SECURITY ENCRYPTION DATA PROTECTION. The Complete Guide to Body Worn Camera Data Protection BODY WORN CAMERA STORAGE



Similar documents
Video surveillance policy (PUBLIC)

UNIVERSITY COLLEGE LONDON CCTV POLICY. Endorsed by the Security Working Group - 17 October 2012

DATA PROTECTION POLICY

Protection. Code of Practice. of Personal Data RPC001147_EN_D_19

(4) THAMES VALLEY POLICE of Oxford Road, Kidlington, OX5 2NX ("Police Force"),

MONMOUTHSHIRE COUNTY COUNCIL DATA PROTECTION POLICY

Policy on Public and School Bus Closed Circuit Television Systems (CCTV)

Self assessment tool. Using this tool

DATA AND PAYMENT SECURITY PART 1

Protection. Code of Practice. of Personal Data RPC001147_EN_WB_L_1

University of Birmingham. Closed Circuit Television (CCTV) Code of Practice

Data Protection Policy

Data Protection Policy

Falkirk Council Data Protection Guidelines

LONDON DOWNTOWN CLOSED CIRCUIT TELEVISION (CCTV) PROGRAM CODE OF PRACTICE CITY OF LONDON, ONTARIO

Data Protection Procedures

Data Security and Extranet

Caedmon College Whitby

Data Protection Policy

POLICY FOR USE OF CCTV SYSTEM AT BOW SCHOOL OF MATHS AND COMPUTING SCHOOL

Video surveillance at EFSA Implementing rules and technical specifications

CCTV CODE OF PRACTICE

Parliamentary Security Camera Policy

Photography and filming in schools Code of Practice

The CPS incorporates RCPO. CPS Data Protection Policy

Information Circular

Template for Automatic Number Plate Recognition (ANPR) Infrastructure Development Privacy Impact Assessment

INFORMATION SECURITY POLICY

Information Governance Framework. June 2015

Human Resources and Data Protection

University of Limerick Data Protection Compliance Regulations June 2015

Closed Circuit Television (CCTV) code of practice. Based on the publication A Code of Practice for CCTV

A Mobile Phone and Camera Toolkit for Early Years Settings. Early Years Services April 2013 Version 1.0

Policy for Management of CCTV on Waste Operation Vehicles

Buckinghamshire County Council Transport for Buckinghamshire ANPR Code of Practice

Corporate ICT & Data Management. Data Protection Policy

We then give an overall assurance rating (as described below) indicating the extent to which controls are in place and are effective.

Automatic Number Plate Recognition (ANPR) Systems

ROEHAMPTON UNIVERSITY DATA PROTECTION POLICY

Hang Seng HSBCnet Security. May 2016

DATA PROTECTION POLICY

singapore american school

Corporate Policy and Procedure

How To Use A Surveillance Camera Safely

DATA PROTECTION POLICY

Data Protection Act. Conducting privacy impact assessments code of practice

SURVEILLANCE AND PRIVACY

NOS for IT User and Application Specialist. IT Security (ESKITU04) November 2014 V1.0

CCTV Cameras Policy. Policy Guidelines

DATA PROTECTION POLICY

University of London CCTV Policy UNIVERSITY OF LONDON CCTV POLICY. Academic Buildings, Libraries and Residences. Page 1 of 10

Data Protection Act Bring your own device (BYOD)

Data Protection Policy

Final Version 1.0 December 2015

Data Protection and Information Security. Procedure for reporting a breach of data security. April 2013

Data Protection Policy

LEEDS BECKETT UNIVERSITY. Information Security Policy. 1.0 Introduction

technical factsheet 176

Saint Martin s Catholic Academy

OIPC GUIDELINES FOR THE USE OF VIDEO SURVEILLANCE SYSTEMS IN SCHOOLS

TERMS & CONDITIONS of SERVICE for MSKnote. Refers to MSKnote Limited. Refers to you or your organisation

CCG: IG06: Records Management Policy and Strategy

DATA PROTECTION POLICY

So the security measures you put in place should seek to ensure that:

Data Protection Policy

Little Marlow Parish Council Registration Number for ICO Z

Data Protection Policy

Privacy and Electronic Communications Regulations

Small businesses: What you need to know about cyber security

Data Protection Policy. Information Security Review Group. Version Date Author Notes on Revisions

COBAR SHIRE COUNCIL FILE:P5-90

Focus on Subject Access Requests for insurance purposes. August 2015 (updated further to July 2015 guidance)

