As most of us are well aware by now, from 25th May 2018, every EU country will be subject to the new General Data Protection Regulations (GDPR), changing the way personal data is handled by strengthening compliance requirements and introducing strict penalties for failing to adequately protect personal data.

All UK businesses must be conscious of the new rules and make the necessary changes, since non-compliance can result in data breaches and massive fines of up to 20 million Euros, or 4% of turnover - whichever is highest.

The British Security Industry Association (BSIA) holds that there are a staggering six million active CCTV cameras currently being used in the UK. Most businesses of all types and size will be using some type of CCTV, whether it be for security purposes, health and safety or monitoring.

People’s rights and freedoms cannot be overridden, as employees at work still have a right to privacyRight to privacy

What businesses need to be aware of though, is that the images and footage of people captured by their surveillance system is classified as personal data under GDPR, which means that those who operate this type of surveillance must ensure that they are complying with the new regulations.

Under GDPR, those who operate CCTV cameras must be able to demonstrate that there is a strong, transparent, ‘fair’ reason for doing so. People’s rights and freedoms cannot be overridden, even at work – employees still have a right to privacy.

If you haven’t done so already, you should immediately conduct a full data privacy impact assessment, as recommended by the Information Commissioner’s Office (ICO) code of practice. This will help you determine if there is a legitimate reason for processing data through CCTV footage, while ensuring that you are not excessively impacting the privacy rights of the people captured.

Justifying privacy impact assessments

If you are unsure of how to carry out a privacy impact assessment, there are experts out there who can help you

An example of legitimate justification would be a construction site owner introducing wireless CCTV cameras to monitor and secure their site from would-be criminals. In this case, to meet legitimate purpose, the footage must be of sufficient quality and the images captured must be readily available for police examination if such a request is made.

An illegitimate reason, on the other hand, would be the installation of CCTV purely to track the behaviour of employees, which could be viewed as an invasion of privacy. However, if you can say it is there for health and safety purposes, with evidence to back this up, you might then have a justifiable explanation.

If you are unsure of how to carry out a privacy impact assessment, there are experts out there who can help you.

Maintaining transparency

Under GDPR, ‘transparency’ is important when processing data, which means data subjects, i.e. those whose images are captured by CCTV, are entitled to know that they are being filmed, which means you must inform them of the CCTV presence.

To best ensure you are upholding this rule, it is a good idea to display prominent, unambiguous signs within the CCTV area to communicate that you are capturing footage and give people a number to contact for more information.

Not only does this inform people that they could be under surveillance, but by placing prominent signage you are also helping to deter trespassers, who are less likely to enter a premises if they know might be filmed.

Images and footage of people captured by surveillance systems is classified as personal data under GDPR
Those whose images are captured by CCTV are entitled to know that they are being filmed

Data retention

One of the main aspects of GDPR is that personal data cannot be stored forever; it must only be kept for as long as its purpose requires (usually 30 days is recommended). As such, every camera your business operates will have to be assessed in order to ascertain how long footage is to be retained and why.

Each case will be subjective and there are no hard and fast rules as to the ideal retention period. It is up to you to determine an acceptable period, taking into account people’s rights when deciding what is best. The upside is most modern CCTV cameras will allow the operator to set specific data retention limits.

Individuals can request access for free under the new GDPR, making the likelihood of requests higherResponding to data requests

As it falls under personal data, people can request access to CCTV footage which relates to them and the CCTV operator is required to disclose it. However, you must ensure that the person requesting to see the footage is the person who is present in it.

By providing access to the footage, you must be wary not to disclose any personal data of other people, which may mean blurring out sections of the footage (e.g. containing number plates or images of other people) is necessary to avoid data breaches.

Moreover, once a request for data access has been made, this must be provided without delay and within one month at the latest. This can be extended by two months where the request is complex or numerous.

As such, you should ensure that there are appropriate policies in place within your working environment to ensure that employees know how to respond to individual data requests.

Under the old rules, there used to be an admin fee for such requests, but this has been scrapped and now individuals can request access for free under GDPR, making the likelihood of requests higher.

GDPR awareness among security service providers

It’s always important to use a highly reputable security service provider who should be well aware of the GDPR rules Under GDPR, security suppliers are ‘data processors’, which means that the clients of them should have contracts in place outlining what the security supplier can do with the data.

As such, you must ensure that sub-contractors working for your business, such as security suppliers, installers or engineers, are following the rules too.

You will be opening up your business to potential data breaches if you are allowing such third parties to access, remove or distribute personal data captured by the CCTV.

This is why it’s always important to use a highly reputable security service provider who should be well aware of the GDPR rules. If you don’t know, just ask!

Ensuring fair usage

The introduction of GDPR is certainly going to pose some interesting challenges for all businesses and how it unfolds is yet to be seen.

The tighter regulations show that it is no longer acceptable to not be aware of or not understand the rules surrounding personal data and that such breaches will be taken seriously.

However, they should certainly not discourage CCTV use, but instead operators should seek to guarantee fair usage is upheld and take steps to ensure that people know how and why they are being recorded.

Share with LinkedIn Share with Twitter Share with Facebook Share with Facebook
Download PDF version Download PDF version

Author profile

In case you missed it

Which new buzzwords reflect the security industry’s trends?
Which new buzzwords reflect the security industry’s trends?

As an industry, we often speak in buzzwords. In addition to being catchy and easy to remember, these new and trendy industry terms can also reflect the state of the security market’s technology. In short, the latest buzzwords provide a kind of shorthand description of where the industry is - and where it’s going. We asked this week’s Expert Panel Roundtable: What new buzzword(s) rose to prominence in the security industry in 2020? (And how do they reflect industry trends?)

Maximising effectiveness of thermal cameras for temperature screening
Maximising effectiveness of thermal cameras for temperature screening

Thermal cameras can be used for rapid and safe initial temperature screening of staff, visitors and customers. Used the right way, the cameras can help prevent unnecessary spread of viruses like the novel coronavirus. During the global pandemic, use of thermal cameras has increased, but they have not always been used correctly, and therefore, not effectively. Hikvision’s temperature screening thermal products are currently assisting users in initial temperature screening across the global market. During 2020, demand increased in most markets, and the company highly recommends that Hikvision’s thermographic cameras be used in accordance with local laws and regulations. Limitations of the technology include throughput and the impact of ambient conditions. Detect viruses and fever Hikvision releases a video that illustrates how skin temperature measurements are normalised within minutes Thermal cameras cannot detect viruses and fever and should only be used as a first line of screening before using secondary measures to confirm, says Stefan Li, Thermal Product Director at Hikvision. “We also believe it is important for businesses and authorities to use [thermal cameras] alongside a full programme of additional health and safety procedures, which includes handwashing, regular disinfection of surfaces, wearing protective clothing such as masks, and social distancing.” Hikvision has released a video that illustrates how skin temperature measurements are normalised within minutes after someone emerges from the cold. Mr. Li says the video demonstrates the accuracy of forehead measurement under difficult circumstances when people come inside from a cold outdoor environment. Temperature screening facilities “There have been some claims that measuring the forehead temperature is not as accurate as measuring the inner canthus, and we believe this video demonstrates the accuracy of forehead measurement very well,” he says. “We also illustrate how the skin temperature will experience a process of recovery (warming up), no matter if it is measured by a thermal camera or a thermometer.” Mr. Li adds that people should wait five minutes in such circumstances before starting a temperature measurement. “We hope that stakeholders who are involved in the design of temperature screening facilities and associated health and safety procedures will recognise how important it is to consider the skin temperature recovery time, and that forehead measurement can provide accurate test results,” says Mr. Li. Thermal imaging manufacturers The algorithm is based on a large number of test results to obtain a value that tends to be dynamically balanced The temperature measurement principle of thermal imaging is to detect the heat radiation emitted by the human body. The detected heat value often does not reflect the true internal body temperature of an individual. Furthermore, the temperature varies among different parts of the human, such as the forehead, ears, underarms, etc. A temperature compensation algorithm can be used to adjust the measured skin temperature to align with the internal body temperature. The algorithm is based on a large number of test results to obtain a value that tends to be dynamically balanced. At present, thermal imaging manufacturers in the market, and even forehead thermometer manufacturers, have developed their own algorithms to map the skin temperature measured by the camera to the internal body temperature, so as to compensate the skin temperature to the internal body temperature. Thermal cameras This is also why Hikvision recommends that the "actual body temperature" should be checked with a secondary device for confirmation. The calibration work for a thermal camera is completed in the production process at the factory, including calibration of reference values and detection point and so on. At the same time, the equipment parameters should be adjusted before on-site use to ensure accurate temperature reads. Hikvision does not deny the accuracy of temperature measurement at the inner canthus but prefers forehead temperature measurement and algorithms based on actual use scenarios, says Mr. Li. A large amount of test data and practical results indicates that the forehead is a correct and easy-to-use temperature measurement area, says the company. There are advantages and disadvantages of choosing different facial areas for temperature measurement. Default compensation temperature Two main approaches direct the measurement area and how compensation algorithms are applied: Forehead area + default forehead compensation algorithm value Upper half face (forehead + canthus) + default inner canthus compensation algorithm value. Both methods deploy compensation algorithms, but the default compensation temperature of the inner canthus will be less than the default compensation temperature of the forehead, generally speaking. The reason is that the temperature of the inner canthus of most people is higher than their forehead, so the temperature compensation is relatively low (i.e., closer to the actual temperature inside the body.) Upper face area Hikvision found that selecting the upper face area plus the default compensation value for the inner canthus resulted in situations when the calculated temperature is lower than the actual temperature. For the Hikvision solution, the forehead is a relatively obvious and easy-to-capture area on an entire face Mr. Li explains: “The reason is that when the camera cannot capture the position of the inner canthus (for example, when a person is walking, or the face is not facing the camera), the camera will automatically capture the temperature of the forehead. Then the result that appears is the sum of the forehead temperature plus the default compensation temperature of the inner canthus, which is lower than the actual temperature of the person being measured. Therefore, errors are prone to occur.” Thermal imaging products But for the Hikvision solution, the forehead is a relatively obvious and easy-to-capture area on an entire face. Also, the default forehead compensation temperature is based on rigorous testing and can also correctly mimic the actual temperature of the person being measured, says Mr. Li. After many test comparisons, considering that the results of forehead temperature measurement are relatively more stable, and in order to avoid the false results from inner canthus temperature measurement, Hikvision chose the forehead temperature measurement approach. “We look forward to bringing thermal imaging products from a niche market where there is a relatively high-end industry application to a mass market and serving more users,” says Mr. Li. Facial recognition terminals Additional application parameters can maximise effectiveness of thermal cameras for measuring body temperature: Positioning and height - All cameras must be mounted appropriately to avoid loss of accuracy and performance. The installation height of each camera must be adjusted according to camera resolution and focal length, and stable installation is needed to avoid errors caused by shaking. Ensuring a ‘one-direction path’ - The detection area must ensure that cameras capture the full faces of all those passing by or stopping, and obstacles should be avoided in the field of view, such as glass doors that block the camera. Adequate start-up and usage - A waiting time of more than 90 minutes is required for preheating, after the initial start-up. Before conducting a thermal scan, people should be given three to five minutes to allow their body temperature to stabilise. When Hikvision MinMoe facial recognition terminals are used, people must stand at a fixed distance, pass one by one, make a short stop, and face the camera directly. Hikvision cameras support efficient group screening, but one-by-one screening is suggested for more accurate results, says Mr. Li. Unstable environmental condition An unstable environmental condition may affect the accuracy of thermal camera systems Environmental factors can impact the accuracy of thermal cameras, and the idea of using a black body is to provide the camera with a reference point that has a stable temperature. The black body is heated to a specific temperature and helps the thermal camera to know how much error is caused by environmental factors in the room, and how the camera should calibrate itself in real time to improve its accuracy. A black body can help increase the temperature measurement accuracy, and the most common improvement is from ±0.5 degrees to ±0.3 degrees. However, it also increases the cost of the installation. In some markets, customers may require black bodies in order to comply with regulatory accuracy requirements. An unstable environmental condition may affect the accuracy of thermal camera systems for measuring temperature. Medical temperature measurement Therefore, Hikvision suggests that the ambient conditions should be met for installation and use. First of all, users should avoid installing devices in hot or changeable environments. All cameras require indoor environments with calm air, consistent temperature and no direct sunlight. Installation should also be avoided in semi-open locations that may be prone to changes in ambient conditions, such as doorways, and there should be enough stable, visible light. All devices should be installed to avoid backlighting, high temperature targets, and reflections in the field of view as far as possible. “We often see the misconception that thermal cameras can replace medical temperature measurement equipment, which is not the case,” says Mr. Li. Rapid preliminary screening “Temperature screening thermographic cameras are designed for the detection of skin-surface temperatures, and the measurement should be conducted to achieve rapid preliminary screening in public areas. It is really important that actual core body temperatures are measured subsequently with clinical measurement devices.”

