Monitoring property and premises nowadays is a must. Weston Communications expertise in design, installation, upgrading and maintenance of CCTV systems ensures nothing is left to chance.

Our detailed knowledge of today’s sophisticated technology allows us to develop individually tailored systems, no matter how unique the requirements. Our track record covers every business environment - retail premises, hotels, filling stations, distribution centres and all types of commercial property.

From the smallest single camera system to the largest, multi-site fully networked integrated system – Weston Communications can provide a bespoke solution tailored to your precise requirements and budget.

Network video’s advanced functionality makes it an ideal solution to many traditionally challenging CCTV scenarios.

By using existing client network installations, installation time and cost are reduced to a minimum. Whilst the ability to view and control not only live but also recorded images from either the LAN or indeed the internet, make networked CCTV and extremely adaptable solution.

Existing analogue CCTV systems are easily incorporated within a networked video solution with the use of IP video servers providing real time MPEG4 video at any point on the network.

You are not only limited to video. Audio, access control and remote control of gates, doors or lighting is also possible. The possibilities are endless, allowing future-proofing and virtually limitless local and remote expansion.

Digital Video Recorders (DVR’s) are the greatest leap forward in CCTV in recent years. The VCR has long been acknowledged as the weakest pointy of any CCTV system, having limited resolution, reduced playback quality, high maintenance requirements and reliance on expensive multiplexers to consolidate several camera images to a single multiplexed recording.

Generally, all DVR’s will provide massive recording potential from 1 day to several months. Recording image quality can be defined from camera to camera and video motion detection ensures that only scenes with movement are recorded, helping to further extend the recording capacity of any system.

Snapshots can be taken and emailed or printed instantly. Short movie clips of events can also be copied to CD or DVD, emailed or viewed across networks.

All of this whilst the DVR is still recording. Indeed, an unauthorised user is not able to interrupt the recording at all – allowing a manager to have full control from any location anywhere.

Most DVR’s are fully network compatible allowing remote control and access. The requirement to change expensive fragile tapes everyday is a thing of the past. With DVR’s, you really can fit and forget.

Weston Communications can evaluate your requirement to provide the very best DVR solution. With so many DVR’s on the market place and each manufacturer telling you theirs is the best, it really does take an experienced open minded approach to select the most appropriate.

Many of the systems available do not meet the rigid Police Scientific Development Branches benchmarks for DVR’s and as such their evidential use in Courts may well be compromised. Not all DVR’s are compatible with the wide range of fully functional domes on the market. Different recording formats may dictate a final choice as well as the type of ‘watermarking’ used on recordings. It really isn’t as easy as simply buying the cheapest unit available – as with all things in life – you really do get what you pay for, and if you are not careful, this may be a poor quality, incompatible DVR which the Police can’t use anyway.

Most criminals rely on vehicles to commit crime. Automatic Number Plate Recognition (ANPR) is a policing tool designed to make it far more difficult for them to use vehicles without being detected.

ANPR consists of cameras linked to a computer. As a vehicle passes, the ANPR equipment reads the number plate and checks it against sources such as the Police National Computer (PNC), DVLA and Customs and Excise databases. If the number plate is matched, for example with a stolen car, the ANPR equipment will sound an alert so that the car can be stopped.

ANPR has many other uses, including tracking and stopping vehicles associated with known suspects. Schemes using ANPR to combat drive-offs from garage forecourts have been extremely successful as well as automated access control to car-parks. Trials have shown that an officer using ANPR makes 10 times the arrests of an officer without it.

Weston Communications have the technological edge over its competitors by working closely with its in-house Networks division to provide the most robust and reliable IT based ANPR solutions. A careful selection of camera, lens, lighting, server hardware and software will ensure the clients needs are met precisely – rather than the industry standard solution of attempting to get your requirement to fit their solution !

Weston Communications Customer Service is committed to providing a flexible and responsive approach which means that our maintenance packages can be designed to suit the exact requirements of each customer by providing the following services in any combination:

• Planned Preventive Maintenance
• Emergency Callout
• Response Time
• Equipment Replacement

Even if you wish to perform your own Preventive Maintenance we can provide telephone Technical Support together with priority equipment repairs and on-site services within 24 hours.

Planned Preventive Maintenance
Any number of Planned Preventive maintenance visits depending on the equipment installed and its operating environment.

Emergency Callout
We offer Remedial Maintenance on-call which guarantees a qualified engineer on site to correct any faults. This facility is available 24 hours a day, 365 days a year and is included as standard within our maintenance contracts. We also offer options which provide reduced cover for non critical equipment.

