Code of Practice
Under the Data Protection Act 1998, legal control over CCTV surveillance cameras in public areas came into effect on 1 March 2000. A new Code of Practice for CCTV use has been written by the Information Commissioner and sets out guidance on following good practice procedures. The Code of Practice's purpose is to assist operators of CCTV surveillance systems in understanding their legal obligations and also to reassure the public about the safeguards that should be in place.
The Code is not intended to apply to:
- Targeted and intrusive surveillance activities that can only be issued in specified circumstances by the intelligence agencies, police or customs.
- Surveillance used by employers to monitor employees' compliance with their employment contracts.
- Home security.
- Cameras used by the broadcast media for journalistic, artistry or literary purposes.
Code of Practice
Before implementing a CCTV surveillance system, the full Code of Practice needs to be studied carefully. The Code of Practice and a CCTV checklist can be found here. A brief summary follows of some of the key areas that need to be considered before implementing CCTV surveillance equipment.
Initial Assessment Procedure
Before you install a CCTV surveillance camera, the purpose of its intended use needs to be established. In accordance with the First Data Protection Principle, you will need to thoroughly assess the appropriateness and reasons for using CCTV. This, along with the person(s) or organisation(s) responsible for the system, needs to be documented and registered with the Office of the Data Protection Commissioner.
Siting the CCTV Cameras
Consideration of where your equipment is situated is a key factor when setting up a CCTV surveillance system. The way images are captured needs to comply with the First Data Protection Principle:
- Cameras should only cover the spaces where the equipment is meant to monitor.
- The user needs to consult with the owners of any domestic areas that might be covered or border the area monitored by the equipment.
- Operators must be aware of the purpose of the scheme and only use the equipment for that purpose.
- Operators should not adjust equipment to overlook spaces not covered by the scheme and should also be aware of privacy implications.
The public needs to be aware that they are entering an area that is being monitored by CCTV surveillance equipment. Signs should be placed so that they are clearly visible and legible. The size of the sign will vary according to the circumstances of its location.
Signs need to contain the identity of whoever is responsible for the scheme, its purpose and their contact details. There are only a few exceptional circumstances where signs can not be used, such as investigating specific criminal activity.
For the data that you receive from CCTV surveillance cameras to be of any use, the images produced need to be as clear as possible. Frequent checks need to be made to make sure the equipment is performing properly and if tapes are being used they need to be of good quality. If the quality of the images deteriorates to an unacceptable level, the equipment should not be used and should be replaced.
Images should not be retained for longer than necessary if they aren't required for your purpose. Retained image integrity needs to be maintained to insure its evidential value and to protect the rights of the people who have been filmed.
Images should be erased after the retention period or stored in a secure place if being used for evidence. The reason, date, crime incident number and location need to be documented when they have been moved to another location.
Authorised employees should only be able to monitor the information from your CCTV surveillance equipment. All recorded image viewings should be restricted to a designated staff member who can decide if a third party may view the recording.
Access to CCTV recorded images needs to be restricted and tightly controlled for Data Protection Act purposes. This means staff should only have access if they need it to achieve the purpose of the scheme. Third party access should be limited to law enforcement, prosecution agencies, legal representatives, the media (when assisting to catch a criminal) and people whose image has been recorded (unless it would prejudice criminal proceedings). All requests and reasons for denial need to be documented.
If footage is released to the media, then images of people may need to be blurred to comply with the First, Second and Seventh Data Protection Principles.
If individuals want to view recorded images of them, they need to apply to the data controller in writing and pay a small fee (max £10). The data controller must deal with the request within 40 days - even if it is to deny their application.
There are some circumstances where an individual is exempt from the right of access to information. This is where the information could prejudice:
- The prevention or detection of crime.
- The apprehension or prosecution of offenders.
Individuals that feel that they have suffered unwanted damage or distress from any contravention of the Act requirements can seek compensation through the courts.