CCTV monitoring company employee spied on customers through their own camera systems.
In a class-action lawsuit filed in the US, several Florida residents allege an ADT technician, who had installed indoor security camera systems at their homes used the CCTV systems’ remote access to spy on them over a seven-year period.
One resident alleges that an ADT technician had granted himself remote access to the security camera he’d installed at her home and used it to secretly watch herself, her husband and their young son. She was informed the spying had occurred on not only herself but to hundreds of others over a seven-year period via ADT’s “Pulse” product, which allows users to check on their homes via live camera footage, lock or unlock doors, change the thermostat or turn on the lights, for example, via mobile app or web portal.
It is believed “large vulnerabilities in the ADT Pulse application” allowed any one of the company’s technicians to access customer’s ADT feeds.
If found proven a significant fine is anticipated against the Company and the individual concerned.
Installing, managing, and monitoring your CCTV systems is one of the easiest ways for your organisation to breach a person’s privacy rights.
This case reinforces the need for all organisations who use CCTV in any capacity to ensure:
- There must be clear responsibility and accountability for all surveillance camera system activities including images and information collected, held and used by the Data Controller or their Processors.
- Access to retained images and information should be restricted and there must be clearly defined rules on who can gain access and for what purpose such access is granted; the disclosure of images and information should only take place when it is necessary for such a purpose or for law enforcement purposes.
- Clear rules, policies and procedures must be in place before a surveillance camera system is used, and these must be communicated to all who need to comply with them.
- No more images and information should be stored than that which is strictly required for the stated purpose of a surveillance camera system, and such images and information should be deleted once their purposes have been discharged.
BLS Stay Compliant has years of expertise in advising on the installation and use of CCTV cameras to comply with the Human Rights Act and Data Protection Act, our Director was a member of the ACPO and UK Govt use of CCTV in Surveillance working group and provides advice and guidance on complying with the complex legislation.
If you need any assistance or support in making sure your CCTV systems and your processes comply with the law please get in touch: