Video surveillance best practices

Video surveillance best practices

A significant aspect of surveillance best practice centres on data privacy. With millions of surveillance cameras installed around the world, people are naturally concerned about potential intrusion and about how their data, in the form of images, will be used.

However, there are also practical elements for CCTV operators to consider when installing CCTV cameras to ensure that they work effectively to deter crime and to ensure people’s safety.

Best practice CCTV installation

• Place cameras strategically
  For an optimal surveillance video system, install cameras in areas with high traffic volumes, where assets need protection, or where people may be at risk. For instance, in a retail store, position cameras near cash registers and entrances. In tourist venues and transport hubs, place cameras to detect crowd patterns and anticipate emerging problems.

• Ensure proper lighting
  Adequate lighting can be crucial for capturing clear footage, although some cameras are capable of operating in low light settings. In outdoor settings, consider using infrared cameras for effective nighttime surveillance.

• Regular maintenance
  Keep cameras need to be kept clean and a regular maintenance schedule is required to ensure they are functioning correctly.

• Secure access
  Restrict access to the surveillance system and monitoring of video cameras to authorised personnel only. Implement password protection and encryption to prevent unauthorised access.

• Comply with regulations
  Be aware of privacy laws and regulations regarding video surveillance in your region. For instance, in the EU, the General Data Protection Regulation (GDPR) outlines strict guidelines for video surveillance.

Conduct assessments

• Initial assessment: Perform a privacy impact assessment before installing new CCTV systems to evaluate potential privacy risks.

• Ongoing impact reviews: Regularly review and update the privacy impact assessment to address new risks or changes in the system.

By following these installation best practices, you can enhance the effectiveness and security of your video surveillance system.

Video surveillance best practices and data protection

Balancing security needs and privacy rights

Implementing video surveillance security and CCTV systems with respect for privacy requires adherence to best practices that balance security needs with individual privacy rights. It is absolutely essential to implement privacy practices to protect individuals' rights. Here are key guidelines for ensuring privacy in the use of CCTV video surveillance:

Legal compliance and transparency

• Data protection laws: Ensure compliance with relevant data protection and privacy laws, such as the GDPR in Europe or CCPA in California.

• Regular audits: Conduct regular audits to ensure ongoing compliance with changing laws and regulations.

• Clear notices: Inform individuals that CCTV cameras are in operation through clear signage. For example, in a workplace, post signs indicating clearly where there are surveillance areas.

• Purpose of surveillance: Indicate the purpose of the surveillance to inform individuals why their images are being recorded (for example, security, crime prevention, safety monitoring).

• Policies and practices: Make CCTV policies and practices publicly available, and explain in detail how footage is collected, stored and used.

Access rights

• Access rights: Inform individuals of their rights to access footage in which they appear and explain the procedures to request such access. For example, include details about the data owner and person to contact for acquire information.

• Respond promptly: Establish procedures to respond to individuals' requests to access footage in which they appear.

• Redaction tools: Use face blurring or redaction tools to protect the privacy of other individuals captured in requested video footage. Whenever data is shared with third parties (whether an individual, a lawyer, a media outlet or a court), all but the subject of interest must be redacted (blurred or removed) to ensure compliance best practice.

• Resolution process: Develop a clear process for handling privacy complaints related to CCTV to ensure timely and transparent resolution.

Data minimisation

• Purpose limitation: Use CCTV only for its intended purpose, such as security monitoring. Avoid using footage for unrelated activities, which would include potentially intrusive surveillance such as employee monitoring.

• Data minimisation: Collect and retain only necessary footage. It is important to delete recordings once they are no longer needed for security or other intended purposes. If best practice deletion is not adhered to, people’s privacy rights are at risk and any court is very likely to find against the CCTV operator.

• Specific areas: Focus on areas where surveillance is necessary, such as entrances, exits and high-risk zones.

• Avoid private spaces: Do not place cameras in areas where people expect privacy, such as restrooms, changing rooms or private offices.

• Access control: Limit access to CCTV footage to authorised personnel. Implement strict controls to prevent unauthorised viewing or sharing of recordings. Best practice access protocols build trust and protect the CTTV operator and the general public alike.

Data security

• Data security: Secure CCTV data to prevent breaches. Use encryption, secure storage and access controls to protect recorded footage from unauthorised access and the risk of hacking.

• Secure channels: Ensure that data transmitted between cameras, storage devices and monitoring stations is encrypted.

• Network security: Protect the CCTV network from hacking and unauthorised access through firewalls, intrusion detection systems and regular security assessments.

Operational best practices

• Staff training: Regularly train staff on surveillance and privacy best practices, data protection laws and the ethical use of CCTV.

• Awareness programs: Conduct awareness programs to ensure all personnel understand the importance of privacy and data protection.

• Regular technology reviews: Regularly review and assess the CCTV technology to ensure it meets current privacy and security standards.

• Up-to-date systems: Keep systems up to date with the latest security patches and software updates to protect against vulnerabilities.

By adhering to these privacy guidelines and practices, you can ensure that CCTV systems are used responsibly and respect individuals' privacy rights.

Video redaction best practices

Best practice video redaction (data masking) is essential to fulfil the increasing number of subject access requests (SARs) and to avoid fines and reprimands for privacy breaches, which are also on the rise.

Many companies experienced a rise in SARs during the pandemic and the trend has continued in the past two years. Public sector organisations such as the NHS struggle to cope with the level of incidents reported. The current situation, with less staff and limited government funding, places video redaction practices in the spotlight.

It’s incredibly important that organisations have the right redaction software in place to enable their data and compliance teams to action SARs efficiently and effectively.

In the ICO’s incident trend reports, statistics show that incidents of “failure to redact” are being reported frequently.

Surveillance best practice: redaction automation

Robust processes must be implemented to minimise the risk of a data breach. Critical aspects of effective privacy processes are staff training and surveillance protocol awareness.

It greatly increases the risk of data breaches and error if video redaction is left to individuals, if manual processes are used, and if footage is allowed to leave an organisation’s own secure IT environment to be redacted off-site.

Facit helps organisations worldwide to maintain video surveillance best practices by deploying fast, accurate, automated redaction software.

Related articles

Best practices for video redaction