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

DATA PROTECTION ACT 1998 COUNCIL POLICY

Data Protection Act Guidance on the use of cloud computing

Data protection. Wi-Fi location analytics

CCTV PROCEDURES To support Information Security Policy Framework

UNIVERSITY OF ABERDEEN POLICY ON DATA PROTECTION

START UP LOANS PRIVACY AND DATA PROTECTION TERMS AND CONDITIONS

Data Protection Guidance

Data Protection Policy

Contra Costa Community College District Business Procedure SECURITY CAMERA OPERATING PROCEDURE

Scotland s Commissioner for Children and Young People Records Management Policy

Networking and Social Media Policy

BRING YOUR OWN DEVICE

12th January Dear Mr. Graham, Complaint: Internet Eyes

GUIDE TO THE ISLE OF MAN DATA PROTECTION ACT. CONTENTS PREFACE 1 1. Background 2 2. Data Protections Principles 3 3. Notification Requirements 4

The potential legal consequences of a personal data breach

Information Security Policy September 2009 Newman University IT Services. Information Security Policy

St. Peter s C.E. Primary School Farnworth , Internet Security and Facsimile Policy

Merthyr Tydfil County Borough Council. Data Protection Policy

Data Protection Policy

Mobile Devices Policy

OIPC Guidelines for Video Surveillance by Public Bodies in Newfoundland and Labrador, June 2015 ATIPPA, 2015 Criminal Code of Canada

Data Protection Policy

Last updated: 30 May Credit Suisse Privacy Policy

University of Essex Automatic Number Plate Recognition (ANPR) Policy

IM&T POLICY & PROCEDURE (IM&TPP 01) Anti-Virus Policy. Notification of Policy Release: Distribution by Communication Managers

Derbyshire Constabulary CRITICAL INCIDENT POLICY POLICY REFERENCE 06/047. This policy is suitable for Public Disclosure

Cleveland Police. Data protection audit report. Executive summary November 2014

Transcription:

SECURITY DATA PROTECTION ENCRYPTION BODY WORN CAMERA STORAGE The Complete Guide to Body Worn Camera Data Protection

Overview Edesix has been providing technology solutions to organisations for over ten years and understands the importance of having robust procedures and policies in place for handling video recordings, particularly those made of members of the public. In this guide we provide an overview of the responsibilities organisations have when using recording devices and the steps to take to ensure your data management is compliant with current legislation. What do I need to know about Data Protection? Whilst body worn video equipment such as VideoBadge does not fall under the traditional definition of CCTV as closed circuit television hardware, many of the same guidelines and protocols apply, particularly in instances where sensitive personal data is collected and subsequently handed to the police or any other public body as part of an investigation. Because of this, individuals operating VideoBadge must ensure that their usage complies with the Data Protection Act (DPA), in order for the footage they capture to be usable. The act contains eight Data Protection Principles. Further detail of the Act is available at w.dataprotectionact.org Secure Encryption Data Protection These specify that personal data must be: Processed fairly and lawfully Not kept any longer than necessary Obtained for specified and lawful purposes Adequate, relevant and not excessive Accurate and up to date Processed in accordance with the data subject s (the individual s) rights Securely kept Not transferred to any other country without adequate protection in situ

How does VideoBadge help me comply with Data Protection Principles? VideoBadge hardware and VideoManager software are designed from an early stage to guarantee security from camera to courtroom. VideoBadge burns the date, time, device and frame number into every frame of footage, allowing for clear indexing. Camera AES encryption guarantees the identity of the badge and manager, preventing eavesdropping from unauthorised individuals. A VideoBadge cannot be accessed without the correct RSA authentication key, which can be uniquely assigned to each badge, shared between several badges, or even shared across multiple VideoManagers in one organisation. VideoManager controls which users can gain access. This means the VideoManager runs as a secure service that cannot be directly accessed from the user s logon. Additionally, audit logs are recorded for every user action on the system, allowing traceability for potential misconduct. VideoManager When footage is exported to be burned to DVD, a signature is burned into the exported video clip, linking back to the user, date, time and other details about the export. Every user can have different access control settings, preventing unauthorised access to sensitive functions such as footage deletion. VideoManager automatically implements the customer s configured data retention and deletion policies. The VideoManager can delay data deletion requests to prevent malicious evidence removal, according to configured policy. Courtroom What are the dangers of not having these high levels of security in place? Negligent security in regards to handling data can have many negative consequences for an organisation. Aside from the subsequent lack of trust following a data breach, organisations can also be subject to a hefty fine. By encrypting data, the impact of the loss of any device which contains sensitive information is minimised. Edesix hugely reduces the risk of data breaches with its encryption policy, whereby each and every VideoBadge unit is safeguarded with AES encryption. This makes it near-impossible for the loss or misplacement of a VideoBadge to result in damaging breaches involving sensitive personal data. AES ENCRYPTION

I am about to start using VideoBadge as part of my organisation. What do I need to know? How do I prevent data breaches? Where Can I Film? You may record footage in public or semi-public places Public place: any location where members of the public are free to go Semi-public place: private property which gives the public access. E.g. an airport However, location is only one factor. The nature of the activity being performed must be taken into account. For example, a person receiving medical treatment in such a location has a legitimate or heightened expectation of privacy and therefore may request that they not be filmed. As a general principle, in any area in which a person could reasonably be expected to understand that they are being monitored by traditional fixed camera CCTV surveillance, it can be taken for granted that filming may occur. The behaviour of the person(s) involved is also important. Anybody undertaking criminal actions or acting in a seriously anti-social manner in a public or semi-public place has less entitlement to privacy, and as a result can be filmed without explicitly giving consent. In private places, there is generally a much greater expectation of privacy. Therefore you should ask permission before you record footage of person(s) in a private setting i.e. their household. As a member of a public or private organisation you must determine the purpose of your intended surveillance and make several other considerations whilst installing VideoBadge. You should already be aware of how installation of surveillance fits into your organisation s over-arching goals, and who in your organisation will occupy key roles and responsibilities. Being informed on these issues helps prevent the main causes of data loss or data breaches, whilst also protecting your organisation from any legal repercussions should such an event occur. Effective Use Of Disclosure You should be aware that once you have disclosed an image to another body, such as the police, you are still a data controller for the footage, whilst they also become the data controller for their copy of that image. The police are also legally permitted to seize any footage which they have reasonable grounds to suspect contains evidence pertaining to an on-going investigation. Data controllers should not hand over recorded footage to the media, or upload such footage to the internet for entertainment.

Effective Administration You need a clearly defined basis for handling sensitive data, in the form of a data controller. The data controller determines the purposes for which and the manner in which any personal data are, or are to be, processed. The data controller is usually an organisation but can also be an individual. The purposes and ways of handling data can be determined by several data controllers at once. If these data controllers are using the same pool of information for the same purposes, they are joint data controllers. If these data controllers are processing independently of each other, they are data controllers in common. Data controllers are obliged to notify the Information Commissioner s Office (ICO) that they are a data controller. This notification should be renewed annually. Organisation Goals Well-defined, specific purposes for the use of images and footage, with respect to specific guidelines. For example, you should not record images or footage to monitor staff behaviour or performance if the sole declared purpose of your VideoBadge units is to detect/prevent crime. However, if you are using body-worn video primarily for training purposes, you may record such footage if the subject is fully notified in advance. Security Measures Make sure all firewalls are up to date, that all relevant software is automatically and regularly updated with patches, that all information is backed up, and that all system operators have some form of anti-spyware installed. In allowing for regular updates, you help keep your VideoBadge even safer from potential threats. Effective storage You should store images in a way that maintains their integrity and security VideoManager, which comes with every VideoBadge unit, allows only for log-on access to promote security. Furthermore, every user can have different access control settings, preventing unauthorised access to sensitive functions such as footage deletion. An hour of HD footage amounts to roughly 1 gigabyte of storage calculate how much space you could potentially need with regard to how many VideoBadges you are using, and how regularly. Recorded images and footage should be viewed in a restricted area i.e. a secure office. How long you retain images should reflect the overall purposes of surveillance.

Respect For Privacy You should not record footage in areas with a heightened expectation of privacy without very strong justification, and extra efforts to make sure the individuals concerned are aware that they are being filmed. You can find more information on the latest regulations and guidelines on the following sites: Data Protection Act w.ico.org.uk Surveillance Camera Code of Practice w.gov.uk/government/publications/surveillance-cameras-code-of-practice Surveillance Camera Commissioner w.gov.uk/government/organisations/surveillance-camera-commissioner

Established in 2002 as a technology design and manufacturing company, Edesix is the only UK designer and manufacturer of professional body worn video systems. w.edesix.com sales@edesix.com 0131 510 0232

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information