For details and an outline response to the recent BBC Panorama Investigation into apparent vulnerabilities with HikVision hardware please see the press release at the bottom of this page.

Perimeter Surveillance Limited Privacy Policy

Our contact details 

Perimeter Surveillance Limited

326 Greenway Road

Phone Number: 02920603100

E-mail: support@perimetersurveillance.co.uk

The type of personal information we collect

We currently collect and process the following information:

·       Personal identifiers, contact’s and characteristics (for example, name and contact details, fault reports) including contractual information.

·       Hardware serial numbers, their locations and passwords.

·       Fault diagnostics and peripheral information.

·       Archived footage where you the client has authorised us to do so.

How we get the personal information and why we have it

Most of the personal information we process is provided to us directly by you for one of the following reasons:

·       The installation and ongoing support of your service, and the prompt and accurate reporting of, installation, fault reporting and fault tickets      update. We also store contractual information, but we do not store any financial information or bank details.

We use the information that you have given us in order to 

·       Contact you with a support ticket update

·       Contact you to inform you of a fault

·       Contact you to inform you of any new products or services

·       Contact you to inform you of our arrival time

·       Contact you for the purposes of administering your account

We may share this information with DVS Limited and Hikvision UK and Europe.

Under the UK General Data Protection Regulation (UK GDPR), the lawful bases we rely on for processing this information are: 

(a) Your consent. You are able to remove your consent at any time. You can do this by contacting support@perimetersurveillance.co.uk

(b) We have a contractual obligation.

(c) We have a legal obligation.

(d) We have a vital interest.

(e) We need it to perform a public task.

How we store your personal information 

Your information is securely stored. 

We keep names, addresses, serial numbers, passwords (Not including any passwords for your personal devices such as smart phones tablets and laptops/computers)  for 36 months whilst you are a client and beyond that for a further 36 months when you renew your contract, upgrade your service or take an additional service. When you cease our services, we will retain your data for a maximum of 36 months. We will then dispose of your information by removing it and deleting it from our cloud service, and on site secured server where it may be stored, and paper or hardcopy signed paperwork, which will be shredded and destroyed.

Your data protection rights

• Under data protection law, you have rights including:
• Your right of access - You have the right to ask us for copies of your personal information. 
• Your right to rectification - You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. 
• Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances. 
• Your right to restriction of processing - You have the right to ask us to restrict the processing of your personal information in certain circumstances. 
• Your right to object to processing - You have the the right to object to the processing of your personal information in certain circumstances.
• Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.

Please contact us at support@perimetersurveillance.co.uk, 02920603100 if you wish to make a request.

How to complain

If you have any concerns about our use of your personal information, you can make a complaint to us at support@perimetersurveillance.co.uk

You can also complain to the ICO if you are unhappy with how we have used your data.

The ICO’s address:           

Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

Helpline number: 0303 123 1113

ICO website: https://www.ico.org.uk

Hikvision BBC Panorama Investigation statement.To Whom It May Concern 

26th June 2023

Dear Valued Partner,

In our previous letters, Hikvision committed to providing you with the latest updates on the conversations the company is having across the UK and Ireland to clarify misconceptions about our products and operations. 

We wanted to share with you that today (Monday 26 June 2023 at 8PM), BBC Panorama intends to broadcast a programme which purports to investigate Chinese companies operating in the surveillance industry. We have been engaging with the producers of this programme, and have grave concerns regarding the integrity and content of the broadcast.

The BBC will broadcast a ‘hack’ of a six-year-old Hikvision camera to exploit a vulnerability that was identified in 2017, but was patched and publicly disclosed less than one week after it was brought to the company’s attention. To claim that this stunt has uncovered a security breach or an intentional backdoor in June 2023 is farcical. It sensationalises a problem that was already fixed to universally recognised CVE standards. Furthermore, this test has not been conducted on a typical network, but rather an unsecured one. This test simply cannot be characterised as representative of ‘the cameras lining our streets today’, which would be much better defended than the camera in this so-called ‘test’ the BBC have run.

Hikvision was not given any information in advance about the specifications of the hack to be carried out. 

We repeatedly asked the BBC for more information about its planned ‘hack’, but were ignored until we asked our lawyers to intervene. Indeed the BBC repeatedly refused to clarify the following: which camera model and serial number would be used; what version of firmware was installed; whether the camera included was UK firmware; whether the camera would be tested on a closed circuit or connected to a network; how any network would be secured; if the hack would include port forwarding; if the camera was still being sold in the UK; and, how the camera was obtained.

We now know that the camera was in fact supplied by, and compromised with the collaboration of IPVM, an organisation with a vendetta against Hikvision. 

Hikvision’s conduct with regards to this vulnerability has followed all internationally accepted standards of best practice. When made aware of the vulnerability in March 2017, Hikvision patched it in less than one week. The vulnerability – and Hikvision’s patch – were subject to further scrutiny in the US with the then-Chairman of the US House of Representatives Small Business Committee noting in a public hearing that Hikvision’s work with the US Department of Homeland Security on this vulnerability meant that any continuing issues resulting from unpatched equipment would lie with ‘small businesses that do not engage with the government or the DHS regularly’. 

Going further, the Deputy Assistant Secretary for the US Department of Homeland Security Office of Cybersecurity and Communications said they ‘worked with the company’ to resolve the problem and that ‘standard practice was followed’.

There is no reason to believe that circumstances would be any different in the UK. After all, the vast majority of public sector organisations have processes in place to respond to vulnerabilities and regularly update their firmware. It is virtually certain that every public sector organisation in the UK has patched its cameras since 2017 and therefore no reason to assume there is any risk today.

The BBC had all the information above ahead of broadcast. The BBC has been misled by IPVM and will now, in turn, mislead others. 

Hikvision knows that you, as surveillance industry professionals, will understand this test simply cannot be taken seriously. It is not representative of the security of Hikvision cameras on the market today. However, the general public may not understand. 

As we seek redress for this egregious and irresponsible broadcast, we continue to reserve all of our rights, including legal action. Please accept my apologies for any inquiries you receive from your customers or the public at this stage. We are working tirelessly to dispel these untruths with both the media and government, and if you need any help whatsoever in reassuring your own stakeholders, please do not hesitate to contact me, and we will render any and all assistance that we can.

Your support and continued business at this time is deeply appreciated.

Yours faithfully,

Justin Hollis

Marketing Director – Hikvision UK & Ireland