Good morning and thank you to the User Group for inviting me to give the keynote speech today.
Some of you may have heard me speak at this conference last year – new into my role and green behind the ears but I must have said something right to be invited back a second time!
So, I’m delighted to be asked to speak again to an expert group who can help shape the future regulatory landscape of CCTV. But before I look to the future I want to look to the past.
By the past I mean my past, what I have been doing since I was appointed to this role a year ago.
When I was appointed I was keen to build up a good understanding of the industry from manufacturer to installer to end user as well as members of the public. To do this I spent much of my first year ‘on the road’ on visits or speaking at events like this.
The time I’ve invested in doing this has been invaluable to help me understand the issues and challenges facing the industry. I’m working actively with the industry and through my Advisory Council and Standards Board – which the User Group are represented on – to start to address these.
I’ve been working with relevant authorities under the Protection of Act – Police Forces and Local Authorities. Working with them to meet their legal requirement and adopt the guiding principles in the code of practice.
I’ve been looking beyond relevant authorities too and have been speaking to universities, banks and residential social landlords to name a few about voluntarily adopting the code. And I’ve been speaking to manufacturers and installers too.
I have issued tools and guidance. I launched a self assessment tool in November – an easy to complete tool for users of CCTV to see how closely they are complying with the 12 guiding principles and identify what more they may need to do. It can be saved and published as a document on organisations’ websites – I’m sure you’ve all completed it?!
And in March I published a list of relevant technical standards on my website on GOV.UK fulfilling one of my statutory requirements – more of this in a moment.
So, what I have found out on my travels?
As I just mentioned the Protection of Freedoms Act places a statutory requirement on relevant authorities such as Police Forces and Local Authorities to pay due regard to the code.
I’ve seen great examples of how these organisations are going about meeting this requirement. In Essex a parking partnership have rolled out Body Worn Video to traffic wardens to combat physical and verbal abuse – almost 260 incidents in two years.
To me there does seem to be an obvious pressing need here and my team worked with them to ensure that what they are doing is code compliant.
They have in place a privacy impact assessment, have ensured that any data captured is secure and can’t be tampered with and have trained users to make sure they tell people when and why they are recording. I will be speaking to them shortly to see if the deployment of this technology has had resulted in a decline of attacks on their wardens.
Elsewhere, I’ve seen great examples in Birmingham and Sedgemoor in Somerset of Local Authorities carrying out reviews of their town centre CCTV systems leading to the removal of ineffective cameras and cost savings.
And the need to make savings is a key issue for all Local Authorities. The User Group has accused me in the past of not understanding the level of cuts facing parts of its membership. This is an accusation I reject completely.
I fully understand that public sector organisations are still in the maelstrom of challenging financial times. In this financial year alone (2015-16) councils in the UK will have to find £2.6 billion of savings – a mind-boggling figure!
Local Authorities have told me time and again the challenges they face, that we’re still in an economy where savings must be made in nearly every aspect of the services provided to the public. Public space CCTV in the UK is not a statutory function that Local Authorities must provide. I am now beginning to see evidence that councils are looking at reducing or already have reduced their CCTV provision.
I’ve seen councils in large towns like Blackpool and Derby stop monitoring their systems twenty-four seven. My understanding is that this is not as the result of a review or public consultation but simply to save money.
And as austerity measures continue to bite on public space CCTV will we see a deterioration of standards and training. One CCTV manager has told me financial constraints are leading local authorities to take measures that are threatening the levels of CCTV expertise within them. CCTV managers’ roles are being cut and supervisors with little or no knowledge of CCTV are being left to report to senior managers.
This is a worrying situation.
I am also concerned about the level of knowledge that Local Authorities have about the totality of public space surveillance cameras controlled by their organisation. And if they are all code compliant – remember that is a legal requirement.
I am sure that most town centre public space CCTV is inline with the code or fairly close. But I recently asked a large city centre council to do a survey of all public space surveillance cameras within it. What has come back is quite shocking but not unexpected.
