Are you unsure whether you are following best practice when you are operating your CCTV system? As previously explained the Surveillance Camera Code of Practice, originally published in 2013, provides a set of 12 Guiding Principles for organisations to follow when they operate a CCTV system.
Guiding Principles 5-12 address the use or processing of images and information. To comply there needs to be clear rules, policies and procedures for the CCTV system and staff need to know and understand them.
In particular, there needs to be a policy for the storage of images and for the disclosure of information. Images should be held securely and stored no longer than they are needed. There is a presumption that the criminal justice system should also be able to use your system to support its work if required.
In a previous blog we reported that there have been efforts by the working group of the Standards Strand of the Surveillance Camera Commissioner’s National Surveillance Camera Strategy to address the problem of obtaining video footage for the police and the courts. Obtaining this footage had become more complex in recent years with the development of more technologically advanced digital surveillance camera systems.
Guiding Principle 7 states: “Access to retained images and information should be restricted and there must be clearly defined rules on who can gain access and for what purpose such access is granted; the disclosure of images and information should only take place when it is necessary for such a purpose or for law enforcement purposes.”
As the last blog on the Guiding Principles explained many of the obligations are also now legal requirements under the Data Protection Act 2018 (DPA 2018), which incorporated the General Data Protection Regulation (GDPR), which is enforced by The Information Commissioner’s Office (ICO). You can read more about this in a previous blog.
Staff who may operate or have access to the system need to be properly trained to understand the data protection and privacy implications so that databases and records related to the CCTV system are properly managed. To ensure people’s images are being dealt with correctly under data protection law the ICO says companies should:
- Document their information retention policy for CCTV information and ensure it is understood by those who operate the system
- Implement measures to ensure you permanently delete information through secure methods at the end of the retention period
- Undertake systematic checks to ensure that you are complying with the retention period in practice
Additionally, we can recommend that if you want a step by step process for meeting compliance you can sign up to the compliance section of CCTV Logbook. This will take you through the 12 Guiding Principles of the Surveillance Camera Code of Practice to help you meet your obligations. You can currently sign up to CCTV Logbook as a free trial so why not give it a try: cctvlogbook.com