a retraction. One has to wonder how much of this was all about detracting from BA’s moment of glory with our returning Olympic heroes ….

SunnyGuptaGupta
SunnyGuptaGupta
August 30, 2016 6:39 pm

No Virgin Trains did not breach the law. Corbyn proably did this has he is probably trying to avoid the public attention. I would of done the exactly the same has virgin had done.

cbrogan292
cbrogan292
August 30, 2016 8:57 pm

No they have not. See condition 6 schedule 2 Data protection Act 1998.
For a more detailed explanation supported by legal and academic evidence rather than uninformed opinion which only misleads people e mail me on [email protected]
Chris Brogan

JamesHendry2
JamesHendry2
August 31, 2016 5:49 am

Read this article to get a legal view on where people stand with CCTV and we basically heard an opinion on guidelines and a few unqualified opinions. I will add mine depends how much your willing to spend on the case. I know quite a few lawyers who will laugh at cases they have won because the other side thought they could not lose and handed the case to the freshest learnard friend.  At least http://www.livefyre.com/profile/33383618/ has given the best answer thanks. However in all court cases its not over till the fat lady sings. Virgin could issue an apology saying it regrets that… Read more »

Adam Bannister
Adam Bannister
August 31, 2016 11:36 am

JamesHendry2 Hi James. THanks for the reply. I did have a lawyer with expertise in data protection lined up but his comments never materialised… Anyway, we shall see how the case unfolds…

Adam Bannister
Adam Bannister
August 31, 2016 11:40 am

James Wickes Adam Bannister Ha, interesting theory. And yes, your suggestion might have been a less risky tactic.

James Wickes
August 31, 2016 12:22 pm

Adam Bannister Setting aside the question of whether Virgin breached Data Protection rules I was intrigued to see a significant corporate organisation (Virgin) utilise CCTV footage to fight back against biased social media based reporting. Every one of us has the power to be a reporter these days (even Jeremy Corbyn) and with that power comes a personal and moral responsibility which is not always exercised and often “reporting” can be one-sided. When Jeremy Corbyn recorded the rather unedifying video of himself arranged on the floor of a Virgin train corridor spouting forth about a lack of seats, he carried out… Read more »

Adam Bannister
Adam Bannister
August 31, 2016 12:49 pm

http://www.livefyre.com/profile/33383618/ http://www.livefyre.com/profile/32004298/ Interesting
point. It’s a dimension to the potential use of video surveillance that we’ve
not really explored on IFSEC Global.
I don’t like to express any particular view on security issues –
I’m just the curator for the views of expert industry voices!
However, I do agree that social media has given people unprecedented
power to unfairly tarnish other people or organisations. There’s nothing more loathsome
than the Twitterati in full, self-righteous, angry mob mode. This article
touches on these issues and is one of the best things I’ve read in a while https://www.theguardian.com/media/2016/jul/12/how-technology-disrupted-the-truth

James Wickes
August 31, 2016 1:02 pm

Adam Bannister Excellent article.