VeriFi provide a comprehensive compliance service throughout the UK for organisations responsible for operating CCTV, Automatic Number Plate Recognition & Electronic Access Control Systems.
To discuss your requirements call 020 36 330235
The service is provided on an annual contract and delivered by our in house team of specialists and includes the following:
To discuss your requirements call 020 36 330235
For serious and persistent Data Protection Act breaches the Information Commissioner has the power to levy penalties up to £500,000. The size of penalty imposed in the case of miss-management of CCTV is a matter for conjecture, however damage caused by sensational media attention may have a far bigger impact on you organisations reputation.
CCTV is the main focus of public attention due to its potential for invasion of privacy and other misuse, however any system that processes data which can identify an individual and tell you about their activity is regarded as Personal Data and comes under Data Protection Act legislation which is enforced by the Information Commissioner whose role is 'to uphold information rights in the public interest'.
Other Systems that process personal data include Automatic Number Plate Recognition, Body Worn Cameras, Electronic Access Control, Biometric Recognition, Voice Recording and Aerial Surveillance Drones.
Our service is provided on an annual contract and delivered by our in house team of specialists and include the following:
It's important that everyone involved in the processing of data knows what company policy is. We develop a policy for you based on our generic document, this becomes accessible online for all stakeholders to refer to. It is made site specific and acts as the benchmark by which compliance is measured.
In the case of multi tenanted premises it can become contentious when a tenant is refused CCTV or Access Control Data on the grounds of Data Protection Act infringement, this need not be the case provided a Data Sharing Agreement is in place. Our online document enables you to respond positively to tenants requests.
Leaving aside the legal obligation, if your CCTV surveillance impacts on your neighbours right to privacy, media attention could be hugely embarrassing if an infringement were made public. We check the achievable views of every camera and make recommendations backed up by photo screenshots.
Our report includes photo screenshots of the views achieved by each camera and public space surveillance camera locations are mapped for reference purposes and any shortfall in performance or compliance are bought to the attention of the client.
Unless your CCTV is regularly checked by those responsible for managing it you can never be sure that it is actually working effectively, or that anyone on site is capable of operating it.
Murphy's Law states that it will be the CEO of your biggest tenant who has his Porsche vandalised and then demands CCTV evidence, this is when you discover that the recording hard drive crashed unnoticed six weeks ago!
We believe that whoever is responsible for security should fully engage with the CCTV system and be fully conversant with it and understand its purpose.
An automated email is sent to site at predetermined intervals, (shift change, once in 24 hours, weekly or monthly) promoting the responsible person to log on and check; camera performance, time & date display and play back. Any faults logged are automatically sent as an email précis to whoever is responsible for sanctioning repairs, this can then be forwarded to the service provider with a work instruction.
Subject to certain conditions, we all have the right to access personal data held by others, if for instance you believe that you have been recorded on CCTV, under Data Protection law you have the right to have a copy without needing to explain why. All you need do is make application in writing and provide basic information to prove your identity, the maximum you can be charged for this is £10.
It is the responsibility of the organisation responsible for the CCTV to ensure that any recording handed over does not include recognisable or identifiable images of unconnected parties.
The VeriFi service will manage the whole process for you including redaction (blurring) of non-compliant images, the cost is included in our annual service charge.
Subject to availability of internet access all management activity is logged on our secure Cloud based software which enables instant access to records by authorised stakeholders. An alternative paper based compliance package is also available and supply of consumables is included in our service charge.
In an ideal world data should be securely stored on the systems hard drive and only be downloaded to controlled WORM (Write Once Read Many times) media and be the subject of a robust audit trail. The current trend towards networked systems makes the security of data more challenging than ever before, whatever the case we will work with you to develop an achievable and realistic solution.
Security contractors staff who work as an operatives using closed circuit television (CCTV) equipment to:
Must be Public Space CCTV Licenced by the Security Industry Authority.
This includes the use of CCTV to record images that are viewed on non-CCTV equipment, but excludes the use of CCTV solely to identify a trespasser or protect property.
We will check whether operatives hold CCTV licences and make recommendations where appropriate.
Any non-compliance noted during the site visit will appear as an overall % KPI and as you resolve any issues so the KPI will auto-reset until you achieve 100% It couldn’t be simpler.
We are here to help, if there are any issues you need advice on simply email us with your enquiry and we will respond within a maximum of 24 hours.
