search.noResults

search.searching

dataCollection.invalidEmail
note.createNoteMessage

search.noResults

search.searching

orderForm.title

orderForm.productCode
orderForm.description
orderForm.quantity
orderForm.itemPrice
orderForm.price
orderForm.totalPrice
orderForm.deliveryDetails.billingAddress
orderForm.deliveryDetails.deliveryAddress
orderForm.noItems
CCTV one year on – Are you compliant?


the management responsible hadn’t bothered to read all the Regulations in enough detail, don’t think they apply to them, are too lazy to comply with them all or simply don’t understand them.


Since our streets and buildings bristle with CCTV everywhere, inside and outside, recording details and images of our comings and goings (it is believed the average Briton is captured on CCTV around 70 times per day), facilities, building and security managers or property owners obviously need to check their compliance with Regulations is up to scratch before someone complains and they face a hefty fine. And it WILL happen. Google has recently been fined €50m in France for data breaches, but the UK regulators are investigating much smaller cases as you read this, since they know our compliance here is frequently not up to standard.


GDPR advisory signage


Even though we accept we are on CCTV somewhere, when you are out and about yourself, do you really see or notice advisory signs about it, as much as you should? Which is what the Regulations order. And have you any idea where all these images are stored, or if they’re deleted after a short time, or perhaps shared with other unknown parties? Who really knows where you are going or what you are doing?


The answer is probably not. In my considered opinion the whole point of CCTV is security, and its deterrent factor in part, as well as recording the criminal activity to assist law enforcement bodies in detecting the perpetrators. Therefore, in the case of straightforward crime prevention, if trespassers or criminals don’t even realise they’re on camera, as is often the case due to signage failures, what sort of useless deterrent is that?


And, just how good are the images the cameras are supplying? If they’re grainy or blurred due to old or faulty equipment, that doesn’t help anyone except the trespassers or criminals.


Finally, don’t these companies or organisations, even public sector ones, realise


they’re not complying with the GDP Regulations and can be penalised because of it? Sometimes to the tune of many thousands of pounds?


Key areas of non-compliance


One year on from the introduction of the new GDPR, the following are some of the key failures for GDPR and CCTV that came to light in our investigation of our nationwide client and contact database: In no particular order:


• Failure to fit appropriate signage or keep the information on it accurate


• Failure to carry out a GDPR risk assessment prior to CCTV deployment


• Leaving DVRs (digital video recorders) unlocked or unsecured so anyone, not just designated security personnel, has access to footage


• Failure to ensure the lenses of CCTV cameras are not appropriately directed or they’re masked so that inappropriate footage is not recorded, and, if the data is shared with other parties, for example to monitor specific individuals, then innocent people are blurred out, something easily managed with the right software


• Having CCTV monitors viewable by the public


• Failure to have trained staff to monitor the CCTV


• Leaving passwords and usernames as default settings or noted next to the equipment


• If the images are to be shared with other organisations, eg the police, TfL, or other security service providers, failure to manage this appropriately to conform to Regulations


Examples of non-compliance


This is an example of what was found on one site recently:


• DVR on reception desk with monitor on top, no one at reception – someone leaned over the desk top to look at the monitor to see if their taxi was at the front door!


© CI TY S ECUR I TY MAGAZ INE – SUMME R 2 0 1 9 www. c i t y s e c u r i t yma g a z i n e . c om


• Username and password on a sticker attached to the monitor


•We walked outside to find all of the CCTV signage was so worn and old that the contact details had faded away and were illegible


In a second example, there was a case of the settings on the equipment not being right specifically, the date and time were incorrect and two systems on the same site had times set 17 seconds apart.


That might sound petty but there was a break- in and when the intruder was arrested police showed the CCTV footage in court and the defence barrister asked for all cameras to be played simultaneously.


As the intruder was seen on two systems at the same time (due to timer not being synced) the barrister said the evidence was inadmissible as it was clearly inaccurate since how could the intruder be in two places at once?


Case dismissed due to lack of evidence! Don’t risk a fine


A new IT Governance report at the end of 2018 claimed only 29% of organisations were fully compliant with GDPR. Even though their client base is global, and not just UK and European, it is food for thought and a further evidence of the situation I have highlighted.


Don’t be one of the 60% and risk a fine. Take my advice and check your compliance and systems now.


Andrew Crowne-Spencer UK CCTV Manager, Clearway Services


www.clearwayservices.co.uk


>


13


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40