Outside of the domain of the CCTV manager cameras are being used by traffic management, waste management, housing and environmental services.
I am sure that this kind of thing is happening in Local Authorities across the UK – breaches of the code that they have a legal requirement to pay due regard to.
No privacy impact assessments, no regular reviews and no familiarity of the code at all!
Elsewhere, I was recently contacted by a councillor who was concerned about a proposition for all taxis to have CCTV installed with no operational requirement, regard for the code or the ICO involvement in Southampton a few years ago
So, there is still a huge challenge to get all parts of Local Authorities code compliant but it’s one that I’m determined to overcome. I will continue to offer advice on how to comply with the code and where necessary meet minimum standards.
But the standards framework is horribly complex how do you know which standards are relevant? Well, I have published a list of relevant standards on my website. It sets out in plain English what each standard is and links through to the standards on BSI site should you wish to buy them.
This was not an insignificant a piece of work to get it simplified to this level which took my standards board a couple of months. The User Group are on my standards board and fed in views on your behalf but the feedback we’ve had from you (on behalf of the User Group) is that what we’ve done is still too complex!!
If anyone has any thoughts on what more I need to do please let me know.
I know that some councils are meeting BS7958 which you will all know is the British Standard for operating CCTV in a control room. Attaining this standard really demonstrates that you have a well run control room but only a handful of councils have achieved this standard, around 2 to 3 per cent.
Yes – these standards do cost money and as I just said the public sector in particular is still feeling the pressure of the recession. Although, I’m told that if you wanted to pay for all the possible standards you could have in relation to a CCTV control room it would cost £1,402.00 (or £701.00 if the organisation is a member of the BSI). That is not to say that every standard needs to be purchased.
Obviously there is also the requirement of time and staff resource to facilitate the visit to check you’re meeting the standard.
But to my mind that is not a huge amount – how much has your organisation paid to be here today or to be a member of this Group? I’m not suggesting for one minute that being a member of this Group is not money well spent – it is.
But is not meeting a certain standard money well spent and sharing that information with the public so they know the system protecting them is effective and efficient.
It’s somewhat ironic that where BS7958 is being met it is mostly where a Local Authority is contracting in an organisation to run their CCTV operation – to ensure they meet a certain standard!
And I’m not in the camp that thinks CCTV managers must know the detail of every standard and a number may not be relevant depending on your set up.
I was speaking to a public space CCTV manager a few weeks ago who said to me that there was no way he would be able to or need to know the details of all possible relevant standards. He needs an overview of the standards and be able to put trust in others that they are being met.
Whilst there are some that will want to know the minute detail of every standard I don’t believe we need a sector full of technocrats. I completely get that for some standards and knowing where to find relevant information can be difficult, even daunting.
Some of you may be aware that the BSI held some workshops at the end of last year looking at the standards framework – you may have attended one?
The report that followed the workshop highlighted a number of recommendations to take forward. To meet several of these, a further project has been agreed, to help with delivering the aim of a national framework of information for CCTV.
A key aim is to help develop more specific guidance and create an information hub, whilst also helping to clarify, harmonise and simplify existing guidance. This is something we are working on.
One of my objectives is to review the operation of the code and report back to the Home Secretary. How is it working? Is it working? What works well and what needs to change?
I’m reporting back this autumn.
But more than that I want to explore the regulatory landscape that CCTV occupies so I can provide some real recommendations to ministers that will make it better and improve it. And by improve it I mean improve it for all – installers and manufacturers, operators and managers as well as the police as end users and members of the public.
I’ve already spoken about standards and as part of this review I’m determined to highlight what can be done raise standards across the board and simplify what already exists.
So, how can we raise standards?
This can be done in many ways and I was discussing this with a colleague on my Standards Board recently. We we’re talking about whether there need to be statutory minimum standards. Something in legislation that sets a bare minimum that everyone must legally meet.
