** Reply to note from Richard Murphy IT Services <[log in to unmask]> Thu, 17 Oct 2002 15:02:38 +0100
Goodness gracious ... Friday again!
Now everyone is reading the message hopping to get some juicy bits. Tough guys
and gals, we are not breaking the law because we ain't doing what we would like
to do. Hence we are just washing clean linen :-)
Discussion stalled. Too much silence, what does it tell us?
That although many unis may be (or would like to) using CCTV to monitor the
observance of rules and regulations they are keeping quit because:
* they could not care less
* they are not on the list
* they don't feel confident to admit so in public
* they are not doing it anyway.
<snip>
> I feel that as long as proper attention is paid to storage,
> use, etc. (fair processing) then there is a strong case for
> notifying use of CCTV for something like "ensuring
> compliance with regulations". We don't have this at present
> and I am at odds with Charles C on this one!
>
<snip>
My problem is with fair processing?
For the usual purposes (crime prevention & personal safety) CCTV in itself can
provide sufficient evidence of someone commiting a crime, a building or car being
on fire, someone lying on the pavement unconscious ... somewhere we have we can
process data for the well being of a person etc ... fine we can use CCTV
evidence.
The point is how to use CCTV to provide additional evidence of bad conduct (which
in itself may be undesirable but not a crime). I can list some examples (those
with 1 are (probably) a crime, those with 2 contravene regulations, with 3
difficult for me to classify, with 4 it is Friday.
2 - downloading p o*r-n
1 - downloading c h*i"l"d p o*r-n
2 - copying essays of the internet
2 - harassment/bullying
4 - couples suffocating each other in public (kissing), crime in other countries
3 - letting off fire extinguishers
1 - drunk and disorderly
2 - sending spam
1 - hacking
etc.
So for example if there are two persons in an IT room, one hacks and the
other sends spam we can use as evidence the CCTV material (together with
computing evidence) and do the hacker but not the spammer. The hacker may have
done no harm whatsoever apart from exposing an incompetent system administrator
:-) Not fair on the hacker but this is not the point.
A (the possible method)
===
Would data be fairly processed if outside the particular area (eg. IT suite, or
lab) there is a sign listing the rules (Ok. the main rules, the other 129 can be
put on the web) and the appropriate CCTV sign? (Forget the wider campus)
B (the unlikely method)
===
To obtain the data fairly would we have to warn the student/staff of the rules
and regulations before the contract is signed. What about students who in
reality commit themselves to a contract the moment they submit their UCAS
application.
How far back do we have to take the "notice" to the data subject to make
obtaining and therefore processing fair.
==============================================
As it is Friday. CCTV as income generating technology.
I notice our campus is full of posters advertising double spirits + drought mixer
for œ1.50, pints for œ1.00 and so on. Would it be fair processing if CCTV was
used to gather evidence on drunk and (preferably disorderly) patrons of the
students' union? The university could threaten students caught on CCTV with
expulsion or a fine. The fine - of course - would be adjusted to minimize the
chances of a student choosing expulsion, possibly by cross-referencing the data
with that of the income brackets of the parents.
I can see a cost benefits analysis of reducing even further the price of drinks
and increasing the fines.
Regards
Charles
==============================================
Charles Christacopoulos, Data Protection & Management Information Officer,
Planning & Information, University of Dundee, Dundee, DD1 4HN, Scotland,
United Kingdom.
Tel: 44(0)1382-344891. Fax: 44(0)1382-201604.
http://www.somis.dundee.ac.uk/ http://somis2.ais.dundee.ac.uk/
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|