What Consequences for Leaking CCTV Images?

You may the 2011 Rugby World Cup in New Zealand and the escapades of certain English player (married into the royal family) being captured on CCTV and finding their way to a global audience on the Internet.

At the time I instigated a discussion about how making the CCTV images available on the Internet would have constituted a breach of data protection rules if it had happened in the UK.

The perpetrator, a former Queenstown bouncer named Jonathan Dixon, was found guilty in April by an Invercargill District Court jury of dishonestly accessing a computer at the bar where he worked. Dixon was sentenced to four months of community detention and 300 hours of community service. He is said to be appealing the decision.

The UK Information Commissioner’s Office has the reasonably new power to fine organisations up to ₤500,000 for data breaches. If this incident had happened in the UK, it could very well have fallen into this category. However, the charges (dishonestly accessing a computer) and sentences available in New Zealand certainly suggest that the country is taking CCTV breaches a lot more seriously than the UK.

Were the New Zealand charges available in the UK, would 90% of CCTV systems (as observed by CameraWatch) be deemed illegal? Only about 10% of CCTV systems are fully legal, so can we really have confidence in what they do, how they do it, and whether the public and courts can rely on quality, accuracy, and security of the evidence they capture?

I should imagine that it could be a while before we see another New Zealand bouncer upload CCTV images on to the Internet following the action taken by the NZ authorities. Knowing that you could end up in jail should act as a reasonable deterrent. Regrettably, this is not the case in the UK.

CameraWatch recently came across a case of a CCTV operator who captured images from a control room monitor on to a smartphone and uploaded them to the Internet. Now I can just hear the reaction of “It would never happen in my control room” or “Not in the public space sector” and all the others. The reality is that it happens in all sorts of environments — including state-of-the-art control rooms.

And the very simple answer is to make sure that operators are trained properly, not just in how to operate the CCTV system, but in the legal requirements of those who are responsible for the system. Train them in data protection. Make them legally responsible for their actions.

Code of Practice

But we now have the CCTV Surveillance Camera Code of Practice, don’t we? CameraWatch has shared our opinion many times in the past — including to the Home Office during the consultation — and our opinion certainly hasn’t changed.

Could it be suggested to be a third-rate political ploy by a coalition government trying to keep its supporters at least a wee bit happy? A reflective description? Be honest now. All this money, all this effort, and for what? A wishy-washy, extremely grey paper which is aimed at less than a reported 4% of cameras in the UK and and has no enforcement powers at all. None.

The code relates only to police and local authority bodies who are under a duty to have regard to the code. Not exactly a confidence builder for improving CCTV standards and legaility, is it?

Gail Sheridan

Gail Sheridan, the wife of the disgraced Scottish politician Tommy Sheridan, was subjected to a police interview under caution and charged along with her husband with perjury. The case against Gail was dropped, but her husband was subsequently found guilty. As with Mike Tindall, CCTV images of Gail Sheridan found their way on to the internet.

Now these weren’t everyday CCTV images of Gail captured in the street, in shops, or in a pub, which really would have been bad enough. These images — complete with recorded audio — were of Gail being interviewed by police officers under police caution. Rather a private scenario, you would think? The whole interview (with all kinds of innuendos being thrown at Gail) was loaded on to the Internet.

A Data Controller is the organisation or person responsible for managing the data captured by CCTV — basically the images. The Data Controller is responsible for the legal use of the CCTV system, including registering it with the UK Information Commissioner and stating its purposes and the security of the system and images. So the Data Controller should have a full audit trail of all activities involving the images, including what third parties were supplied with copies.

How well did the Data Controller (the police force) manage Gail Sheridan’s personal data (her CCTV images) when these personal images were passed to the public domain, where they currently remain? One of the most personal moments of a totally innocent person’s life has been and continues to be subjected to worldwide exposure and possible ridicule, through past and current websites and through national television exposure.

New Zealand prosecuted a person who broke the law by making CCTV images public. He has been given a punishment for making images that should never have been exposed very public. But in the UK, it is very obvious that an extremely serious beach of data protection law has taken place — with no conviction and no serious enquiry. Nobody has been held accountable.

We all need to pull together to make sure that this real tool of ours can help and benefit our society. CameraWatch looks forward to totally legal CCTV throughout the UK, which will remove suspicion surrounding the cameras, make our country safer, and most certainly improve the image of camera surveillance.