Security is always going to be a key issue when running a business so it is perhaps not surprising that many organisations use CCTV at their workplaces. In fact the UK is recognised as a leading user of CCTV and most of us are used to seeing CCTV cameras on virtually every high street.

However if your business operates CCTV it is important to remember that it will affect the privacy of everyone you record. This means you need to comply with the requirements of the Data Protection Act (DPA).

The Information Commissioner’s Office (ICO) has published a code of practice to help you comply with the DPA when you use CCTV. Detailed below are some highlights from the ICO code:

• The Information Commissioner’s Office (ICO) has published a code of practice to help you comply with the DPA when you use CCTV. Detailed below are some highlights from the ICO code:
  • Take time to consider whether CCTV is the right solution.
  • What problems are you looking to address and will CCTV help you resolve them? For instance if cars in your company car park are being frequently damaged and broken in to at night, would installing lighting reduce the problem more effectively than CCTV?
• If CCTV is appropriate you need to conduct an assessment to identify the impact it is likely to have on people’s privacy. The ICO has published guidance on how to conduct an assessment which you can access here.
• Make sure you have a documented procedure for viewing, storing and disclosing images. You will need to ensure that the recorded information is secure and access is restricted.
• Place cameras in such a way that they won’t be blocked by electrical wires, trees or other obstacles. Make sure they are not viewing areas outside of your particular interest such as an individual’s private property.
• Perform regular maintenance on the system to ensure the images are of good quality and that the system is in good working order.
• Whilst the DPA does not stipulate any particular length of time that you can keep CCTV recordings it is clear that images should only be kept for as long as you need them. For example if a supermarket monitors the use of its carpark where there is a two hour free parking limit and retains the recordings of the cars that have not exceeded the limit, then this is unnecessary and unlikely to comply with the data protection principles.
• Individuals whose information is recorded have a right to be provided with that information and you should be able provide it within 40 days. You may charge up to £10 for image requests. You may need to consider your internal processes about how you would deal with such a request this could include keeping a documented log of all requests and action taken.
• Put up a sign letting people know that they are under CCTV surveillance.
• Conduct regular reviews to ascertain whether CCTV is still necessary and appropriate

For more information on achieving DPA compliance with regards to CCTV recordings visit the ICO website (link to www.ico.gov.uk).

Source: Zywave: Commercial Insurance Pro-File April 2013
Source: https://ico.org.uk/for-organisations/guide-to-data-protection/cctv/

Print PDF