Secure redact case study: improving public transparency through automated video redaction

Written By Pimloc
Security cameras monitoring traffic near big ben in london at night

Town centre CCTV sits at an unusual intersection of public safety, accountability, and data protection law. The footage is captured in public space, often funded by public money, operated by organisations whose mandate explicitly includes transparency and community safety. Yet the personal data it contains - images of identifiable individuals going about their daily lives - is subject to exactly the same privacy obligations as footage captured anywhere else.

The tension between transparency and privacy is not a theoretical problem for town centre managers. It shows up concretely in DSAR requests, in requests from individuals involved in incidents, and in the broader expectation that public surveillance infrastructure is operated accountably. Without practical tools for handling that tension, the only choices are refusing legitimate requests or disclosing footage in a form that violates the privacy of everyone in the frame.

The experience of the Great Yarmouth Town Centre Partnership (GYTCP) illustrates what happens when that tension is resolved with the right technology.

The organisation and its surveillance responsibility

The Great Yarmouth Town Centre Partnership is a not-for-profit organisation supported by Great Yarmouth Borough Council, Norfolk Police, and Norfolk County Council. Its mandate is to maintain a clean, safe, and welcoming town centre - a remit that depends substantially on its ability to monitor and respond to events across the town's public spaces.

The organisation manages Community Safety (Great Yarmouth) Ltd., which operates a network of 64 cameras monitored around the clock, 365 days a year. This is a meaningful infrastructure commitment, and the footage it generates is a live operational tool for the GYTCP's safety and security functions.

Jonathan Newman is the Town Centre Manager, and it is his Information Management Technology team that handles requests involving the footage - including the DSAR that prompted the GYTCP's first use of Secure Redact.

The specific challenge: a deadline and the wrong tools

The request was specific: redact all faces from a piece of CCTV footage, except for the face of the subject making the request. This is a standard DSAR scenario for any organisation with CCTV - a subject exercises their right to see footage in which they appear, and the organisation must provide it in a form that doesn't simultaneously disclose the identities of every other individual captured in the same clip.

The challenge was the deadline. DSARs carry a statutory one-month response window under UK GDPR. Newman's team had existing video editing tools, but they had already discovered that those tools were incredibly time-consuming and complex for redaction work. Facing a deadline and footage that would have taken days using their previous approach, they were not confident they could respond in time.

Newman found Secure Redact through an online search and made a rapid evaluation decision. The tool was affordable and user-friendly - two criteria that matter particularly for smaller organisations where neither large IT budgets nor specialist video editing expertise can be assumed.

This Person on a headset engages in a call amidst multiple screens showcasing diverse visuals

First use, no specialist training

What makes this case study particularly instructive is the context in which Secure Redact was deployed. Newman's IMT team were not video redaction professionals. They were general technology operators taking on a specific compliance task for the first time. The "novice" description is Newman's own.

The outcome: as first-time users, with some reference to the online help materials, they completed the redaction well before the 30-day deadline. What would have taken days took only a few hours.

The significance of "a few hours" in this context is worth unpacking. A task that previously represented days of complex manual work was compressed into a single afternoon by users who had never used the platform before. The learning curve was shallow enough that productive use was achievable in the same session as initial access, and the automated detection handled the identification work that would otherwise have required frame-by-frame manual attention.

Newman was explicit about the experience: he found the platform easy to understand as a novice and completed the redaction in a couple of hours. For a tool being deployed under deadline pressure by a first-time user, that is a meaningful usability result.

Transparency as the actual goal

The immediate outcome of the GYTCP's Secure Redact use was fulfilling a specific DSAR on time. But the broader value sits at a different level.

Town centre management organisations exist, in part, to serve the communities they operate in. Operating CCTV across a public town centre is an exercise in public trust - the community consents to surveillance for safety purposes because it trusts the organisation operating it to do so responsibly. That trust is not unconditional. It is maintained by accountability, and accountability in the context of surveillance infrastructure includes the ability to respond to legitimate requests from the public.

When a CCTV system can't practically respond to DSARs - not because it refuses to but because it doesn't have the tools to redact footage in the required form within the required timeframe - it creates a gap between the claimed accountability of the system and its operational reality. That gap, if it becomes visible, damages public trust in the surveillance infrastructure rather than supporting it.

Automated redaction closes that gap. It makes the accountability that town centre CCTV is supposed to embody operationally real rather than theoretically asserted.

Newman's conclusion was straightforward: he would definitely recommend the service and would not hesitate to return when redaction is needed again. For an organisation whose use case was a compliance emergency rather than a planned deployment, the result was confident enough to translate into an ongoing recommendation.

What this means for local government and public sector CCTV operators

The GYTCP's experience maps onto a pattern that repeats across UK local government, police authorities, and public sector bodies operating surveillance infrastructure. These organisations share several characteristics that make manual redaction particularly problematic and automated redaction particularly valuable.

  • CCTV networks at meaningful scale - dozens to hundreds of cameras across town centres, housing estates, public buildings, and community facilities

  • Small, generalist technology teams rather than specialist redaction or compliance operators

  • Statutory disclosure obligations under UK GDPR and, in many cases, FOIA

  • Budget constraints that make expensive specialist software less accessible and manual overtime costs particularly visible

  • Public accountability obligations that make getting disclosure right more than just a compliance requirement

Secure Redact serves local government as a specific sector, with deployment options that include SaaS for immediate access and API integration for organisations that need redaction embedded in existing workflows. The free tier allows immediate evaluation without procurement delay, which is directly relevant for public sector organisations facing a deadline before a formal procurement decision has been made.

FAQs

  • A Data Subject Access Request (DSAR) is a legal right under UK GDPR that allows any individual to request personal data held about them. For town centre CCTV, this typically means a request to see footage in which the individual appears. The organisation operating the cameras must respond within one month, providing the footage in a form that protects the privacy of third parties - which requires redacting other identifiable individuals from the clip.

  • This depends on the data controller relationship. Councils that operate CCTV directly are clearly the data controller and responsible for DSAR responses. Where operations are contracted to a third-party organisation like the GYTCP, the data controller determination affects who carries the response obligation. Organisations should establish this clearly in any camera management contracts.

  • The Freedom of Information Act 2000 applies to recorded information held by public authorities, which includes CCTV footage. However, personal data within footage is exempt from FOIA (it falls under GDPR instead). A FOIA request for CCTV footage would typically result in redacted footage being provided - with personal data removed - rather than refusal. The practical requirements are similar to DSAR fulfillment.

  • Sharing footage with police for law enforcement purposes typically falls under a different legal basis from DSAR disclosure - law enforcement agencies can request footage under specific powers and the privacy considerations differ from public disclosure. However, footage shared publicly or in response to subject access requests must be appropriately redacted. Legal advice on the specific basis for each sharing scenario is recommended.

  • Yes. Secure Redact's SaaS model is available at different pricing tiers including a free tier for low-volume use, which allows organisations to begin using the platform immediately without a significant budget commitment. This is particularly relevant for smaller councils and public sector bodies that need occasional redaction capability rather than high-volume enterprise deployment.

Pimloc
Previous

Why automated redaction is a must-have, not a nice-to-have
Next

How automated redaction reduced video DSAR processing by half