Have recently undertaken a Body Camera survey amongst their Industry colleagues our friends at Working the Doors (www.workingthedoors.co.uk) have also produced this article.
Policy & Data Protection:
Although our recent study of body-worn camera (BWC) usage in the security industry reiterated, once again, the trustworthiness and professionalism of most UK-based security operatives, it also unearthed a few areas of concern.
From our perspective, nothing we learned from the study was more worrying than the potential for data protection and privacy violations caused by improper use of body-worn camera equipment, the consequences of which could be both damning and far-reaching.
Our study showed that, while a majority exceeding 80% understood GDPR rules pertaining to security footage, over 18% of the 184 respondents we asked did not. An even larger number (19.7%) stated that they did not understand SIA regulations pertaining to the proper handling of security footage, either.
Under the terms of the Data Protection act 2018 (often referred to as GDPR), any individual, company, or entity handling sensitive personal data (including footage) must do so in a fair, lawful, and transparent way. Data must only be used for the purposes for which it was filmed, must not be kept for longer than necessary, and must be handled in a way that ensures total security.
The ICO guidance states “You should store the information so that you can easily identify, locate and retrieve recordings relating to a specific individual or event. You should also store it in a way that remains under your control, retains the quality of the original recording and is adequate for the purpose you originally collected it for”
It is therefore not legal for people without an SIA CCTV operator’s license to view security footage (including footage captured by a BWC) for any reason. To do so amounts to improper handling of sensitive data, and thereby breaches data protection law.
The consequences for breaching GDPR rules can be severe. Any company that obtains, processes, or handles sensitive data is defined as a ‘data controller’ under the terms of the GDPR, and is seen as being responsible for that data. Several crimes are identified by the act and, while none of them are punishable by prison time, all of them involve hefty fines being levied against the individual in question and/or their employer. In effect, viewing BWC footage without the proper license risks jobs and licenses, and can seriously jeopardise the financial wellbeing of employers, venues, and colleagues.
Issues of camera ownership also touch on this topic. According to our study, around 56% of security operatives own and operate their own BWCs. This makes sense in the case of those operatives who work freelance, and for multiple employers. However, it also invites controversy.
If the camera owner does not have a CCTV operator’s license, that individual does not have the legal right to view any security footage taken with their own camera. In this case, privacy laws supersede property rights. This can, of course, cause big problems in cases where the camera is used for purposes besides security work.
In the study, we advocated for venues or security firms buying their own BWCs, as well as docking them and handling the footage entirely in-house. This would ensure that all footage taken would be handled properly and with due consideration, and only watched by licensed personnel. It would also help to ensure that non-incriminating footage was not kept for a period exceeding 30 days (the UK standard).
According to the GDPR, security cameras should always be visibly signposted. This includes BWCs (and provisions should be made to ensure that BWCs are specifically mentioned). Where possible, patrons should also be verbally informed that they are being filmed. We understand that this is not always possible (as our respondents have confirmed). However, police and ICO guidelines for BWC usage suggest that the placing of visible signage or a warning light on the device or uniform, to indicate that the device is switched on and recording is suitable and security operatives may therefore do the same.
We feel that correct signage, verbal warnings (where possible), and the red ‘record’ light never being switched to ‘covert’ mode should provide enough insulation to record safely without complaint.
For those who wish to learn more, our study goes into far more detail on these, and many more topics relating to BWC usage as it pertains to the issue of data protection. https://www.workingthedoors.co.uk/surveys/body-camera-survey/
Finally, we would like to state that the GDPR exists to protect people’s right to privacy, and, more specifically, to give individuals a measure of control over their personal and private information. The right to privacy is a cornerstone of a healthy democracy, and it is of vital importance that this right is always upheld. Protecting people’s basic rights is a form of protecting the people themselves and that, after all, is what security operatives are there to do.
ICO Additional considerations for technologies other than CCTV