Tuesday, 20 August 2013

The joy of annual CCTV reviews

It’s reassuring to realise that as the UK an awful lot of CCTV systems, we have a range of Commissioners who are tasked with regulating aspects of them. 

It’s less reassuring to realise that these Commissioners have slightly different powers, and overlapping jurisdictions. If you need any enforcement done, then the ICO’s your man. If, however, you’re after a current list of approved which standards may apply to the system functionality, the installation and the operation and maintenance of a surveillance camera system, then the Surveillance Camera Commissioner will show you his list. He can also provide guidance on the bodies that are able to accredit performance against such standards. And the Chief Surveillance Commissioner is always available to advise if the CCTV systems get anywhere near the domain of covert surveillance. 

Got it?

And each CCTV system is supposed to be reviewed each year.

Principle 10 of the recently published Surveillance Camera Code of Practice requires that “There should be effective review and audit mechanisms to ensure legal requirements, policies and standards are complied with in practice, and regular reports should be published.” 

The Code goes on to explain that: "Good practice dictates that a system operator should review the continued use of a surveillance camera system on a regular basis, at least annually, to ensure it remains necessary, proportionate and effective in meeting its stated purpose for deployment." [4.10.1]

The code also explains that: "A system operator should make a summary of such a review available publicly as part of the transparency and accountability for the use and consequences of its operation." [4.10.4]

Aficionados of the odd FOI request will be delighted to think that there is yet another reason will be able to flood public authorities with a tusamni of requests, giving public officials lots more work to do.  Just how they will be able to meet their obligations, in the face of heroic budget cuts, is not a matter for discussion today.


The British Security Industry Association estimates that here are between 4 million and 5.9 million cameras in the UK today, and only 1 in 70 of them are controlled by local government.

So, will there be many annual reviews carried out on the vast majority of cameras, which are actually controlled by the private sector?

To be honest, I doubt it. Even though the ICO’s own CCTV Code also recommends annual reviews (and has done so for a very long time).

If responsible private sector data controllers did want to carry out an annual review and needed help in knowing what it was they were supposed to be reviewing, help is at hand. Not only from yours truly, but also from the ICO, who has helpfully prepared an annual check list for smaller data controllers. Thankfully, this check list isn’t one of those awfully complicated documents that take forever to complete. It’s very simple, actually.

I would offer a prize to the first reader who tells me where the check list can be found on the ICO’s website. But I can’t, as all my spare bottles of scotch  prizes have recently been offered to my chums at RBS.

If I were you, I would get reviewing. You never know when the ICO might come along to check whether anyone has done their annual CCTV homework.


Image credit: