Warning for councils on CCTV data risks

A privacy expert is calling for a national review by councils of the public safety benefits of CCTV cameras after a recent audit found surveillance data were vulnerable to privacy breaches.  

David Vaile, a leading privacy and information security expert, says that a recent report from Victoria’s Auditor-General has cast serious doubts on whether the supposed public safety benefits of CCTV usage outweigh any potential risks, such as privacy breaches.

David Vaile

The auditor’s report, released last month, found that inadequate policies, weak oversight and poor compliance with privacy laws are plaguing Victorian councils’ CCTV security systems and putting personal information at risk.

In a random audit of five Victorian councils, auditor Andrew Greaves found that none could demonstrate they were adequately protecting the privacy of information collected through CCTV systems in line with the relevant legislation or internal policies.

All five councils were found to have gaps in CCTV signage, inadequate procedures to support policy governing CCTV management or a lack of oversight and enforcement – placing the information at risk of inappropriate use or unauthorised disclosure.

Given those findings, Mr Vaile says that a national review by councils of the evidence behind the purported public safety benefits of CCTV surveillance is “absolutely what needs to happen.”

Mr Vale, who is executive director of the Cyberspace Law and Policy Centre at the University of New South Wales, said the audit unveiled a systematic failure by councils to effectively manage CCTV systems – and cast doubt on whether the purported benefits outweigh these risks.

“Councils and council members and senior staff are typically not focused enough on some of the key questions that should surround CCTV including question of governance, improper use and data security,” he told Government News.

Concerns over the use of CCTV by councils are not limited to Victoria, he says, pointing to a recent decision from a NSW Tribunal on the use of CCTV by Shoalhaven Council which he says “found a similar array of concerns.”

“As we can see from the Victorian Auditor-General report and the NSW Shoalhaven City Council case, the actual benefits of CCTV are likely to be extremely low and outweighed by the possible harms and risks both of data loss and breach and misuse but also of the introduction of a culture of constant surveillance.”

Mr Vaile, who is also a chair of the Australian Privacy Foundation, said there are doubts over whether these CCTV systems are delivering law enforcement or criminal prevention benefits and that “all costs and risks outweigh the benefits.”

The use of these cameras within councils is largely a ‘political benefit’ to councillors, Mr Vaile said, despite there being no evidence-based review of their efficacy.

The Shoalhaven case in particular raised doubts about whether council CCTV systems are delivering public safety benefits.

“I’m very persuaded by the in-depth evidence-based review of Shoalhaven that says there’s a real question mark about the crime prevention effect of these CCTV systems.”

Mr Vaile said that he hopes the Victorian Auditor-General’s report is an indication that concerns around privacy breaches will be addressed.

“I can only hope that it’s a sign of an increased, elevated focus on potential abuses or breaches of personal information.”

Rebuilding public trust

The Victorian auditor said that councils must look to strengthen their privacy protections when using CCTV cameras, with a number of local government CCTV systems not up to standard with Victorian privacy laws.

He made 11 recommendations to all councils including to update their CCTV policies to improve compliance with the Privacy and Data Protection Act, ensure CCTV systems comply with the policy before installation and develop site-specific operating procedures in line with the PDPA.

The audit also recommends councils allocate responsibility for oversight to a senior manager and implement regular reporting, include a periodic audit of CCTV systems and data security, and update all CCTV signage.

Clear policies to govern the use of CCTV cameras are needed and must be supported by stringent procedures and improved oversight to ensure compliance, Mr Greaves found.

Comment below to have your say on this story.

If you have a news story or tip-off, get in touch at editorial@governmentnews.com.au.  

Sign up to the Government News newsletter.

Leave a comment:

Your email address will not be published. All fields are required