Crown Prosecution Service not above The Law when it comes to CCTV compliance
Recorded police victim and witness evidence stolen
Today’s CCTV systems are extremely powerful surveillance and monitoring tools, able to identify and track individuals as they move through a monitored environment. Consequently, misuse or careless handling of CCTV images is a significant cause for concern. Privacy campaigners and activists are an important safety valve in helping to ensure the balance between privacy and security remains sensible and relative to the security needs of our times.
It is reasonable to expect that perhaps the most responsible users of CCTV footage should be the powers of law and order. However, the recent fine of £200,000 of the Crown Prosecution Service (CPS) by the Information Commissioner’s Office (ICO) means this turns out to be something of a false, and in this case, a potentially dangerous assumption.
On 4th November the ICO press release ‘CPS fined £200,000 for failing to keep recorded police interviews with victims and witnesses secure’ set out the circumstances to this serious breach of the regulations, where laptops containing videos of police interviews were stolen from a private film studio based in a residential flat.
A startling level of complacency
The footage contained interviews with 43 victims and witnesses involved in 31 investigations, nearly all of which were ongoing and of a violent or sexual nature. Some of the interviews related to historical allegations against a high-profile individual.
The videos were in the process being edited by a Manchester-based film company for use in criminal proceedings, when studio was burgled on 11 September 2014 and two laptops containing the videos were stolen. The password protected but unencrypted laptops were left on a desk, and the studio had no alarm and insufficient security.
The police recovered the laptops eight days later and apprehended the burglar. As far as the Commissioner is aware, the laptops had not been accessed by anyone else. The ICO ruled that the CPS was negligent when it failed to ensure the videos were kept safe and did not take into account the substantial distress that would be caused if the videos were lost.
The investigation by the ICO revealed a startling level of complacency, poor process and practice by the CPS:
- It had used the same film company since 2002
- The CPS delivered unencrypted DVDs to the studios using a national courier firm
- In urgent cases the film studio sole proprietor personally collected unencrypted material using public transport
The ICO found that this constituted an ongoing contravention of the Data Protection Act until the CPS took remedial action following the security breach on 11 September 2014.
If the legal profession in the shape of the CPS is not above The Law when it comes to CCTV compliance standards, then every other organisation and business, whether public or private needs to ensure it meets with the ICO/DPA regulatory requirements.
Take control of CCTV ICO & DPA compliance with iC2
The ICO/DPA regulations surrounding CCTV are something that every organisation and business needs to get right. iC2 is an expert in helping operators of CCTV systems to get compliance right and avoid the serious financial and potentially dangerous repercussions that may result from misuse or careless handling of CCTV images.
To help you get up to speed, why not download the ‘Q&A guide: CCTV code of practice and Data Protection Act compliance’ for today free?
If you need to discuss or understand what we can do to help you take control of ICO/DPA CCTV compliance, simply get in touch.