Closed circuit television (CTV) cameras are essential to protecting our homes, our businesses, and our lives in today's world. These systems alert us to potentially dangerous situations in real-time and as a result, they enjoy widespread support among the public.
But that support only goes so far.
Every year surveillance cameras gaze down upon a growing number of street corners, train cars, factory floors, and even living rooms. They watch us when we least expect it. Not surprisingly, such hyper-vigilance has many people concerned about their privacy.
To address those worries, the Information Commissioner's Office (ICO) has issued a series of guidelines on the responsible use of CCTV. Its code of conduct helps organisations understand how they can implement CCTV and still comply with the Data Protection Act of 1998, a piece of legislation which covers personal data protection in the United Kingdom. The guide also spells out under what circumstances organisations may find themselves in violation of the Data Protection Act and to what extent the ICO can hold non-compliant companies responsible.
However, before the ICO can punish an offending organisation, it must first look into each alleged data security incident. The Office receives on average more than 400 cases a quarter. Now it looks like it has another case to add to its list.
On 24 August, the ICO announced it was investigating an incident involving the UK-based privately owned rail company Virgin Trains and Jeremy Corbyn, the British politician who is the leader of the Labour Party.
The event occurred in August 2016. As reported by The Guardian, Corbyn had his team film him sitting on the floor of a Virgin train. The Labour Party leader alleged he could not find a seat on "ram-packed" car and he claimed congestion was reason for the United Kingdom to consider renationalizing its train service.
Virgin dismissed those claims by releasing CCTV footage of Corbyn walking past what appears to be several rows of empty seats. The British politician said many of those seats were already reserved, which meant he and his wife couldn't sit together.
A passenger on the train said he and his wife didn't obtain a seat until 42 minutes into the three-hour ride from London to Newcastle, according to BBC News.
Politics aside, in publishing that video footage, Virgin might have violated its own privacy policies, which state the rail company uses its CCTV footage for the following purposes only:
The ICO is determined to make sure Virgin complied with the Data Protection Act and its own policies in releasing the footage. As the UK authority explains in a statement:
"We are aware of the publication of CCTV images of Jeremy Corbyn and are making inquiries. All organisations have an obligation to comply with the Data Protection Act and must have legitimate grounds for processing the personal data they hold. Where there's a suggestion that this hasn’t happened, the ICO has the power to investigate and can take enforcement action if necessary."
To avoid an investigation at the hands of the ICO, it's important that organisations abide by existing regulatory legislation (such as the Data Protection Act) and comply with their own privacy policies. They can also strengthen their compliance posture by developing a security awareness training program that leverages e-learning to educate employees about existing policies and compliance frameworks.
That's where Metacompliance come in.
Metacompliance is a provider of Simulated Phishing, eLearning, and Policy Management software. Its solutions help educate employees about internal policies and compliance structures.
For more information on how Metacompliance can help your organisation maintain compliance, please click here.