In 2019, the NDPR (Nigerian Data Protection Regulations) was introduced which regulates and protects the processing of personal data of Nigerians and this has subsequently been adapted by Polar Afpro Ltd in accordance with the Law.
The Adopted Policy provides minimum policies and practices that must be present in any organization that handles and processes the personal data of Nigerians.
Some business owners have installed Closed-Circuit Television Cameras (CCTV) on their business premises for a variety of reasons, including security purposes and to monitor business activities.
The CCTV cameras capture the live video footage of any person who walks into the vicinity covered by the camera. The personal information which the CCTV cameras capture includes the photographic images, behavioral mannerisms, and activities done by persons who walk into the vicinity of the camera.
Some CCTV cameras are so powerful that they can penetrate dark spaces and zoom into minute details. The video footage from CCTV cameras can either be viewed in real-time and/or can be saved/recorded for later viewing. Both activities amount to the processing of personal data under the NDPR which must be done in accordance with the law.
THE POLICY
The NDPR Policy adapted by Polar Afpro Ltd contains six principles that must be present every time an organization attempts to process personal data of individuals, including when it records and processes footage from CCTV cameras. These principles are:
a). The recording/processing must be lawful, fair, and transparent: The processing of footage from the CCTV must be done for a lawful purpose. The cameras must be placed in public places and there must be notorious signboards/notices warning everyone that CCTV cameras are in operation. Failure to place conspicuous notices warning individuals about the presence of CCTV cameras on the premises makes the recording by the cameras unlawful. CCTV cameras cannot be in places where persons have an expectation of privacy, e.g., toilets and changing rooms. Any recording activity done in a toilet is intrusive and illegal.
b.) It must be used for specific and legitimate purposes: The organization must use the CCTV cameras and the footage for only the legitimate purpose it has identified in its CCTV Policy. It cannot use the cameras or the recording for any other purpose. For example, if the organization installed the cameras for security purposes, it cannot use or sell the video footage to data/marketing companies to analyze the behavior of persons captured by the camera to send them targeted advertising.
c.) The recording/processing must be adequate and necessary: the information captured by the CCTV must be necessary and not excessive for its purpose. A CCTV system installed for security purposes in a store should not be able to see through the clothes of customers. The cameras at the gate/car park should not attempt to view the neighbor’s compound.
d). The footage must be accurate: The footage from CCTV cameras must not be manipulated or tampered using Photoshop tools.
e.) The footage must be kept for only if necessary: The business cannot hold on to the footage in infinity. The footage can only be stored for as long as is required under the law and must thereafter be deleted.
f). It must be processed and stored in a secure manner: The footage from the CCTV must be secured from leakage. There should be no unauthorized or indiscriminate sharing of CCTV footage on social media as this amounts to a breach that can attract imposition of fines on the business management.
ACCESS AND POLAR’S COMPLIANCE
Anybody who has been caught on camera has the right to see the footage, in which they are identifiable. They can request this by submitting a “Subject Access Request” to the organization. The images of the other persons captured by the camera must be blurred before such a request is granted.
Failure to comply with these provisions of the NDPR will result in the imposition of fines on the business establishment by the National Information Technology Development Agency (NITDA).
At Polar Afpro Ltd and all the facilities we purchase and install CCTV Cameras at, we have taken measures to ensure that we remain compliant with the ‘’NDPR’’. Our CCTV Division working with top-of-the shelf brands like Avigilon, Pelco, Univision, Flir, Hikvision has made sure that firms and buildings which we install these brands of cameras at are fully compliant with the NDPR Policy.
To see a breakdown of some of the projects carried out by Polar Afpro Ltd, visit www.polarafpro.com or reach us at info@polarafpro.com for further enquiries.