Response Time
Our standard response is to have an engineer on site within 24 hours of a call being received by our Customer Call Centre. However we also offer 4 hour, 8 hour, 12 hour and next working day options which can be applied to all or some of the installed equipment in any combination.

Equipment Replacement
As part of the Spare and Repair Service we will either repair or replace faulty items as required.

Technical Support
Industry experience has enabled us to develop an extensive Technical Support function which provides rapid fault diagnosis and on line technical assistance. This enables us to offer a range of stand alone Support Services which complements the Remedial and Planned Preventive Maintenance services offered within our maintenance contracts, and provides customers with the specialist support they require.

Our qualified and experienced Technical Support Team, which operates within Customer Services, provides high level expertise for almost any hardware product and Initial proprietary software products in the form of:

• Telephone Support
• On-site Engineering Support
• Software Updates
• Technical Documentation
• System Health Checks
• Equipment Compatibility Advice
• Software Problem Solving
• Remote Diagnostic Facilities

Spares
At Weston Communications Customer Services we are committed to providing spares to support all of our systems, no matter when they were installed. Although a spares service is available within our maintenance contracts, this service also exists in its own right so even if you do not have a maintenance agreement with us you can still benefit.

We offer up to date information regarding equipment availability, and if an item becomes obsolete we will offer a cost effective alternative solution.

In addition to providing recommendations on the compatibility of spares with your particular system, we also give advice on Recommended Spares Holding levels in order to ensure minimum system downtime.

Alternatively, if you do not wish to hold any spares on site, we can provide a Recommended Spares List with all relevant equipment information which simplifies the reordering process.

All our recommendations are published information and our long term experience. Furthermore, all our spares are supplied fully tested to the highest standard and are delivered to you by courier service.

Repair
Despite advances in equipment reliability, some degree of electronic failure is inevitable. Fortunately the loss of time, and consequent economic penalties associated with unexpected system downtime, can be largely avoided as a result of our fully comprehensive Repair Services.

Our Repair Services are highly flexible because, in addition to being included within our Maintenance contracts, these services also exist in their own right available on a time and material basis or as a fully comprehensive contract.

Using our own experienced engineers and state of the art technology designed to diagnose and test a wide range of equipment, quality of repair work is assured. Each repaired item is then comprehensively checked before being returned to the customer within a timescale agreed prior to work commencing. As a truly multi vendor service we are able to offer an extremely efficient and cost effective Repair solution designed to meet your specific turn-around and logistic requirements. Whilst our standard Repair Service is sufficient for the needs of many of our customers, a significant number also choose to benefit from our additional unique services which offer:

• Service Exchange
• Routine Equipment Health Checks
• Modifications and Upgrades
• Extended Warranty
  

This article seeks to provide you with a guide to the legislation, notify you of the implications that this may have for your business, and provide you with some solutions to the demands made of your business. The article is aimed at those who use CCTV to monitor public spaces or places to which members of the public have access. This includes visitors, salesmen etc. to sites that have CCTV inside their perimeter or offices.

At the time of writing this article there are still issues that the Data Protection Registrar, now known as the Data Protection Commissioner, has to clarify. However the information is the very latest interpretation we can give of the legislation.

Scope of the Act
The Data Protection Act 1998 has superseded the 1984 Act and now covers a number of other “data” storage and retrieval systems. For the first time in the United Kingdom there is now a statutory regulation which covers the use and management of CCTV systems that record the camera output. The Act was introduced as

part of the UK Government’s response to the growing un-ease by the House of Lords and some sections of the public, on the use and abuse of CCTV generated material². It is also a part of the Government’s response to the European Directive on Privacy Issues3 and will be complimented in October 2000 by the incorporation into UK law of the Human Rights Act 1998 (A glossary of some terms and definitions is included at the end of this document).

The Data Protection Act was passed in 1998 and came into effect from 1 March 2000. From that date any member of the public or staff or an organisation, has the right to request access to any CCTV data that they believe a CCTV “owner” holds, and in which they appear. It is important to note that they do not have to give a reason for the request and Data Controllers are not entitled to ask for one. There are some exceptions to this principle but the watchword now for those using CCTV has to be “consider the privacy of those who you view.” Whilst the protection of personal privacy is the main aim of few systems, European law places a high value on privacy and this is something which CCTV Managers will have to take on board. By definition the Standards set in the Code associated with this Act apply to those who record data and so any CCTV system that does not have a recording element to it, is currently outside many of the standards. However it is not outside the Act. Viewing personal data for the purposes of crime prevention, detection or the promotion of pubic safety is regarding as processing and as such requires the system to be registered. The owner would then have to meet at least Principle 1+ 2 + 3 + 7.

