Request ID: FOI-3440-2324 Date published: 25 January 2024
You asked
The Times Newspaper reports the use by TfL / Mayor of London of non uniformed security guards for ULEZ Protection.
Masked ‘thugs’ protecting Ulez cameras accused of attacking locals
https://www.thetimes.co.uk/article/2afa0462-d963-41fa-849d-eca287b87851?shareToken=b0ad6cff0399b6aa30e3141b67712b16
1. Is this correct? Are non uniformed guards being used?
2. Please provide a data protection impact assessment for the data they gather (including but not limited to body work video) and any appropriate policy document and/or privacy impact statement.
We answered
TfL Ref: FOI-FOI-3440-2324
Thank you for your request which we received on 27 December 2024, asking for information about security staff accompanying ULEZ enforcement vans.
Your request has been considered in accordance with the requirements of the Environmental Information Regulations (EIRs) and our information access policy. I can confirm that we hold the information you require.
Is this correct? Are non uniformed guards being used?
TfL has deployed mobile units as part of our extensive camera network to support the effective operation of the ULEZ scheme. Where security personnel are used to support the vans, they operate as Close Protection Officers and are suitably licensed by the Security Industry Authority (SIA). They wear plain, dark clothes suitable for the work they undertake. Our security workers are directed not to wear face coverings unless they feel threatened by being closely filmed. Wearing of medical masks is permitted. We will remind our contractors of the situations when they can be worn.
Please provide a data protection impact assessment for the data they gather (including but not limited to body work video) and any appropriate policy document and/or privacy impact statement.
Security personnel are issued with Body Worn Video (BWV) by the organisation they are contracted to, acting on the instruction of TfL. TfL considered the deployment of Body Worn Video for those involved with Mobile Enforcement Vans in the attached Data Protection Impact Assessment (DPIA).
In accordance with the EIRs, some information detailing the IT system that the Met Police uses, has been redacted as it is subject to a statutory exception to the right of access to information under Regulation R12(5)(a) – international relations, defence, national security & public safety and Regulation 12(5)(b) – the course of justice, the ability of a person to receive a fair trial or the ability of the public authority to conduct and inquiry of a criminal or disciplinary nature.
Disclosure of this information, which would otherwise not be available via other means, would pose a real threat to their IT systems, as it would assist a third party to mount an attack on their IT systems. It is the sort of information that could be combined with other information available to an attacker or already in the public domain, to target the system.
Like other organisations, the Met Police is subject to cyber-attacks. These attacks are unlawful under the Computer Misuse Act, and whilst the motive is not always apparent, we are aware of the risk to critical national infrastructure that may result from a successful attack. We consider that releasing the information would be likely to prejudice their efforts to prevent and detect future attacks and undermine their ability to safeguard their information systems.
The EIRs and FOI are deemed to be a ‘disclosure to the world at large’ and whilst we make no suggestion that you would use this information for anything other than your own personal interests, it could be used by individuals who wish to cause harm or disruption to the IT system that the Met Police uses.
Therefore, in this instance we feel that the balance lies in favour of withholding the information to ensure that we are able to minimise the inherent danger of information being accessed by thoseintent on causing harm to the Police, which could have considerable implications for law enforcement and public safety.We recognise the need for openness and transparency by public authorities, but in this instance we consider that there is greater public interest in safeguarding the information system and their services.
In addition, in accordance with TfL’s obligations under the GDPR legislation some personal data has been removed, as required by Regulation 13 of the Environmental Information Regulations. This is because disclosure of this personal data would be a breach of the legislation, specifically the first principle of the legislation, which requires all processing of personal data to be fair and lawful. It would not be fair to disclose this personal information when the individuals have no expectation it would be disclosed and TfL has not satisfied one of the conditions of Schedule 2 which would make the processing ‘fair’.
Please see the attached information sheet for details of your right to appeal as well as information on copyright and what to do if you would like to re-use any of the information we have disclosed.
Yours sincerely
Eva Hextall FOI Case Management Team General Counsel Transport for London
