For some years now, CameraWatch has raised its own concerns concerning the compliance of CCTV systems operational in schools the length and breadth of the UK.
Indeed, CCTV in schools was the major focus of our London Forum last September, when Dr Emmeline Taylor expertly presented her own research findings on this subject.
There has been national media criticism concerning the actual number of CCTV cameras in schools in the South West of England. That was the main thrust of one story we saw – it was all about the volume of cameras. Not how successful they are, and not the reason for the number of cameras. There was nothing about the benefits gained from the cameras. It was a numbers game.
There has also been much media attention at two schools in the Midlands.
‘Purposes’ of the surveillance system
One school attracted some major adverse coverage due to the fact that the CCTV system was being used to check whether or not pupils were smoking within eyeshot of the school.
Not surprisingly, the ‘purposes’ of the surveillance system as registered with the Information Commissioner did not include smoking by pupils either within or outwith school grounds. Thus the system appeared to be being CCTV for reasons other than those registered with the authorities (hence you can then start talking about possible breaches of Data Protection legislation).
Another school was deemed by one parent to be providing an environment akin to sending children to a high security prison. According to another parent, cameras were there in force to solve problems around graffiti, anti-social behaviour and theft.
Meanwhile, one local authority in the central belt of Scotland is “being forced to” remove cameras from pupils’ toilets after concerns were raised by parents. In many presentations, I’ve expressed my concern about how many schools have installed CCTV in toilets and changing areas.
An all-too-common occurrence
Unfortunately, these three examples of bad publicity surrounding CCTV – and no-one more than CameraWatch dislikes seeing CCTV associated with bad press – are all-too-common. The frustration is that it’s so easily avoided.
The use of CCTV needs to be totally transparent. End users of CCTV need to discuss their plans with those who will be captured. The system is there to help everyone. No-one should be afraid of CCTV – as long as the system is fully compliant with the law….then we can all be confident that no misuse or abuse will result.
We’re now at the stage where no-one is asking themselves why these systems are being installed, and is it right to do so… We cannot continue with the attitude of simply installing cameras and then waiting to see if anyone complains. That process is in blatant violation of Data Protection Act requirements.
In a recent radio discussion to which I was privy, the programme host quoted that it was fine to install CCTV cameras because parents don’t disapprove. Oh, that’s fine then. Out of interest, though, who asked the pupils?
In her address to the CameraWatch Forum, Dr Taylor examined this whole subject from the pupils’ perspective, and from the position of future expectations of ‘privacy’. In the majority – if not all – of the examples given, there was a full and very worrying breach of the law.
Many privately-owned schools do appear to give the impression that they’re above the law when it comes to installing CCTV. They have the attitude that they make the rules for pupils to attend their schools, and that the parents must sign up to those rules or their children will have to learn elsewhere.
What, then, if those rules include being captured by illegal CCTV systems and loss of individual rights to privacy?
No malice involved
In the majority of schools where non-compliant CCTV systems are used – and bear in mind that I’ve actually yet to visit any school that does fully comply with Data Protection legislation – there’s absolutely no malice involved.
The local authority or head teacher hasn’t deliberately stood up and decided that they were going to install a CCTV system and to hell with the law.
In most instances, the school has had a problem and someone has suggested the remedy to be CCTV. The focus then is simply on the installation of the CCTV system to do what they think they want it to do and, invariably, for as little financial outlay as possible.
When is the issue of the law introduced to this scenario? Unfortunately, from personal experience the answer is: ‘Never. There are indeed many occasions where there is a local authority CCTV system in place for a given school but, totally unknown to that local authority, the school has also independently installed a system of its own (perhaps to cover specific areas of concern such as corridors, classrooms, changing areas and toilets).
That installation will have been carried out for would seem to be perfectly legitimate reasons (for example, to prevent soap stealing, smoking, blocking the sink or toilets, bullying, etc). It’s not a matter of asking what other methods of supervision may be used or if there are other potential methods for reducing the problem(s) – CCTV is seen to be the automatic answer.
The Information Commissioner’s CCTV Code of Practice states that a process should be adhered to that, first of all, establishes whether or not a CCTV system’s actually needed as opposed to alternative solutions (and, if CCTV’s use is indeed justified, then to establish properly and exactly what surveillance will be used for in the real world).
This usage – ‘the purposes’ [of CCTV] – will then be registered with the ICO and included on the statutory signage on the premises prior to people being captured by any cameras.
Expectations placed upon surveillance
Over the next few months, CameraWatch will be looking at the affect(s) CCTV has on the education sector, and most notably reviewing the expectations placed upon CCTV. This process will not only include schools – both publicly and privately owned – but also colleges and universities.
CCTV is with us. It’s part of all our lives. It’s there for specific reasons. We all rely on CCTV and depend on it. We depend on the fact that it’s installed, operated and managed in a legal way in accordance with UK legislation.
CCTV is used to protect and safeguard pupils, staff and visitors to our schools, but we’re currently living under a false sense of protection. We need to see attitudes towards surveillance changing and the quality and standards of CCTV improved dramatically before we can be totally comfortable.
And the clock is very much ticking…
CCTV challenged in court
An interesting development on the questioning of CCTV footage – we all knew it was going to happen, is going to happen and is going to have a serious bearing on the general public’s opinions of, and confidence in, CCTV – has actually come from Cyprus.
Later this month, the Nicosia Criminal Court will announce its decision on questions submitted by the defence in the murder trial of a media owner regarding the admissibility of footage recorded by security cameras of two individuals directly involved in the case.
