Clear Guidelines Needed to Protect Police-Generated Data in the Cloud

Police body-worn cameras have been on the rise over the last five years. Cities such as San Diego and Topeka, Kan., have already elected to outfit officers with cameras. Larger cities like Los Angeles, Houston and Washington, D.C., began testing the use of cameras last year. And state legislatures in Illinois, Texas and South Carolina deliberated over camera legislation during their most recent sessions. Topics of discussion range from citizen privacy to the cost of purchasing the cameras and paying for storage. The startup costs of body-worn cameras on the already-strained budgets of state and local police departments are certainly an issue — but they don’t tell the full story. Law enforcement faces another major challenge: keeping the video data safe and secure. 

Body-worn cameras, along with the increase of video surveillance systems, are creating massive amounts of data that agencies need to manage, store and secure. For example, the Seattle Police Department alone produced more than 360 terabytes of data from dashboard cameras. The police department in Duluth, Minn., was able to afford $5,000 to purchase cameras, but struggled with the $78,000 data storage fees for just the first two years of operation.

It’s important to determine how the data is stored, and that should not be overlooked. Cloud technology is often cited as the most scalable way to house data. However, law enforcement agencies need clear guidelines to protect police-generated data in the cloud, considering that cyberthreats are on the rise, including the risk of unwanted incursions from bad actors.

To understand the costs and risks of deploying a body-worn camera program, it is important to examine the total cost of ownership (TCO), a financial estimate that accounts for the direct and indirect costs of a product or system. To determine the TCO, police departments must account for the acquisition and operational costs of body-worn cameras, as well as the expenses associated with keeping the video data secure — a much higher cost than the cameras themselves.

As police departments look to cheaper, offsite cloud technology to store video data, calculating these costs is even more important. In this case, indirect costs cover potential expenses associated with incident response and liability charges if video data is breached. Without proper protocol and standards, what may seem to be the less expensive cloud solution could cost much more in the long run.

To secure sensitive information, U.S. law enforcement agencies must adhere to the FBI’s Criminal Justice Information Services (CJIS) security policy, which establishes guidelines for the creation, viewing, transmission and storage of criminal justice data. Recently the International Association of Chiefs of Police issued guiding principles for cloud computing that recommend data collected through body-worn cameras be stored at the highest level of security: the FBI CJIS standard. Moving forward, departments that use CJIS-compliant cloud technology will be able to minimize risk and keep video data safe.

While safe and secure data storage is not cheap, it’s an investment that law enforcement agencies must make. Only when police departments take the TCO into account will they protect their video data as well as minimize their liability and safeguard the people they serve.

Julie Anderson is principal of AG Strategy Group. She worked as managing director for Civitas Group and was deputy assistant secretary for planning and evaluation at the U.S. Department of Veterans Affairs. This article was originally published on Emergency Management.