How does this impact on CCTV users?
The Act currently applies to all systems irrespective of size or purpose of use. There is no minimum limit to the number of cameras in a system etc. 1 camera to 1 video recorder or indeed a camcorder if used for crime prevention and detection or the promotion of public safety falls within the scope of the Act and so the owner needs to notify the commissioner. The Act serves to tighten up poor practice that has dogged the industry and so bring all CCTV users to a minimum standard of administration and data use.

What criteria should be applied to determine if a system should be registered?
There are two elements to consider in determining how the Act applies to your system. Firstly the date it was installed. Secondly, how you record your system output. Remember the Act requires you to comply to the Data Protection Principles even if you are now required to register or “notify” as it is now called. If your system was installed before 24 October 1998 and uses videotape based recording systems which require you to manually find the images by using the fast forward or rewind buttons then you benefit from the 1st transitional period. If you have not registered under the 1984 legislation you have until October 2001 to register and comply with the current Act. If you have registered under the 1984 legislation then you will move to the 1998 legislation when you first register after 24th October 2001. Whilst technically you do not need to comply with the legislation until you are required to register, it is strongly advised that you operate your system as if you are complying. This is for the reason given above and because the Law courts will have to operate with the legislation in place from the 1 March. Challenges to the admissibility of CCTV evidence in the Courts can be expected from 1 March 2000.

³ Directive 95/46/EC

If your system was installed after 24 October 1998 irrespective of what method of recording you are using the whole of the Act INCLUDING the right to access applies from 1 March 2000. You must register your system as soon as possible after that date.

As an “owner” of a CCTV system, you will almost certainly be required to notify your system to the Data Protection Commissioner. You will need to give details of who owns the system and for what purpose the data is being recorded. Statements of purpose might include phrases such as “for the prevention and detection of criminal activity,” or “the promotion of a safer environment in which to live and work.” These statements should also be reflected in your company ‘s Code of Practice and Operator Procedural Manual. It is important that the purposes of your system are clearly specified and adhered to. These two documents are crucial to effective compliance with the Data Protection Act 1998. If your system operates without either or both of these documents, this will also seriously weaken the evidential value of any material gleaned from CCTV footage.

As a company you will need a “Data Controller”, this is “a person who (either jointly or in common with other persons) determines the purpose for which and the manner in which any personal data are, or are to be, processed.” The Data Controller will be required to take all steps to ensure that the data recorded by the company is within the terms of the Act and in accordance with the “Principles” laid down by the legislation. The Data Controller can appoint a Manager to oversee the compliance to the Act, however if that manager of the scheme is an employee of one or more of the Data Controllers, then they will not have data protection responsibilities. However, the manager should be aware that if he or she acts outside the instructions of the data controller(s) in relation to obtaining or disclosing the images, they may commit a criminal offence contrary to Section 55 of the 1998 Act, as well as breach their contract of employment.”4

If the management is devolved to a third party such as a security company employed by the Data Controller to run the scheme, then the security company manager will be deemed a “data processor”. As such they process data on behalf of the Data Controller and are not themselves Data Controllers. Consideration must be given to the Seventh Data Protection Principle in terms of the contractual relationship between Controller and Processor. The Controller will have to satisfy themselves of the adequacy of the Processor’s security arrangements.

Data Protection Principles
The Act lays down eight “Principles” by which the system must comply. In practice, the vast majority of users will only be concerned with the first seven, the eighth deals with transporting data outside the UK.

The Principles

1. Personal data must be processed fairly and lawfully. E.g. with the subject’s consent or because it is necessary to do so, i.e. for the administration of justice.
   
2. Data should be processed for one or more lawful purposes and not further processed for incompatible purposes.
   
3. Data shall be adequate, relevant and not excessive.
   
4. Data shall be accurate and where necessary kept up to date.
   
5. Data shall not be kept for longer than is necessary
   
6. Data shall be processed in accordance with rights of data subjects under the Data Protection Act 1998.
   
7. Appropriate technical and organisational measures shall be taken to prevent unauthorised / unlawful processing of data or accidental loss of, destruction of or damage to data.
   
8. Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level or protection for rights and freedoms of data subjects in relation to the processing of persona data.

As far as managers are concerned Principle seven is of particular relevance. Appropriate security measures will have to be taken both to protect the contents of tapes and to ensure that their location can be identified at all times. Secure storage systems and effective records of who has had access to tapes, when and why will have to be implement. Failure to implement these could prejudice legal proceedings and lead to action from the Data Protection Commissioner. Leaving all tapes in an unlocked drawer or having a logging system which nobody adheres to will be insufficient to satisfy the Data Protection Commissioner if your tape falls into the wrong hands.

