14 Jun 2016
Porter will tell IFSEC attendees about an upcoming National Surveillance Camera Strategy

The Surveillance Camera Commissioner for England and Wales, Tony Porter, will be speaking at IFSEC International 2016 on how compliance with the U.K. Surveillance Camera Code of Practice can ensure that CCTV systems are operated proportionately, transparently and effectively.

Porter has certainly been busy in the two years since his appointment by the Home Secretary. He has the difficult job of balancing effective surveillance on the one hand with considerations for privacy and individual freedom on the other.

What is Surveillance Camera Code of Practice?

To help him achieve this, the Home Secretary published the Surveillance Camera Code of Practice in 2013, under the Protection of Freedoms Act 2012. The code sets out guidance on the appropriate and effective use of CCTV systems by “relevant authorities,” who must take it into consideration in the running of their surveillance systems.

“My role is to ensure CCTV systems are used to support and protect communities, and not to spy on them,” says Porter. “The 12 guiding principles of the code of practice aim to balance the need for cameras in public places with individualsright to privacy. If the principles are followed, it means that systems are only used proportionately, transparently and effectively.”

Other, mainly private, users are encouraged to adopt the code on a voluntary basis. Apart from overt surveillance, the guiding principles of the code also apply to drones, body-worn cameras and automatic number plate recognition systems.

CCTV system self-assessment

Flowing from the code of practice is a detailed self-assessment tool, with which those managing CCTV systems can ascertain whether or not they are complying with the code of practice.

Between 60% and 70% of
authorities have demonstrated
that they comply with the code
using the self-assessment process

“The self-assessment tool is a very good first step to demonstrate compliance with the code,” says Porter. “By encouraging authorities to publish the findings of their assessments, a conversation takes place with the public so they feel that surveillance is not being done to them, but that they are part of it. I call it surveillance by consent.” He estimates that between 60% and 70% of authorities have demonstrated that they comply with the code using the self-assessment process.

But what about those CCTV users who do not fall into the category of those required to use the code of practice? “We’re getting a great deal of uptake from the private sector,” says Porter. “We have worked with universities, banks, retailers, government departments and bodies like Transport for London. The incentive for them is that they can then tell their customers or stakeholders that they follow best practice and provide good security for them.”

Even in times of austerity and squeezed budgets, the self-assessment tool can have benefits. While some local authorities have declared there is no money and have walked away from their systems or reduced the extent of monitoring, others are using the tool as an opportunity to review whether their systems are working effectively and efficiently.

Independent verification of CCTV users

One step further in raising standards and accountability is the third party certification scheme for operators of public space surveillance camera systems. The scheme, launched last year, enables organisations complying with the code of practice to be independently verified. It is open to all users operating CCTV systems in a public space.

“Users can demonstrate compliance with the code by using a process that demonstrates integrity cost-effectively,” says Porter. “Certification is an outward sign of inward compliance and the process will help raise standards.”

Certification can be relatively inexpensive as well, with a typical cost of £300-£400 for a 50-camera system for the first stage of certification. “Step one certification is a desktop review of the system. The process is built on honesty but based on transparency, and is valid for one year. It is designed for organisations that are working towards full compliance with the code, but are aware they need more time to become fully compliant. We encourage people to approach step one certification as a natural follow-on from self-assessment, but certification is on the understanding that the organisation will work towards being in a position to apply for full certification. Step two (full certification) includes a full on-site audit of the system and is valid for five years, subject to an annual review.”

Porter wants to focus the thoughts and actions of users, suppliers, installers and consultants on the core requirements of the system by re-working the OR so that it facilitates compliance with the code of practice

Recommendations

Although introduced only in 2013, the commissioner has already carried out a review of the code of practice. Among his recommendations are:

  • Extending the definition of “relevant authorities” to cover all organisations that are publicly funded in any way, including bodies such as NHS trusts, education establishments and transport operators;
  • Introducing an obligation for authorities to publish their camera coverage in terms of systems, numbers, privacy impact assessments, self-assessments, certification and outcomes of annual reviews, with limited powers of enforcement in cases of non-compliance;
  • Encouraging the use of a “passport to compliance” using the Operational Requirement and system certification;
  • Producing a single code of practice on surveillance camera systems rather than having two (the Surveillance Camera Commissioner’s and the Information Commissioner’s Office) at present.

Revamping Operational Requirement (OR)

Among the further initiatives to come from the commissioner is the revival of the Operational Requirement (OR), which was last revised in 2009. The OR is used by designers of CCTV systems and consultants, but the intention is to revise its provisions so that it can become a key element of the passport to compliance.

Porter wants to re-work the OR so that it facilitates compliance with the code of practice by focusing the thoughts and actions of users, suppliers, installers and consultants on the core requirements of the system, therefore becoming a process and guidance manual.

As stated in the commissioner’s review of the code of practice: “Properly developed, the OR represents a key opportunity to ensure public monies are properly invested and CCTV industry specialists are held to account for products provided.” The revamped OR is due to go out to consultation soon.

Looking further ahead, Porter will tell IFSEC attendees about an upcoming National Surveillance Camera Strategy, due to go out for consultation in the autumn. The strategy aims to cover all stakeholders – manufacturers, designers, installers and end users – and to raise standards and compliance with the code of practice. “I see this strategy as being crucial to bring the many different and disparate parts of the sector to follow one strategy.”

“I’m determined to drive up standards right across the spectrum of the industry,” concludes Porter. “I believe the first two years of tenure in my post demonstrate that.”

Tony Porter will be speaking on a Passport to Compliance in the Security Management Theatre at IFSEC International in London on 21 June.