JISCMail - DATA-PROTECTION Archives

On Wed, 30 May 2001 [log in to unmask] wrote:

> Most organisations will hire in the equipment or contract out the work.  What
> lawyers understand (or not) is irrelevant in this argument.  Digital editing
> happens now and is fairly commonplace.  Even Disney Studios don't do each
> frame separately any more.

But that is hugely expensive; a smaller company operating a CCTV system
could be hid hard in the wallet by a series of DPA requests.

> Not true in all cases because not all footage will need editing.  Where for
> example a data subject and one of your officers are the only people on the
> tape and the data subject has already seen the officer in the flesh, why
> would you need to edit that employee out of the tape?

What if the officer were having an argument with the subject, and you felt
the subject may become violent later?   That extreme case aside, I would
hope as an employee to have rights myself to my footage being kept on
site and not given to third parties.

> If the picture quality is poor you may be in breach of other principles of
> the DPA as well as failing to supply data in a subject access request.  Other
> people called Mark Thomas who are not famous comedians may have to provide
> further proof such as date, time, a photo and any other evidence necessary to
> support their claim to be a certain person.  Remember that your demands for
> proof must also be reasonable, you cannot impose impossible burdens on the
> data subject.

But if the picture is for safety, recognition is not an issue;  even so,
at a certain distance a pixelation will occur rendering the image poor.
So quality is subjective, except in a court of law I guess :-)

> I suggest you read the CCTV code of practice issue by the OIC before you
> install any such equipment and write your CCTV operations policy.  If they
> are already in place you might need to upgrade both very soon.

This doesn't make it clear what elements of an image are those that
compromise the personal data of the subject.

My interest is in deploying a cost-effective policy, but one that still
honours the DPA.   Sample codes of practice from real deployments are hard
to find, though the document you refer to is very helpful!   The best
solution may be handing over responsibility to the university security
department (the problem is cctv systems internal to buildings - our campus
deployment is mainly external, with the exception of some workstation labs).

tim

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
    If you wish to leave this list please send the command
       leave data-protection to [log in to unmask]
            All user commands can be found at : -
    www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
all commands go to [log in to unmask] not the list please!
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^