Whilst it is not expected that there will be significantly high levels of demand by the public to view the contents of video recordings, it will have an impact where video recordings are used to support criminal proceedings. The defence is almost certain to ask in court and seek assurances that the system was registered and administered in accordance with the Data Protection Act 1998 before allowing the tape to be offered in evidence. Remember even if a system is exempt from notification, it is not exempt from being run in accordance with the principles of the Act set out above.

What you could expect
The public must put any requests to access the data you hold in writing and give enough information for you to be satisfied that they are who they say they are. They must provide a clear description of the time, date and location that they are interested in and a description of themselves to allow you to identify them from the recording. This request can be made at any time after the event. The Standards being introduced by the Data Protection Commissioner indicate that the recording medium should be replaced after 13 uses. Most systems will operate a 31 day tape rotation system so this time scale is not too onerous and provides ample opportunity for someone to request access to the data. A fee may be required to accompany any request for data; currently the legislation is stipulating a maximum fee of £10. As can be appreciated, this is not a large fee. Accordingly, those systems with effective logs and secure storage will be the least inconvenienced as footage should be must easier to find.

As a company the Data Controller must reply fully within 40 days of the receipt of the request or, if later, the first day on which the Data Controller has both the required fee and the information referred to in subsection (3).[1] The Data Controller must provide the enquirer with accompanied access to see the recording or a video copy and or a hard copy print. It is not acceptable to provide a copy of a multiplexed image in time lapse mode without first decoding the relevant camera and slowing the recording down to normal playback speed. The Data Controller must also make every effort to ensure that other “data subjects” are not identified from the showing of the material or that they have given their consent to the showing of the material. In some cases this may mean that the pictures provided need to have some faces blanked out.

In order to meet these requirements it is expected that a comprehensive management system will be in place to record, store and then locate the relevant data ADT have worked with a number of suppliers to locate appropriate products to help you meet these meets.

What will it cost?
To register your system with the Data Protection Commissioner will cost £35 per year. In order to comply with the principles set out in the Act the following equipment together with appropriate procedures will provide the minimum requirement:-

You will also need to consider how you will playback, copy or provide the information that any data subject requesting access.

Managers will need to give careful consideration to their systems ability to meet the purposes for which the system was installed. If through poor maintenance, badly positioned or operated cameras the system fails to provide the quality of images that the system purposes demand then it may be that an offence under Principle 3 of the Act has been committed. E.g. If one of the system purposes is “for the prevention and detection of criminal activity” and the images are not capable of identifying the individual in the picture that may lead to a complaint against the system. The images will also be useless as evidence in a criminal trial, this may make the difference between conviction and acquittal. Acquittals arising out of a failure to spend a few pounds on good quality tapes for example, would demonstrate the false economy involved.

Managers will also have to pay attention to training matters. Operators need to be adequately trained to make them aware of their responsibilities under the Act. Such training needs to be reaffirmed at regular intervals to ensure that standards do not slip. To take an example, if an operator habitually completes logbooks the day after because he needs to get a bus home, one day the tape might be required immediately for the investigation of a serious criminal offence. The failure to log the tape properly may lead to its exclusion from a subsequent court case. If that operator has been given training some months before which has not been repeated or refreshed and the logbooks have not been regularly inspected, it is arguable that the Data Controller is in breach of principle seven.

Offences under the Act
The main offences under the Act revolve around

• Processing without notification
• Failing to notify the Commissioner of changes in your circumstances
• Failing to comply with written requests
• Knowingly or recklessly making false statement in compliance with an information notice
• Intentional obstruction of, or failure to give reasonable assistance in, execution of a warrant

It is also an offence for a person without the consent of the Data Controller, knowingly or recklessly to:-

• Obtain or disclose personal data or the information contained in personal data.

There are exceptions to this in respect of criminal activity but they are carefully constructed and need to be fully understood by the Data Controller.

• Unlawful selling of personal data

All the above offences are triable in either the Magistrate’s Court or the Crown Court. Upon conviction in the Magistrate’s Court, an offender is liable to a maximum fine of £5,000 whilst in the Crown Court an unlimited fine may be imposed.

The Act also provides for separate personal liability for the offences in the Act for Directors or other officers of the company that have committed the offence.

Summary

• Automatic processing means automatic registration.
• New systems from 1st March 2000 means automatic registration.
• Systems installed after 24th October 1998 have until October 2001 to register.
• Systems installed before 24th October 1998 must be registered by 2001.
• All CCTV users now have to comply to the DPA Principles, whether registered or not.
• The purpose of the system must be registered and can cover several sites.
• Whoever sets the ‘purpose of the system’ is responsible for the Data Protection of that scheme.

If you have any further questions contact the Data Protection Office on 01625 545700 Or http://www.dataprotection.gov.uk/