By Mike McCafferty
Mike McCafferty ASP, CPP is an Accredited Security Professional and Certified Protection Professional with over 25 years of experience in corporate security, forensic healthcare security, law enforcement, Provincial and Municipal government environments. The opinions expressed below are formed from considerable experience in conducting the analysis of risk and threat, residential assessments, privacy impact assessment, commercial vulnerability analysis, and extensive experience in developing Privacy Management Programs.
The recent privacy investigation into Cadillac Fairview, where more than five million images of Canadian shoppers were collected through facial recognition software, made me think about the many security pitfalls I’ve seen in my career, especially when it comes to video surveillance.
If you’re not familiar with privacy management policies, then you can easily be in breach of many federal and provincial privacy laws. Here are my top three privacy pitfalls, and how to avoid them.
Most privacy laws require the organization conducting video surveillance to post a clear and understandable notice about the use of cameras on its premises to individuals whose images might be captured before these individuals even enter the premises. This gives people the option of not entering the premises if they object to the surveillance.
While conducting assessments, I’m often shocked to see that quite often, both public and private sector organizations either don’t provide proper notification in order to gain this consent or don’t even bother to have any signage or notice whatsoever.
Tip: Make your notice clear and put signage in places where individuals can clearly read it before entering your premises.
Security and crime control concerns are the most common motivating factors for the deployment of video surveillance cameras. Many organizations, however, make the mistake of assuming that the Closed Circuit Television (CCTV) installers know what’s best when it comes to establishing whether video cameras are required.
CCTV installers are very good at installing and connecting camera systems to meet specific performance requirements, but many are not well-versed in assessing security risks, establishing the location-specific objectives of video surveillance, or identifying and communicating the legal privacy standards to their clients. With the greatest of respect to the many excellent camera installers out there, if you have a CCTV installer advising on the security safeguards you need, then chances are you are going to end up with, that’s right… CAMERAS!
What you need is a Security Consultant.
In British Columbia, installers and consultants are completely separate as far as Security Licencing professions:
Tip: Given the inherent intrusiveness of video cameras, you actually have to consider all less privacy-invasive means of achieving the same security before resorting to video surveillance. So get yourself a Security Consultant.
There are times when the organization has properly posted signage which states for “safety and security purposes” and yet uses the information they’ve gathered for performance management of employees, like arrival time, break lengths, and more.
Tip: Information collected through video surveillance should only be used for the purpose that surveillance is being undertaken, or for purposes that are permitted by law. Not for employee monitoring.
While video surveillance has its advantages, it’s important that you think of the privacy responsibility it comes with before you install them. Here’s a checklist to help you out:
If employees and customers are typically considered a business’s greatest asset, then their personal information must be considered one as well. Organizations should want to build and protect their assets, and personal information, as an asset, is no different.
If you are thinking about installing cameras or require assistance in building your Privacy Management Program, contact Lions Gate Risk Management Group today at firstname.lastname@example.org.