Persons of Interest

During the annual Data Compliance Audit of a major shopping centre by VeriFi it was found that the method of circulating images of Persons of Interest within the security team and tenants was poorly controlled leaving both the Data Controller (Managing Agent or Landlord) and Data Processor (Security Guarding Service Provider) exposed to a serious Data Breach prosecution. VeriFi was able to provide a hard copy supplement to its standard data management pack to bring compliance to this issue.

It is not unusual for management of images of Persons of interest to fall into two camps, on the one hand the data breach risk is perceived as being too difficult to manage and the decision is made to avoid the process altogether. On the other hand no thought is given to data compliance and screen prints are handed out with no control whatsoever.

The hard copy documentation that we provided was adequate in this instance, but it did trigger the thought process that we should add a Persons of Interest module to our EIDOS integrated Computer Aided Security Management system.

The resulting EIDOS Persons of Interest module is an important tool for managing distributed images of individuals suspected of criminal or terrorist activity, hostile reconnaissance, anti-social behaviour or banned from the area of surveillance. Formal cradle to grave management of suspects images is vital in order to avoid Data Protection breach issues

The reason for including a persons image in a database is a data protection requirement that must be documented. Without this step being completed we have made it impossible to upload an image. This safeguard is designed to prevent the casual unauthorised distribution of peoples images.

Images are password protected and may be viewed by the security team and other authorised stakeholders on their PC or Smartphone. Any printed copies are watermarked with a Unique Reference Number and bear the text ‘NOT TO BE DISPLAYED IN PUBLIC VIEW issued by (Name) on behalf of Name of Data Controller for (Name of Company)’

Building occupiers who are registered as Data Controllers with the Information Commissioner’s Office (ICO) may be allowed access to the Persons of Interest database subject to a data sharing agreement included in the EIDOS process.

Persons of Interest interfaces with the EIDOS Guard Patrol and Activity Log enabling real time distribution of images to the security team who can also capture and transmit images for approval and entry into the database.

The Data Protection ‘Right to be Informed’ requirement does not apply where video images are employed for the lawful basis of alerting interested parties to the presence of a person of interest for the public good and security of commercial interests as directed by the Data Controller for the premises.

The need for archive retention must be routinely reviewed and all copies must be permanently deleted or otherwise destroyed when retention can no longer be reasonably justified. EIDOS Persons of Interest prompts and records routine archive reviews.

Why not get in touch and see how we can help?

We’re ready to lead you into the future of Computer Aided Security Management, get in touch with us today and find out how easy it can be to ditch those inefficient paper records

Get in touch