DPI16_Banner_300x250 WITH COPY

By Terry McQuay, CIPP, CIPP/C

Video Surveillance in Mass Transit Systems

On March 3, 2008 the Information and Privacy Commissioner of Ontario, Ann Cavoukian, released Privacy Investigation report MC07-68, titled "Privacy and Video Surveillance in Mass Transit Systems: A Special Investigation Report."

This special report was prompted by a complaint received by the commissioner from Privacy International regarding the Canadian expansion of the use of video surveillance cameras in Toronto's mass transit system (TTC). In addition to investigating the complaint, the commissioner expanded the report to include a review of the literature and an examination of the role that privacy-enhancing technologies can play in mitigating the privacy-invasive nature of surveillance cameras.

In 2001, the commissioner's office issued Guidelines for the Use of Video Surveillance Cameras in Public Places (the Guidelines). The guidelines were updated in 2007.

Before deciding whether to use video surveillance, the Guidelines recommend that organizations consider the following:

  • A video surveillance system should only be adopted after other measures to protect public safety or to deter, detect, or assist in the investigation of criminal activity have been considered and rejected as unworkable. Video surveillance should only be used where conventional means (e.g., foot patrols) for achieving the same law enforcement or public safety objectives are substantially less effective than surveillance or are not feasible, and the benefits of surveillance substantially outweigh the reduction of privacy inherent in collecting personal information using a video surveillance system;
  • The use of video surveillance cameras should be justified on the basis of verifiable, specific reports of incidents of crime or significant safety concerns;
  • An assessment should be made of the effects that the proposed video surveillance system may have on personal privacy and the ways in which any adverse effects may be mitigated;
  • Consultations should be conducted with relevant stakeholders as to the necessity of the proposed video surveillance program and its acceptability to the public;
  • Organizations should ensure that the proposed design and operation of the video surveillance system minimizes privacy intrusion to that which is absolutely necessary to achieve its required, lawful goals.

Once a decision has been made to deploy video surveillance, the Guidelines set out the manner in which video surveillance cameras should be implemented in order to minimize their impact on privacy.

In the Special Report the commissioner's investigation concluded that:

  • the information collected by the TTC's video surveillance cameras qualifies as "personal information" as defined under section 2(1) of the Municipal Freedom of Information and Protection of Privacy Act (the Act);
  • the collection of personal information by the TTC's video surveillance cameras is in compliance with section 28(2) of the Act;
  • the Notice of Collection is provided to TTC passengers in compliance with section 29(2) of the Act;
  • the disclosure of personal information to the Toronto Police Services is in compliance with section 32 of the Act;
  • the TTC has adequate security measures in place to safeguard the personal information collected. However, the TTC should amend its policy to require that all employees dealing with the video surveillance system sign a written agreement regarding their duties, including an undertaking of confidentiality;
  • the TTC has proper destruction processes in place for recorded information that is no longer in use;
  • the TTC should amend its retention periods for video surveillance images that have not been used from the current maximum of seven days to a maximum of 72 hours;
  • as the TTC expands its use of video surveillance cameras in the public transit system, it must take additional steps to inform the public, by publishing general information on its Web site and by holding more extensive consultations, possibly in the form of town hall meetings;
  • the TTC must ensure that its video surveillance program is subjected to an effective and thorough audit conducted by an independent third party, using the GAPP Privacy Framework.

In light of these conclusions, the commissioner made 13 recommendations to the TTC that would enhance the protection of personal information collected through its video surveillance system.

Terry McQuay, CIPP, CIPP/C, is the Founder of Nymity, which offers Web-based privacy support to help organizations control their privacy risks. Learn more at www.nymity.com.


If you want to comment on this post, you need to login.


Board of Directors

See the esteemed group of leaders shaping the future of the IAPP.

Contact Us

Need someone to talk to? We’re here for you.

IAPP Staff

Looking for someone specific? Visit the staff directory.

Learn more about the IAPP»

Daily Dashboard

The day’s top stories from around the world

Privacy Perspectives

Where the real conversations in privacy happen

The Privacy Advisor

Original reporting and feature articles on the latest privacy developments

Privacy Tracker

Alerts and legal analysis of legislative trends

Privacy Tech

Exploring the technology of privacy

Canada Dashboard Digest

A roundup of the top Canadian privacy news

Europe Data Protection Digest

A roundup of the top European data protection news

Asia-Pacific Dashboard Digest

A roundup of the top privacy news from the Asia-Pacific region

Latin America Dashboard Digest

A roundup of the top privacy news from Latin America

IAPP Westin Research Center

Original works. Groundbreaking research. Emerging scholars.

Get more News »

Find a KnowledgeNet Chapter Near You

Network and talk privacy at IAPP KnowledgeNet meetings, taking place worldwide.

Women Leading Privacy

Events, volunteer opportunities and more designed to help you give and get career support and expand your network.

IAPP Job Board

Looking for a new challenge, or need to hire your next privacy pro? The IAPP Job Board is the answer.

Join the Privacy List

Have ideas? Need advice? Subscribe to the Privacy List. It’s crowdsourcing, with an exceptional crowd.

Find more ways to Connect »

Find a Privacy Training Class

Two-day privacy training classes are held around the world. See the complete schedule now.

Online Privacy Training

Build your knowledge. The privacy know-how you need is just a click away.

The Training Post—Can’t-Miss Training Updates

Subscribe now to get the latest alerts on training opportunities around the world.

New Web Conferences Added!

See our list of upcoming web conferences. Just log on, listen in and learn!

Train Your Staff

Get your team up to speed on privacy by bringing IAPP training to your organization.

Learn more »

CIPP Certification

The global standard for the go-to person for privacy laws, regulations and frameworks

CIPM Certification

The first and only privacy certification for professionals who manage day-to-day operations

CIPT Certification

The industry benchmark for IT professionals worldwide to validate their knowledge of privacy requirements

Certify Your Staff

Find out how you can bring the world’s only globally recognized privacy certification to a group in your organization.

Learn more about IAPP certification »

Get Close-up

Looking for tools and info on a hot topic? Our close-up pages organize it for you in one easy-to-find place.

Where's Your DPA?

Our interactive DPA locator helps you find data protection authorities and summary of law by country.

IAPP Westin Research Center

See the latest original research from the IAPP Westin fellows.

Looking for Certification Study Resources?

Find out what you need to prepare for your exams

More Resources »

GDPR Comprehensive: Spots Going Fast

With the top minds in the field leading this exceptional program, it's no wonder it's filling quickly. Register now to secure your spot.

Be Part of Something Big: Join the Summit

Registration is open for the Global Privacy Summit 2016. Discounted early bird rates available for a short time, register today!

Data Protection Intensive Returns to London

Registration is now open for the IAPP Europe Data Protection Intensive in London. Check out the program!

P.S.R. Call for Speakers Open!

P.S.R. is THE privacy + cloud security event of the year, and you can take a leading role. Propose a session for this year's program.

Sponsor an Event

Increase visibility for your organization—check out sponsorship opportunities today.

Exhibit at an Event

Put your brand in front of the largest gatherings of privacy pros in the world. Learn more.

More Conferences »

Become a Member

Start taking advantage of the many IAPP member benefits today

Corporate Members

See our list of high-profile corporate members—and find out why you should become one, too

Renew Your Membership

Don’t miss out for a minute—continue accessing your benefits

Join the IAPP»