After some discussion he said to me “Tony – you need to be careful about setting minimum standards in legislation as you may very well see a race to the bottom.”
I think it’s clear what he meant in that if there is a minimum that is all people will strive for – they won’t go over and above it, it becomes the lowest common denominator.
Is a minimum standard mandatory certification – my team are developing a certification model with the NSI and SSAIB which I hope we will launch in the autumn. It’s not mandatory but there will be different levels of certification with a ‘lite’ version where you self certify and it’s checked by an assessor costing around £75 – hardly blowing the budget!?
Another area I’m keen to look at as part of the review is who should have to ‘pay due regard’ to the code, who must comply with it. This was one area of fervent debate when the Government consulted on the code in 2013 – Government opted for an incremental self-regulated approach.
As you know only relevant authorities must pay due regard to the code and that only accounts for around five per cent of cameras.
But what about all the other places that the public have access – Universities, Football Stadiums and shopping malls but to name a few. All places that a member of the public would probably consider as public space.
When someone walks form a street monitored by Local Authority CCTV in to a shopping mall monitored by a private company do they consider themselves in a public space – I would hazard a guess that they do. So, why must one organisation comply with the code whereas it’s voluntary for the other?
Should anyone operating CCTV that monitors public space have to comply with the code? Would they have to do much more than they are already doing such as comply with the data protection act.
Also what do people believe a public authority to be – should it include residential social landlords who’ve taken over housing departments of councils? Should it include large travel operators like Transport for London? Currently it doesn’t – organisation like these own and operate tens of thousands of cameras.
So, I’m keen to explore who should have due regard and want to tap in to your expertise.
Sanction and inspection
One thing that has been levelled at the code and my role is that it lacks teeth. This is a fair comment I think. I don’t have any powers of sanction or inspection. So if a relevant authority is not paying due regard to the code of practice there is not much I can do.
The government is committed to light touch regulation and minimal red tape for business – this is understandable. But I don’t think that ‘light touch’ regulation should be confused with doing nothing if organisations don’t comply with rules or regulations.
Should I have a stick to beat people with if those who are meant to comply fail to do so? How big should it be? What should it look like? I was once told embarrassment is a very powerful tool, if not the most – would a list of non-compliant organisation published for all to see suffice rather than a financial penalty?
I’m also keeping an eye on what is happening in Europe there are three research projects all nearing conclusion funded by the European Commission to the tune of 10m Euro.
They will be making recommendations to the Commission in due course. They talk about mandatory operational requirements, mandatory privacy impact assessments and mandatory certification.
By coincidence these are some of the areas my team have been working on but not from a mandatory perspective.
Of course these recommendations may not become reality but it is worth considering that they might.
I note that there’s a section of the User Group, perhaps it’s everyone? That likes to refer to itself as ‘grumpy old men’ – I think there’s an expert’s forum involving them tomorrow.
Whilst some may consider me to be old I’d hate to think of myself as grumpy, it just conjures up an image of someone who complains about the status quo and that’s all they do. They do nothing to influence a change, drive it forwards or improve it.
Of course I know the reference to grumpy old men in this group is tongue in cheek and there is a drive to make the industry the best it can be – recognised as one of the best in the world.
You may have heard a famous quote – “evil happens when good men do nothing…”.With this review it’s your chance to do something, to have your say and to make a difference.
You can play a key role here and can bring excellent insight to any extension or change to the regulatory landscape, tell us where we might need to introduce sanctions and where we could look at minimum standards across the industry.
I’m running a workshop later looking at the review of the operation of the code. I want to hear how you think it should develop and tell me what I should put in my recommendations to the Home Secretary in the autumn.
It’s an excellent opportunity for you to feed in your views. I’d like to think that I’ve achieved a lot in my first year and with your help we can do even more!
I hope to speak to lots of you this afternoon.