Looking back at 2020: Cloud systems expand in shadow of COVID
Looking back at 2020: Cloud systems expand in shadow of COVID

The cloud is here to stay. Its resilience and ability to connect the world during during the COVID-19 pandemic has proved its worth, even to the uninitiated who have now witnessed first-hand the value of connected systems. Video and access control as a service provides a flexible and fluid security and business solution to meet the demands of a rapidly evolving industry, where the changing threat landscape means investing in the cloud is an investment towards success. This article will look back at our articles in 2020 about the growing popularity of cloud solutions for physical security, with links to the original content. Product offering While most people agree on the definition of “cloud,” there are several points about the terminology that may require clarification. Private cloud or public cloud? VSaaS or unlimited storage for video? Beyond the basics, the terms become foggy, reflecting a variety of notions about how cloud services fit into the broader physical security marketplace. As cloud usage becomes more popular, it’s important that marketers be precise in their terminology, and that integrators and end users be diligent in understanding the specifics of available product offerings. Different meanings “The cloud has many different possible connotations, depending on the context,” says Yu Hao Lin of Rasilient Systems, one of our Expert Roundtable panelists. For example, corporate CIOs will more likely understand the cloud to be a private cloud platform. As such, the public cloud is a ubiquitous term while the private cloud is more specified. Cloud system security Security of cloud systems is an ongoing discussion in the industry, especially how cloud system cybersecurity compares to that of on-premise systems. Our Expert Panel Roundtable weighed in on this question. “While both kinds of security systems serve their purpose, it can be argued that the streamlined updates that are commonplace with cloud-based solutions may put them at more of an advantage when it comes to data security,” says panelist Eric Widlitz of Vanderbilt Industries. “Also, most reputable cloud-based solutions are running in secured data centers by companies such as Google, Microsoft or Amazon, so you also get to take advantage of all the security layers they have protecting your data.” Hybrid cloud video security solution A growing list of cloud players reinforces the importance of the cloud in the future of physical security There are several relatively new companies pushing cloud in a big way. Verkada is fast-growing company currently currently focusing to deliver an all-in-one hybrid cloud video security solution powered by edge processing inside the camera. The growing list of cloud players reinforces the importance of the cloud in the future of physical security. Combining AI and cloud video One company investing in the cloud is Eagle Eye Networks, which has raised $40 million of Series E funding from venture capital firm Accel to finance the realisation of their vision to combine AI and cloud video. The money will allow Eagle Eye to continue its steep growth curve and leverage AI on its true cloud platform to reshape video surveillance. “The investment will make video surveillance smarter and safer for end-users,” says Ken Francis, President. Eagle Eye offers an application programming interface (API) to enable the integration of best-in-breed third-party AI and analytics systems to leverage the video. Eagle Eye is also investing in its own AI development and hiring additional development and customer service personnel. Hirsch Velocity Cirrus and MobilisID Identiv introduced the Hirsch Velocity Cirrus cloud-based Access Control as a Service (ACaaS) solution and MobilisID smart mobile physical access control solution. Hirsch Velocity Cirrus is an optimal solution for both end-users and integrators, with lower upfront costs, reduced maintenance, enhanced portability, and the future-proof assurance of automatic security updates and feature sets.  MobilisID is a smart mobile physical access control solution that uses Bluetooth and capacitive technologies to allow frictionless access to a controlled environment without the need to present a credential. Advantages and disadvantages Advantages of cloud-based physical security technologies are many, when supporting staff  The advantages of cloud-based physical security technologies are many, and have wide-ranging applications for all areas of the transport sector; across stations, transport hubs and vehicles. When used to support staff and complement existing processes, such systems can prove invaluable for transport professionals in helping to create a safer working environment, promoting confidence among personnel and passengers, and assuring passengers who are fearful about the current pandemic that all possible precautions are being taken during their journey. 5G supporting cloud-based applications 5G is the first communication environment that is cloud-native. As such, such, 5G networks will support cloud-based applications in a way that 4G, 3G and 2G can’t support. For instance, sensors (e.g. in a manufacturing plant) often have small internal storage and rely on synced devices (e.g. gateways) to interact with the cloud. Soon, these sensors will be able to work more efficiently, interacting with the cloud via the ultra-low latency and the edge computing capabilities supported by 5G networks. Increasing use of IoT Unlike current IoT services that make performance trade-offs to get the best from these existing wireless technologies, 5G networks will be designed to bring the high levels of performance needed for the increasing use of IoT. It will enable a perceived fully ubiquitous connected world, with the boosted capacity offered by 5G networks transferring exponentially more data at a much quicker rate.