|
Hello Jerome
I agree this is an area which is still full of questions, and many parts of
the COP leave matters to the data controller for interpretation. However,
here goes:
<Although standing on a street is not in itself incriminating - to
protect 3rd party identity, other faces than the data subjects would have to
be blurred out?>
The OIC code implies that a third party images recorded in an open public
place may not necessarily have to be blurred out - "it may be that members
of the public whose images have been recorded...in town centres or streets
have less expectation that their images are held under a duty of
confidence..." (p 22), but they leave it to the managers of the CCTV system
to decide whether or not to blur such images.
<In the normal scheme of things, after 56 days videos are wiped clean.
However, if a formal SAR was received before the 56 days are up, the data
controller would be expected to keep the footage so as to allow for a
satisfactory SAR?>
Para 4.1 of the OIC's legal guidance (reproduced on p 41 of the CCTV code)
says that "routine amendments and deletions of the data may continue between
the date of the request and the date of the reply", so it looks as if you
would be ok to wipe the tape even if a SAR was being processed. However, in
practical terms it would seem sensible to make an exception when a SAR was
under way. You would need to show that any deletion was not carried out to
make the images "acceptable to the individual."
<Because of cost and practicalities, the data controller could choose
to provide the data subject with a permanent copy - a stilled image or
photo - rather than have someone come to the control room and see live
footage replayed with blurred out 3rd parties?>
Disproportionate effort could be argued here (Section 8(2)(a))- the OIC says
this should be decided on a case by case basis. They would take into
account such issues as cost, time taken to produce the copies, and any other
difficulties the data controller may face, whilst always balancing such
considerations against the effect on the data subject. You may be able to
obtain the data subject's agreement to your alternative (Section 8(2)(b).
<Does anyone know the cost of blurring mug shots?>
Sorry, no direct knowledge of this, but your police contacts should be able
to help.
<I have heard talk of 'frivolous' SARs. I understand that the individual
does not have to give a reason for requesting a SAR and it is not for the
data controller to judge what is frivolous or not. But if retrieving the
images, and blurring 3rd party faces etc. costs in time and money knowing
the reason why the individual wants to access the image may be needed to
judge whether the exercise is 'disproportionate effort'? This information
may be even more pertinent if the image has been wiped but it is still
technically possible to restore it.>
Your understanding is correct - data subjects do not have to give a reason
for a SAR, and there is no recognition in the Act of a 'frivolous' SAR.
However, the OIC says that any argument of disproportionate effort would
need to be balanced against the effect on the data subject, so you could say
that retrieving information which has been technically deleted would be
disproportionate effort to respond to a SAR made out of mere curiosity. The
difficulty would arise in deciding at what level of seriousness of a SAR
does the effort cease to be disproportionate? and who decides?
Hope this helps a bit
Stuart Lynch
Stuart Lynch Consulting
Training/Consultancy in
Privacy/Information Protection
Tel 01704 870365
mailto:[log in to unmask]
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