The prosecution wanted the footage shown to another witness for identification purposes. The defence lawyer objected to that viewing, citing violation of his client’s personal data. This objection was rejected, but a continuance to study the court’s decision and submit legal questions was requested (a request duly accepted by the court).
Six written questions were submitted asking whether the client’s right to privacy had been violated. The defence attorney said the footage had been taken without the client knowing, and without any form of consent.
It was also argued that the system has been installed to protect a resident of the bloc from a possible criminal act, unbeknown to the personal Data Protection commissioner and without any warning signs of its presence.
Naturally, we’re very interested in these deliberations. The compliance of many CCTV systems is questioned prior to court proceedings in the UK, but this is interesting in that CCTV evidence is actually now being questioned in court.
It will surely not be too long before the floodgates open in courts throughout the UK, with defence representatives automatically calling into question the legality and compliance of the CCTV evidence presented.
Plymouth street attack caught on camera
Recently, CameraWatch raised questions on the reasons and procedures behind full CCTV footage of a savage attack that took place in a city centre and specifically asked:
- why is the full footage needed when there are still pictures available for identification?
- why is the whole incident in the public domain?
- is this for entertainment purposes – and still being viewed?
- why can other persons not involved be identified?
- who gave permission for the footage to go public – and why?
- what about the role of the data controller, the local authority, the police and Crimestoppers?
We received a good amount of comment on trying to answer the questions raised – or indeed to try to justify the action taken.
The common factor in all the responses and feedback focuses on the use of the word ‘assume’.
Ever since I became involved in CCTV compliance, I very quickly learned that one word not to be used is ‘assume’. By that I mean there’s a huge assumption that people know what they’re doing, that there are correct procedures in place, that surveillance partnerships are correctly organised and documented and that data is allowed to be ‘shared’.
The full images of the assault in question – and, indeed, many, many more even from years ago – are still available to the public through very well-known video portals on the Internet.
CCTV in the clouds
Speaking of the Internet, I recently chatted with the CEO of a company which deals with cloud computing and how, having captured the imagination of said subject in the IT world, they’re now setting their sites on CCTV storage.
An interesting concept indeed but where, ultimately, will the CCTV images/data be stored?
“You don’t need to worry about that” was the response. “It’s in the cloud”… “But where is the cloud, exactly?” I responded. “A data centre, I assume, in a country, I assume, that’s in full compliance with security requirements for UK Data Protection… I assume. Oh, and the security CCTV system protecting all the stored data is fully compliant, I assume?”
No response was needed. A quizzical look was all it took… That’s me using that word ‘assume’ again, I thought quietly to myself.
Time gentlemen, please…
In the words of The Two Ronnies: “…and finally…”
One suspects everyone in the UK remembered to change their clocks at the end of March from British Winter Time over to British Summer Time, but how many neglected to change their CCTV system clocks nearly three weeks later?
A very simple thing to get right but oh so easy to get wrong. Just think for a moment on the repercussions of your CCTV clock being a full hour out of step. Doesn’t bear thinking about, does it?
Paul Mackie is the compliance director at CameraWatch and a recognised expert in the field of Data Protection Act compliance for CCTV systems
Mackie boasts a 30-plus year background in IT working with both international blue chip companies and also national Government, during which time he dealt with compliance and legalisation of industry software
Further information on CameraWatch
CameraWatch is a group aimed at promoting awareness and compliance of the Data Protection Act for camera surveillance in both the private and public sectors. The organisation has the support of the industry regulator, namely the Information Commissioner’s Office.
With reported figures suggesting over 15 million CCTV cameras operational in the UK, a need has been identified for a central information point for the industry. CameraWatch is an independent, not-for-profit, self-funding advisory body* that supports the understanding of CCTV and compliance with current policy and legislation, removing risks relating to data protection and other legal non-compliance.
CameraWatch represents the interests of members through liaison with legislative, prosecution and Government organisations throughout the UK and the EU.
In consultation with the Information Commissioner’s Office, the organisation facilitates the implementation of the ICO’s CCTV Code of Practice and builds up and disseminates Best Practice guidelines designed to support compliance in the use of CCTV systems, their operation and procedures and (where appropriate) prosecutions using CCTV evidence.
CameraWatch offers support tailored to meet the needs of specific organisations, as well as the general public. To these ends, the organisation undertakes R&D project work and market research.
Promotion of data-sharing forums
CameraWatch also promotes regular meetings/seminars and data-sharing forums with the police and law enforcement agencies, the ICO and other security working groups, suppliers/manufacturers and installers and CCTV applications users from all affected sectors (such as retail, transport, finance, insurance, property management and construction, the licensed trade, industry consultants, the security industry, the legal profession, local authorities and other related bodies).
CameraWatch’s activities are currently funded by industry sponsorship and membership fees. The organisation will celebrate it’s Fifth Anniversary in March this year.
CameraWatch’s CEO Gordon Ferrie is a recognised expert in banking security. He was the director of the Fraud Squad and deputy head of CID operations at Strathclyde Police, and is a former worldwide head of security for the Royal Bank of Scotland Group.
Currently a director of ComSec, Ferrie is the CEO of CameraWatch in a volunteer capacity.
Along with Ferrie and Paul Mackie, five other directors make up the Board of CameraWatch.
*CameraWatch is a company limited by guarantee and recognised by HMRC as a not-for-profit organisation
Access more detail on the CameraWatch website (a dedicated link is provided on the right hand panel of this page)