In regard to requests for images from car park cameras (e.g., following an incident), I advise that a copy of the V5 is required and that the request should be refused if it is not made by the Registered Keeper.
Next, it is not uncommon that the index mark cannot be positively identified from the imagery, in which instance I advise that the request be refused. Indeed, on many recordings it is impossible even to positively confirm the marque of the vehicle let alone its index. And being able to identify an individual is improbable - hence redaction is not considered even if the imagery is supplied.
Requesters have been beguiled by TV programmes that show the enhancement of CCTV images to impossibly fine degrees of detail. We have to explain that this is not practical, if the detail wasn't recorded, it's not there to enhance. A great many CCTV cameras have low resolution.
WRT higher resolution CCTV my view, and the ICO has not yet gainsaid it, is that redaction is unnecessary, as although they may be distinguishable, other individuals included are not (readily) identifiable by the DC. In one instance a request for CCTV from an employee in large store resulted in some 3,300 hours of recordings. I was quoted over £2 million for redaction but also that it would take at least 100 days. I advised not to supply, but to invite the individual to view the images on site, pointing out that they would need to set aside the better part of two years (of 8-hour days) to review. They withdrew their request, and got their ten quid back.
> On 26 Apr 2017, at 10:31, Bill Dunn <[log in to unmask]> wrote:
> We are looking at this issue. We are of the view that a SAR is to obtain a copy of information about the data subject. In terms of section7(4) the personal data of third parties should only be provided where the Council cannot comply with the SAR without disclosing the information and either that person has consented (unlikely) or in all of the circumstances it is reasonable to do so.
> Generally the purposes of CCTV is to monitor the behaviour of each individual caught in the images. Consequently, if you can comply with the SAR without disclosing it, all images in relation to others must be rendered unidentifiable - usually through pixellation or just blacking out part of the images.
> In a case of a motoring incident (to which a large amount of these requests relate) we would provide copies of the images of the person making the request but then have to consider whether the other images are the personal data of the requestor and the answer is probably not. In that case, you cannot provide those images under section 7 of the DPA.
> However, this does not prevent the possibility of data sharing (rather than responding to a SAR) in relation to the others. This would involve looking at the principles etc. (taking account of section 35(2)) and deciding whether to share the information of the others. One "benefit" to this approach would be to potentially allow you to charge for providing the images (and that would be more than £10 especially when this fee goes from May 2018). Of course setting the level of the fee would need to be carefully set so as to discourage lawyers from seeking court orders for its production to them.
> We are still looking into this matter with an eye to the changes next year.
> Bill Dunn
> All archives of messages are stored permanently and are
> available to the world wide web community at large at
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask]
> All user commands can be found at https://www.jiscmail.ac.uk/help/subscribers/subscribercommands.html
> Any queries about sending or receiving messages please send to the list owner
> [log in to unmask]
> Full help Desk - please email [log in to unmask] describing your needs
> To receive these emails in HTML format send the command:
> SET data-protection HTML to [log in to unmask]
> (all commands go to [log in to unmask] not the list please)
All archives of messages are stored permanently and are
available to the world wide web community at large at
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at https://www.jiscmail.ac.uk/help/subscribers/subscribercommands.html
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)