Like Chris, I was also at last Friday's CCTV event which included the
ODPC Compliance Officer, Ben Elliott. A couple of points of interest I
came away with were:
1) CCTV systems used 'inhouse' (capturing your own staff/students) are
indeed notifiable under the 1998 DPA for reasons Chris gives - but
were not necessarily covered by the 1984 DPA. Hence, we are still in
the Transitional Relief window for those systems that were in situ in
October 98
2) (Planning for) Subject Access Compliance can be a real headache.
Factors affecting *ability* to comply include: Tape Retention cycles
(short cycles will frequently mean that an SAR cannot be satisfied as
the tape/date requested no longer exists); scale of operation (a
large-scale operation with dozens or hundreds of cameras/tapes would
probably require 'disproportionate effort' to locate an individual's
data unless a very specific request for a date/time were made); and
providing viewing/copying facilities (how to balance the rights of
privacy of third parties against a data subject)
Pete
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Pete Dewar
Business Systems Manager &
Data Protection Coordinator
IT Services, University of St Andrews
Tel: 01334 462541 Fax: 01334 462759
Email: [log in to unmask]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-----Original Message-----
From: [log in to unmask] <[log in to unmask]>
To: [log in to unmask] <[log in to unmask]>
Date: 14 November 2000 18:33
Subject: CCTV
>You may recall I posed a question to the group with regard to whether
a cctv
>system could avoid being notified. The opinions were split down the
middle. I
>therefore wrote to Amanda Chandler at the DPA who had some imput in
the
>drafting of the policy document on CCTV. Unfortunately Amanda left
the DPA
>last week for a more lucrative position. The communication has found
its way
>to the desk of Ben Elliott compliance officer. I had an opportunity
to speak
>with him last Friday at a seminar organised by Southampton University
on DPA
>and CCTV (Very interesting and informative) he is of the opinion that
all
>cctv systems have to be notified. He will when he has the time let me
have a
>formal response with the arguments as to why. He has given me
permission to
>reproduce it to the group which I will do upon receipt. The gist of
the
>argument is :- when you turn the camera on it automatically captures
images
>which are stored on a tape or disc. Some if not all the images
identify a
>living human being - personal data - capturing the image is
processing,
>processing that is done automatically therefore has to be notified.
If your
>cameras dont pick up images of living humans then no personal data,
no
>notification. So why have the cameras fire flood? Perhaps.
>Chris Brogan
>
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|