Here we look at a recent incident involving traffic cameras which flags this issue - and provide some recommendations and tips for minimising risks.
Personal data that was gathered from an ANPR (automatic number plate recognition) system utilised by Sheffield City Council and South Yorkshire Police has been accidentally made available to the public through a website.
An information security expert found that the internal management dashboard of the camera system could be accessed via a web browser by entering the ANPR system's IP address. This exposed the details of thousands of motorists, and it has been reported that there were a total of over 8.5 million records of vehicle movements, which could be searched via the dashboard.
Both Sheffield City Council and South Yorkshire Police have taken steps to address the issue, and the information is no longer available to the public. They have confirmed that they will be taking joint responsibility for working to address the breach, and the Information Commissioner's Office (ICO) has been informed of the incident and will also be investigating.
Areas that will likely be considered include:
Tony Porter, Britain's Surveillance Camera Commissioner has confirmed that he will be requesting a report into the incident, and hopefully this should assist in fleshing out responses to the concerns of the public.
When considering utilising a new technology we recommend that organisations proceed with caution, and ensure that all angles have been contemplated, and risks mitigated, before implementing privacy intrusive technology, such as surveillance cameras.
In our experience, well intentioned solutions which take advantage of the latest technology to assist with specific projects (such as monitoring the carbon emissions of densely populated cities) can become subject to 'purpose creep', whereby the use of the technology expands into areas which had not previously been considered. This is usually done without due consideration for the privacy implications, and a solution which was carefully mapped out to ensure it was proportionate to the original aims, is suddenly being used to assist in areas which were not originally anticipated.
Our top tips for organisations who are considering the use of such surveillance technology include: