The ongoing security of your CCTV images, as well as ensuring they are retained no longer than is necessary, should be an important ongoing consideration for any organisation that operates CCTV.
Guiding Principle 9 of the Surveillance Camera Code of Practice states: “Surveillance camera system images and information should be subject to appropriate security measures to safeguard against unauthorised access and use.”
This means ensuring staff are trained properly in using the CCTV system and understand the data protection implications of the footage being recorded. Passwords for accessing the system must also be kept secure so that only authorised users can gain access and there is no inadvertent sharing of this information.
As well as considering internal security, all organisations must implement effective cyber security measures to keep CCTV images secure. Under your legal data protection obligations, which are enforced by the Information Commissioner’s Office (ICO), you must consider technical, organisational and physical security.
The security precautions the ICO recommends organisations should take are:
- Protect wireless transmission systems from interception.
- Restrict the ability to view or make copies of information to appropriate staff.
- Provide a secure space where footage is stored.
- Train staff in security procedures and take sanctions against staff who misuse surveillance system information.
- Establish appropriate controls if the system is connected to, or made available across, a computer network. Internet-protocol (IP) cameras should be protected by firewall and router controls, and default passwords should be changed.
- Apply any software updates (particularly security updates) published by the equipment’s manufacturer to the system in a timely manner. Modern IP camera manufacturers issue security advisories and fixes to security problems, and users should keep these patched and up to date just as much as their other computer equipment.
- Protect the recorded footage from CCTV, whether tapes or hard disk, against access by any unauthorised person, whether an unauthorised staff member or an outsider.
- Store any data you have collected securely, for example by using encryption or another appropriate method of restricting access to the information.
Ecl-ips has taken steps to ensure that it meets the highest standards for cyber security within its own working practices by gaining the IASME Governance Standard, which also meant we passed the Cyber Essentials assessment. Cyber Essentials is a government -approved business certification scheme specifically aimed at helping businesses become more secure against internet born threats. We would always recommend our clients follow all best practice guidance too.
We would also recommend that you sign up to CCTV Logbook, and as well using it to manage your CCTV assets, sign up to its compliance package. You can register for both as part of its free trial. CCTV Logbook takes a step by step approach to help you meet all the requirements of the 12 Guiding Principles of the Surveillance Camera Code of Practice. When you have completed it, you will get a certificate to demonstrate compliance.
We are also confident that our main CCTV partner, Avigilon, has taken steps within the development of its Avigilon Control Center system, to ensure that data protection rules are met. If you would like more help and advice on getting this right contact us.