Our Unique Cloud base software package enables us to offer an unbeatable value for money service inclusive of all supplies, subject access request editing and help-desk support. One annual payment covers everything described on this site.
PRIVACY IMPACT ASSESSMENT
CCTV STATUS CHECK
SUBJECT ACCESS REQUEST
SIA PUBLIC SPACE CCTV LICENCE
This Q&A has been compiled with the intent of clarifying responsibilities and relationships as they apply in the case of commercial premises managed by a Landlord or Managing Agent.
WHO IS RESPONSIBLE FOR DPA COMPLIANCE?
Data Controller (Landlord/Managing Agent) has the ultimate legal responsibility to ensure DPA compliance and register with the Information Commissioners Office (ICO) and provide a Data Policy for the guidance of stakeholder’s.
Data Controller for the Site (FM or RFM) an employee of the Data Controller responsible for implementation of the Data Policy and management of the various data systems on a day to day basis if the site does not have a Data Processor.
Data Processor (Security Operative) an employee of the Security Service Provider subordinate to the Data Controller for the Site and responsible for the day to day management of the various data systems.
Auditor an independent individual/organisation appointed by the data controller responsible for audit of management process and assessment of system efficacy and privacy impact assessment.
DOES DATA PROTECTION ACT COMPLIANCE RELATE ONLY TO CCTV?
No this is a common misconception; any data processing that can identify an individual and tell you about their activity comes under the Act, in Security / FM applications this includes; Photo ID Badge production, Electronic Access Control, Automatic Number Plate Recognition, Voice Recording, Body Worn Cameras, Surveillance Drones and use Mobile Phone Data. If any of these systems are employed the Data Policy must include reference to them.
TENANTS OF MULTI-TENANTED COMMERCIAL PREMISES OFTEN ASK FOR COPIES OF CCTV RECORDINGS AND ACCESS CONTROL DATA, SHOULD WE COMPLY WITH THESE REQUESTS?
Not without sanction from the Data Controller, who should have a formal Data Sharing Agreement in place with the Tenant who must be correctly registered with the Information Commissioners Office.
IS THERE A LEGAL REQUIREMENT THAT AN ANNUAL AUDIT & ASSESSMENT MUST BE CARRIED OUT?
Any legal requirement is on the Data Controller, to ensure that CCTV and the various other systems are compliant with the Data Protection Act. It is therefore important that an annual review of management processes, systems capability and data policy is carried out. To ensure unbiased reporting it is important that an independent organisation is appointed to carry out this review.
WHAT DPA REQUIREMENTS SHOULD BE INCLUDED IN THE SECURITY SERVICE PROVIDERS ASSIGNMENT INSTRUCTIONS?
The primary point of reference should be the Data Controllers Data Policy although it is good practice to include a précis of the operational aspects in the Assignment Instructions for the guidance of the security team.
The Cloud Based alternative to security related paper records.
AUDIT & ASSESSMENT
A comprehensive Audit service that includes CCTV, EACS, ANPR & Voice Recording.
DOCUMENTATION & MEDIA
A range of CCTV Compliance Products that provide practical solutions to CCTV management.
A service that ensures DPA compliance when issuing recordings to subjects requesting CCTV.
We have led the UK CCTV compliance market since 1998 and from the early days of VHS tape based recording our continuing evolution has kept pace with the demands of a fast moving industry.
Whilst we continue to deliver the best in traditional paper based compliance documentation, we took the lead in developing a Cloud based audit and assessment service in 2010 which we now deliver throughout the UK.
Since then we have gone on to develop a unique package enabling Landlords to share CCTV & EACS images and data with tenants whilst complying with Data Protection Act legislation.
A natural progression led us to grow a multi discipline Cloud based Facilities Management Support tool badged as VeriFi Eidos, although we are pleased to develop bespoke solutions to run on the clients own server.
The combination of our innovative approach and the power of the Cloud to deliver everywhere in real time is best illustrated by our bringing the Daily Occurrence Book and Operator Logging into the 21st century. What was a paper based record kept by the security team is now an instantly accessible record of daily activity, available on a need to know basis, to those involved in the management of a single building or extensive property portfolio.
The scope of our services will continue to grow and develop, we don't have all the answers, but only because some questions are still waiting to be asked.
Finance & Admin Director