Banks and Building Societies CCTV Video GDPR compliance
How can banks, building societies and high street retailers comply with CCTV/Video data privacy regulations? High Street banks and building societies are largely open environments in which anyone can access external areas such as car parks, and internal areas from reception to customer service areas. There are risks of theft, abuse, shrinkage and other criminal activities. Most banks have introduced CCTV cameras to monitor and prevent or punish crime.
The most common reasons to introduce CCTV in banks are:
Prevent robberies as banks continue to be high-stakes targets for criminals looking for a big pay out.
Crime investigation in cases of robbery or fraud when bank security camera images can be used to identify suspects.
Prevent fraud with video surveillance systems and video analytics that help to fight fraud by recording transactions.
Digital storage of surveillance footage that is efficient and allows for advanced search to pinpoint incidents.
GDPR, privacy protection and CCTV risksBanks are public places that demand high security, and the use of video surveillance within them is a widely accepted practice, however under GDPR video footage is considered to be data, so each person’s privacy must be protected.
On a positive note the same camera systems can be used to generate customer insight and to create better costomer epxeriences. Although video is important for the security aspects of the banking industry, it is not the only part of the business that it benefits. Many banks and building societies are now looking at the security system as a management tool to see how video surveillance can drive business efficiencies. Analytics provides the ability to capture big data that generates beneficial information for the wider business.
With the advent of GDPR – which treats images of people as data – there are strict guidelines about video recording, sharing video and redacting people to protect their privacy. When requests are made by third parties for copies of video footage – by the police, other agencies, or the public – the CCTV footage must be handed over within a predetermined period in a compliant manner.
Facit’s Identity Cloak provides a fast, cost-effective way to redact (mask) the faces or full bodies of people in video footage so that their privacy is protected. Identity Cloak provides an ideal alternative to costly bureau services. In-house users report that Identity Cloak is easy to use and enables them to turn around compliant video footage in minutes.
Criminal activity in the high street and retail outlets increases the need for vigilance and video
Possession of weapons, assault, racial abuse, arson, threats and theft are are among the crimes reported in and near retail outlets across the UK.
The overall total direct cost of retail crime has risen by six per cent from £660 million to just over £700 million, with crime in all categories growing except for fraud [Retail Gazette]. As crime increases so the number of requests for CCTV footage, as evidence, have increased, which places cost, administrative and resource burdens on retailers.
As the use of CCTV equipment and cameras, so the need for effective compliance measures increases. Facit advises banking and finance organisations and building societies with open access and high footfall on how to treat, store and share video footage in a compliant manner. For the majority of banking operations, Identity Cloak offers a cost-effective in-house solution that enables users to address the problem of crime without compromising people’s data privacy.
Where to find advice on the use of CCTV surveillance
Below is a standard industry checklist on the use of CCTV. If you are planning to install CCTV, consider the following points:
- Record your reasons for installing CCTV and ensure they are proportionate and legitimate, such as crime prevention. The ICO says the use of CCTV should be reviewed each year. Seek advice from your Data Protection Officer (DPO), if necessary.
- Ask one person within the organisation, ideally the data controller, to be responsible for ensuring your CCTV system complies with the law and your duty to protect staff, suppliers and customers.
- Seek professional advice about the most appropriate surveillance technology, the location of cameras, facial recognition, time/date stamps, etc. As with any third party supplier, put in place a contract which includes guarantees about issues such as security and confidentiality when processing images.
- Install clearly visible signs that state that CCTV cameras have been installed.
- Restrict access to stored CCTV images and only view them in a secure area. Do not retain images for longer than necessary, unless they are needed as evidence.
- Do not disclose images of staff, suppliers or customers without consent, except in exceptional circumstances when this can be justified in the public interest. Where other people are recorded on the same footage, their image should be blurred to protect their privacy.
Further useful reading is available in The Government’s Surveillance camera code of practice, which was published in 2013.