Video Surveillance and Data Monitoring: The Basics

It's getting easier to keep an eye on employees and customers, both in terms of video surveillance, with ever smaller and cheaper digital cameras, and data monitoring, with powerful tools for examining emails, web activity, and network packets. Done correctly, these surveillance activities can help deter or catch theft and fraud. Done poorly, however, surveillance can be expensive and ineffective, and can create legal risks and morale problems. Here are pointers on creating and communicating your policy, determining return on investment, and other video surveillance basics.

Questions and issues covered in this document include:

Why is the policy so important, and what should my corporate policy include?

Policy is important because mismanaged security surveillance is expensive and wasteful and can create legal and employee morale problems.

Four simple rules to follow:

1. Create a written policy that's fair and clear. This is the smartest step toward intelligent workplace surveillance, so it's a little surprising that so many organizations fail to do it. A video surveillance policy might state where cameras can be placed, as well as the fact that employees have no right to privacy in the general working areas of a facility. An electronic monitoring policy might state what forms of communication the company monitors; a very broad policy might include use a phrase such as "all electronic communication media including, but not limited to, e-mail, instant messaging, and web browsing". Some companies choose not to monitor so extensively. In any case, policies should also make clear the disciplinary consequences that can result from unprofessional employee actions caught on video or over the network.

2. Put the policy in your employee handbook and require an employee signature.

3. Periodically remind people being monitored of what the policy says. This helps with legal liability (so that, for example, an employee fired for breaking the policy can't file an effective 'wrongful termination' lawsuit using the "I wasn't notified of the policy" excuse). Also, simply communicating the fact that a company has a policy can act as a deterrent to potential wrongdoers.

4. Enforce the policy consistently and fairly. Otherwise, you send a confusing message to your employees and risk creating the appearance of favoritism. (This also means the policy needs genuine buy-in from upper management.)

I am concerned about employee morale if we institute a strict policy.

A key strategy is to communicate not only your policies and practices, but also the reasoning behind them. Here's a great example. In 1993, software company SAS built what's known as Building R on its Cary, N.C., campus. A security control center was located in the subbasement to monitor the new CCTV cameras that were being installed around the campus in lobbies, entry points and the campus day care. (Before 1993, SAS use of CCTV was minor.) However, SAS failed to anticipate the displeasure that spread its way through the employee ranks. Soon rumors started floating around that there were covert cameras. Questions arose: Why are they putting in cameras? What are they watching? Why do we need so much surveillance? "I had done my best to develop a relationship with the employees," says Miles Bielec, head of security at SAS. When the cameras came on the scene, he worried that he was about to take a giant step backwards.

Then Bielec had an inspiration. Because two sides of the control center were glass, he decided to turn the monitor banks around, so that the monitor screens faced outward. With this change, any SAS employee walking by the control center can see exactly what the cameras are being used to observe. "I told employees, come on down, you can see what we're looking at. We can show you how [the system] works; we'll let you play with the joysticks," he says. "That alone allayed the monitoring fears."

What Bielec came up against was a very open, creative corporate environment, not unlike that found on a college campus. To many employees, the installation of cameras screamed of Big Brother syndrome. Bielec assured employees that the system was more about customer service (such as letting employees back in the building if they accidentally got locked out during a smoking break), to give employees peace of mind and to keep an eye on more places than was otherwise humanly possible (data centers, for example).

If your policy is strict, but the reasoning and motivation is clearly explained, and if you also demonstrate a certain level of reasonableness in the way you handle surveillance and monitoring matters, it's likely that employees will understand.

I have a union workforce. Any special wrinkles I should consider as I write my policy?

Yes. Any introduction of surveillance into the workplace could be cause for a union grievance, according to the Labor Research Association. A report titled "Employer Snooping: What Rights Do Workers Really Have?" advises us "When a company seeks to introduce video surveillance, monitor e-mail, conduct random searches or other workplace surveillance policies, it is attempting to change working conditions, according to the NLRB. As a result, the terms of these policies are considered a 'mandatory subject' of collective bargaining and must be negotiated with the workers' union." It goes on to cite some examples of what a employer and union might negotiate, including allowing workers to defend themselves against accusations and agreeing that non-work areas remain camera-free.

On the technology side, the choices between CCTV and newer digital systems is difficult. How about some guidance?

Experts say video surveillance technology adoption is progressing over three phases:

Phase 1: Standalone CCTV systems. These are regarded as relative dinosaurs, but sturdy and simple. They will fade as surely as typewriters did.

Phase 2: Hybrid digital-analog systems. Sometimes networked, they use black-box digital video recorders (DVRs, essentially TiVo boxes). This represents the transition between old and new—such as those word processors that came after typewriters, but before PC programs.

Phase 3: Fully digital, networked IP-based surveillance. Here, video surveillance is just another node on the IT network. Cameras have IP addresses, controlled centrally with any number of software applications on top of the raw visual data.

Joseph Freeman's market research shows that CSOs are certain that they want to move off standalone closed circuit TV, but unsure that they're ready to move on to what they're being told is the more powerful, more dynamic future of video surveillance—fully digital systems. So they network their DVRs to get a few benefits of the new technology without a real commitment. They add some digital systems, while keeping CCTV with DVR. They're milking their old investments.

New digital technologies can pack some punch. One example: Pedro Ramos, director of loss prevention for Pathmark Stores, identified a problem universal to grocery stores. Most inventory shrink—shoplifting, employee theft and damaged goods—occurs at the point of sale. So he installed digital video that links to the cash registers at all of his stores. "I can look at the [the digital archive of the] register tape, pick out any item on that tape and be taken to the archived video of that moment in that transaction." This allows quicker response to incidents and deters theft. Recurring problems (such as a cashier who repeatedly mishandles egg cartons during scanning) can be identified and ameliorated quickly. "Almost immediately," says Ramos, "we've seen a significant decline in shrink."

Here are four considerations in support of newer technology.

1. Better visual data. Optics have vastly improved with the new generation of cameras, which, are more widely available. Dave Kent, CSO of Genzyme, says, "You can now buy equipment online that you used to have to go to some custom shop in an alley in New York to get. Good lenses. Low light. Thermal imaging. This stuff is smoking." Director of Corporate Security Sheila Bramlitt's bank, First Horizon National, helped solve a case involving kidnapping and homicide by using pictures captured from a camera at one of its ATM machines. "It looked like the person was posing for a portrait," she says. "We've come a long way from the blue-gray fuzzy blurs." With better resolution, one camera can cover a wider area, or digitally zoom for fine detail. Casinos love this.

2. Standard IT infrastructure. Historically, "You were tied to your supplier," says Joe Freeman, a security industry consultant and president and CEO of J.P. Freeman. IP-based video will allow CSOs to use the same servers and bandwidth as the rest of the company. What's more, cameras running IP over ethernet can have both data and power go through the same ethernet cable, with backup power on the same supply as the IT systems backup power supply. Prisons and areas vulnerable to wide-scale natural disasters love this.

3. Efficiency through centralized monitoring and automation. Simple math: When you have 30 sites worldwide, feeding video into a single control room instead of having 30 control rooms creates efficiency. Automated alarming further reduces the need to keep eyeballs fixed to screens everywhere. Digital archives are easier to access ("Tape," says one integrator, "basically requires a full-time employee.") Global companies with small sites love this.

4. New applications. It is software that will finally revolutionize video surveillance. Vendors are promising seemingly limitless applications to make video smart: Motion triggers, which can tell cameras to jump into high-resolution mode and track objects; software which can discriminate between a human form and, say, a skunk (thus reducing false alarms); applications which link video surveillance to access systems and safety systems, so that the surveillance system could call the fire department or help turn on sprinklers. Insurance companies love this.

Four caveats on digital IP video:

1. Digital IP surveillance requires a higher capital investment. The vendors will promise that despite this, they'll also provide higher returns faster. Make them prove it, like Pedro Ramos, director of loss prevention at Pathmark Stores, did. The cost of the cameras is actually negligible compared to application costs, storage costs, bandwidth costs, training costs, and, critically, security costs of using the Web to transmit image data and other security data. "They're making money in this industry, believe me," Genzyme CSO Dave Kent says.

2. New skill sets are needed. While CCTV was largely a monitoring game, the whole point of digital video surveillance is to reduce the need for eyeballs plastered to screens. It's a rules-based game. What triggers an alarm? A moving object? What kind? How is it moving? And when does it trigger? Only after hours or all day? It will require intense review and possibly modification of business processes. "What we're looking for is actionable intelligence," says Sandra Jones, a security industry consultant for Sandra Jones and Co. "That means we have to filter, filter, filter." IT expertise will also be required.

3. Information overload is a real threat. Sheila Bramlitt, director of corporate security at First Horizon National, says she could put surveillance everywhere, but that's just asking for trouble. A company would drown in visual data and false alarms. "That's where we go to risk analysis," she says. "We use our own case intelligence, public crime stats, lots of sources. We form this picture of where we need it most and start there. It's easy to use video surveillance. Using it efficiently is the challenge."

4. Buying now means not buying something better three months from now. Like a consumer buying a PC knowing faster, cheaper ones will be out tomorrow, CSOs have to make a leap of faith to get into digital video surveillance. This is a fact: The technology will continue to improve and come down in price. So when do you make that leap?

What are the best practices for handling and storing CCTV tapes?

1 2 3 Page 1
Page 1 of 3
7 hot cybersecurity trends (and 2 going cold)