Before we delve into the legalities of CCTV and the questions that have arisen around it in light of recent events in New Zealand, let’s first of all ‘sweep up’ some of the more interesting things that have happened since my last missive for the readers of I4S/SMT Online.
Many people ask me: “Who does CameraWatch deal with? What’s the organisation’s range of membership? Who actually contacts you for advice?” The answer to all three questions is simple: everyone who’s affected by CCTV.
As an organisation, CameraWatch isn’t solely concerned with those who work in the CCTV industry – be they installers, systems supplier, end users or whatever. Rather, it’s also about any member of the public who’s captured by CCTV.
That member of the public may be someone with a gripe. It might be somebody who has been involved in an incident and is subsequently looking for advice on how to proceed. Or it could be someone who wants to know more about the issues around CCTV and surveillance, and what people can and cannot do with it (or should I say ‘should and shouldn’t do with it’?)
Equally, there’s the distinction to be observed between public space CCTV and privately owned and operated CCTV. Recent estimates suggest that the former accounts for around 3% of all CCTV operated in the UK. Can I just repeat that – that’s 3%. So let me work out the maths here… Yes, this obviously means that a whopping 97% of CCTV is privately owned and operated.
The SIA’s Commitment To Regulation Conference
I raise – and emphasise – that last point because I’m writing this opinion piece on the train home from Sheffield to Glasgow having just attended the Security Industry Authority’s Commitment To Regulation Conference.
One of the speakers at the Doubletree by Hilton Hotel at Sheffield Park – namely Alastair Thomas – was representing the Home Office and touched on the Protection of Freedoms Bill in terms of how it relates to CCTV. Thomas talked of a brand new Code of Practice and a brand new Surveillance Camera Commissioner for England and Wales… For local authorities and police authorities.
As I’ve asked at several presentations I’ve made over the last few months: ‘Who thought that one up?’
Not only would we be restricting this new regulation to about 3% (remember that figure?) of the UK’s CCTV currently in use (because it’s restricted to only local authorities and police authorities, remember) but it’s not actually 3% of the UK’s CCTV systems we’re talking about at all: it’s further restricted to the CCTV systems in England and Wales only.
As you’ll no doubt be aware, CameraWatch deals with CCTV compliance in relation to the Data Protection Act. That’s a UK law, by the way, and enforced for the whole of the UK. It’s a piece of legislation designed to capture all the constituent countries of the UK. From our own point of view, that’s why CameraWatch covers the whole geographic area of the UK.
Of course, I could choose to adopt a cynical tone at this point and ask whether or not CCTV regulation might be the very first element of a devolution for England, but Wales is included as well so presumably that’s a non-starter.
On a serious note, can someone please give me a straightforward justification for these plans? Or is that like asking for a justification of the Edinburgh Trams project from the Scottish Government? Ouch!
As a matter of record (not to say interest), CameraWatch did receive an acknowledgement of receipt for its eight-page submission on the Protection of Freedoms Bill. That’s all we’ve received so far. That said, the authorities did gather over 100 submissions in total so there’s a bit of work for them to do there.
Given what was said by the Home Office representative at the Regulator’s latest Stakeholder Conference we can indeed expect communications from them next month (which is good news).
Mixed range of issues highlighted and covered
Anyway, back to the question of who CameraWatch deals with as an organisation. The answer is anyone and everyone. It’s dead simple. Oh, and I should say that although CameraWatch deals with the UK Data Protection Act regarding CCTV and covers the whole of the UK, we’re now constantly being asked for information on CCTV from various countries across the globe – the latest being contacts from Australia and the USA (as evidenced by comments on I4S).
Over the last few weeks, CameraWatch has been involved with a very mixed range of issues and a huge variety of people.
For example, we were contacted by a multi-national American finance corporation with offices – all of them covered by CCTV – across the world. The head of security told us he’d recently joined the organisation and quickly realised there were compliance concerns with the aforementioned CCTV. There was no budget, which was to be expected, but also no compliance so action had to be taken.
We’ve also been contacted by local authority CCTV operatives who’ve been sacked for raising concerns about how public space CCTV was, in their considered opinion, being misused and abused. Yes, you did read that right: they were sacked for making their point.
In relation to CCTV in schools – a specialist area of interest for CameraWatch that we’ve covered many times in the past (and will continue to do so where compliant CCTV should be protecting our youngsters) – I’m afraid to say people have been sacked thanks to apparent evidence gained through a misused and non-compliant CCTV system. Yes, they were actually sacked.
One presentation I gave recently on behalf of CameraWatch was to the Data Protection Forum in the City in London at the offices of Deloitte. The Data Protection Forum is designed for the sharing of information and experience for those people involved with data protection either in private or public sector organisations.
It was an extremely enlightening event and, to be honest, I’ve never met so many people in one room who obviously knew so much about data protection.
Truly, this was a unique experience. In other presentations I make, and usually to those involved in security, when I bring up my first PowerPoint slide and it mentions ‘The Data Protection Act’ I can immediately see the eyelids before me becoming heavy and the yawns starting to break out. It was very unusual to present to an audience whose members are so passionate about data protection and everything that it entails.
All that said, it very quickly became apparent that I was touching on some raw nerves: some very raw nerves, in fact. The post-presentation chats confirmed my suspicions. Very, very few people in that audience who spoke to me afterwards were in the least bit aware that they even held any degree of responsibility for CCTV systems. “CCTV systems? For goodness sake, how on Earth has a security system got anything to do with me” was the general retort.
The Security Excellence Awards 2011
So, a multitude of professional people who have responsibility for data protection in their organisations are now fully aware that they have another remit under their wing that they didn’t know about prior to the event. That has to be a good thing because it’s a substantial responsibility to behold.
Mix all of this together with compliance assessments (involving local authorities and Public Space CCTV systems), a first assessment in a new sector for CameraWatch (which is the retail sector), meetings with the BSIA and major CCTV suppliers and manufacturers – and looking at areas of law changes in Scotland with regard to the provision of alcohol and protecting our under-age citizens – and you can see why it hasn’t been a dull period for us.
A bit of respite comes this week when I attend my first Security Excellence Awards Ceremony at the London Hilton Hotel. I had the privilege of being one of the judges this year, and I must say that I was mightily impressed at the standard of entries. That’s all I’m saying in advance of Wednesday’s event, but please do believe me when I say that the calibre of submissions is a huge credit to standards in the security sector (CCTV compliance apart, of course!)
CCTV focus on the Rugby World Cup
And so, eventually, we move on to address the introductory paragraph of my opinion article… ‘Men with funny-shaped balls, The Royal Family, altitude and cowboys… How do they all fit in with the legality of CCTV?’
You’ve got it, haven’t you? No? OK, so here goes…
The British and Irish Six Nations countries now have no further involvement in the Rugby World Cup in New Zealand after Wales were brushed aside in the Semi-Finals.
As with all tournaments there has been a surprise or two in this one – a couple of countries who haven’t achieved their expected levels of performance (no comment on this from an ex-rugby player hailing from Glasgow!) and others which have perhaps attracted more publicity due to off-field rather than on-field activities.
As for ‘the men with funny-shaped balls, The Royal Family, cowboys and altitude’… Well, I assume that you got it as soon as the Rugby World Cup was mentioned.
A certain England player (I believe that he was in Edinburgh recently) was splashed all over the media – not just in New Zealand, but all over the UK and beyond – because CCTV images apparently showing him in a bar, namely The Altitude Bar in Queenstown – had allegedly been uploaded to the Internet by someone withaccess to them.
Another pub called The Cowboys Bar also allegedly captured the same player on its CCTV system. The manager at The Cowboys Bar refused to give any images to the media, the attitude being: “Whatever happens in our bar stays in our bar.”
Whatever your take on rugby players going out for a beer after a game – and I say, as an ex-rugby player myself: ‘Hey, is this really a dark secret that rugby players drink beer?’ – it would appear that there were two very different scenarios at play.
Correct approach to adopt towards CCTV footage
Which ‘tactic’ is correct, one wonders? Which one would we all support? I know that these two ‘incidents’ happened more than just a few miles away from the great shores of the UK, and that they didn’t occur under UK jurisdiction, but what if they had done?
Imagine the same scenarios play out in a UK city in two different pubs. The first pub captures a player on CCTV going about his business, relaxing and having fun while harming no-one. There’s no threat to anybody and it’s a situation certainly outwith the realms of ‘Crime Prevention and Detection’ for which the CCTV system is – hopefully – registered with the Information Commissioner’s Office.
Even if the player had given his permission for these images (ie his personal data under the Data Protection Act) to be captured for reasons that he agreed with, did he really expect pictures of him in a relaxed and informal atmosphere to be plastered all over the world? Yes, and I really do mean the world here.
This is the crucial juncture at which images captured on personal cameras, mobile phone cameras and by the paparazzi, etc differ from those captured by CCTV and surveillance systems. It’s also a prime reason as to why some people can be – and most definitely are in some cases – rather suspicious of CCTV.
Someone at The Altitude Bar – alleged to be Jonathan Dixon, who’s believed to be a door supervisor at the premises – apparently gained access to these images and allegedly made them available to the public. Whether for titillation, for money or for a few seconds fame it really doesn’t make any difference – if this incident had taken place in the UK then the employee concerned would have been deemed to have broken the law. He or she would have contravened the Data Protection Act.
Actually, the person involved would be at the head of the queue for those accused of committing a total misuse – and indeed abuse – of personal data (ie the CCTV images of the player involved and everyone else captured in the pictures).
Contravening a specific New Zealand law
Of course, since the incident in question took place in New Zealand the UK’s Data Protection Act doesn’t come into force. Interestingly, however, that country is moving along at pace with regard to data protection-focused legislation in this area.
The New Zealand Police has subsequently charged 40-year-old Dixon with contravening a New Zealand law – ‘accessing a computer for dishonest purpose’ – which is obviously pretty serious stuff. Dixon is adamant that he will vigorously defend the charges against him.
I wonder if there’s an equivalent law here in the UK. If so, then it’s not just the data protection laws CCTV operators need to be worrying about. Any feedback from the lawyers out there who might be reading this?
Again, for the purposes of my fabricated scenario: what if the second bar had been in the UK? Well, for whatever reason the manager of The Cowboys Bar (and the owner) didn’t want the images divulged. The owner also said that, since no crimes had been committed, they wouldn’t release the images.
The result here was correct. Under UK law, as things stand there would be absolutely no reason to pass these images on to anyone. The only parties that would be able to request the images would be the people in the footage or law enforcement officers under an official request and with an appropriate crime or incident reference number attached. That’s it. Not the rugby squad management, not the media and not even a Royal would be entitled to see the images (if you see what I mean).
That way we, the members of the public, can have full confidence that any images captured are not going to be circulated in the public domain or to anyone else without prior documented permission.
Moral of the story
What, then, is the moral of this rather long-winded polemic? Well, this is the type of incident that makes me very frustrated and, indeed, angry.
The Rugby World Cup’s ‘off-field’ story shows that even if you are out on the town to enjoy a quiet pint you will likely be under the gaze of CCTV cameras. You could say that these cameras are – and ought to be – protecting you and, anyway, you’re not doing anything wrong so you’re happy to have your images captured.
However, if the CCTV footage is abused in any way, shape or form then your images may find themselves distributed anywhere. How many seconds does it take to upload files to the Internet?
This obviously leads to a distrust of CCTV and rampant accusations of ‘snooping’, ‘Big Brother’ and ‘The Surveillance Society’: all terms used in a derogatory way against the wonderful tool that is CCTV, and exactly the kind of phrases CameraWatch is trying to prevent from being used.
As for widespread repercussions on top of the obvious abuse of the CCTV system? Think of the hurt it causes the people involved. The real hurt, and not just the individuals in ‘the action’ limelight, either.
A wee bit of lightheartedness here (is that really a word?). Suppose you were also in a bar alongside someone you shouldn’t have been with… You had told your wife that you were working late. You were captured in the background of the central image, and your wife then saw those images in the newspapers…
Like I said, it’s not just the obvious people who are subjected to intense hurt as a result of CCTV footage being abused.
Possible outcomes if the New Zealand bar scenario had been played out here in the UK? Well, any of the parties captured on the CCTV whose images were allegedly passed out to the public domain could take legal action against the bar for breaching the Data Protection Act.
The bar owner could look towards action against the employee, but might also need to examine themselves if their CCTV system wasn’t fully compliant. What about the training of staff? How was the employee able to upload the images in any case, and did they actually know that they shouldn’t have done what they did?
Who eventually deals with the bottom line?
Who eventually sees to the bottom line? That’ll be the insurance company – the company that insures the door supervisor and the company that insures the bar itself.
And will the insurance companies know about issues of data protection breaches regarding CCTV? I’m not going to answer that, but needless to say I would be expecting a call from them!
For all of us rugby fans, let’s now enjoy the forthcoming final between the All Blacks and the French: two great sides. Let’s hope that the two teams perform to the very best of their ability and that the tournament’s finale is all about fair play in accordance with (and total respect for) the laws and regulations of the game.
From my own perspective, and that of CameraWatch, I very much look forward to the day when we can say the exact same about the UK’s operational CCTV.
Paul Mackie is CEO and compliance director at CameraWatch
Free Download: The Video Surveillance Report 2023
Discover the latest developments in the rapidly-evolving video surveillance sector by downloading the 2023 Video Surveillance Report. Over 500 responses to our survey, which come from integrators to consultants and heads of security, inform our analysis of the latest trends including AI, the state of the video surveillance market, uptake of the cloud, and the wider economic and geopolitical events impacting the sector!
Download for FREE to discover top industry insight around the latest innovations in video surveillance systems.
