CCTV code of practice

Section 1.   The data protection act 1998

 

1.1          Definitions

“data” means information which –

(a) is being processed by means of equipment operating automatically in response to instructions given for that purpose,

(b) is recorded with the intention that it should be processed by means of such equipment,

(c) is recorded as part of a relevant filing system or with the intention that it should form part of a relevant filing system, or

(d) does not fall within paragraph (a), (b) or (c) but forms part of an accessible record as defined by section 68;

“data controller” means a person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data are, or are to be, processed; the data controller is [insert name of legal person]

“data processor”, in relation to personal data, means any person (other than an employee of the data controller) who processes the data on behalf of the data controller;

“data subject” means an individual who is the subject of person data;

“personal data” are defined in the Act at Section 1(i) as follows:

‘data which relate to a living individual who can be identified –

• from those data;  or
• from those data and other information which is in the possession of, or is likely to come into the possession of, the data controller

and includes any expression of opinion about the individual and any indication of the intentions of the data controller or any other person in respect of the individual’;

“processing”, in relation to information or data, means obtaining, recording or holding the information or data or carrying out any operation or set of operations on the information or data, including –

(a)  organisation, adaptation or alteration of the information or data,

(b)  retrieval, consultation or use of the information or data,

(c)  disclosure of the information or data by transmission, dissemination or otherwise making available, or

(d)  alignment, combination, blocking, erasure or destruction of the information or data;

“sensitive personal data” means personal data consisting of information as to –

(a)  the racial or ethnic origin of the data subject,

(b)  his political opinions,

(c)   his religious beliefs or other beliefs of a similar nature,

(d)  whether he is a member of a trade union (within the meaning of the trade union and labour relations (consolidation) act 1992),

(e)  his physical or mental health or condition,

(f)   his sexual life,

(g)  the commission or alleged commission by him of any offence, or

(h)  any proceedings for any offence committed or alleged to have been committed by him, the disposal of such proceedings or the sentence of any court in such proceedings.

A closed circuit television system is an example of equipment operating automatically, processing personal data or sensitive personal data as defined, in response to instructions given for that purpose.

The data being processed in the case of CCTV recordings is in the form of recorded images of living individuals who can be identified from those images.

Having regard to the above definitions, it can be seen that the provisions of the data protection act cover the use of CCTV systems for surveillance purposes.

 

1.2          Principles

The standards, which must be met if the requirements of the data protection act 1998 are to be complied with, are based on eight Principles.  These Principles state that data must be;

• fairly and lawfully processed;
  
• processed for limited purposes and not in any manner incompatible with those purposes;
  
• adequate, relevant and not excessive;
  
• accurate and where necessary kept up to date;
  
• not kept longer than is necessary;
  
• processed in accordance with individuals’ rights;
  
• kept under secure conditions;
  
• not transferred to countries outside the EEA without adequate protection.

1.3          Fairness

To ensure fairness, individuals are made aware that they are about to enter an area where CCTV video recording is active. This is achieved by the use of prominent signage. Signs are placed at entry points to the premises and are clearly visible to vehicle occupants and pedestrians alike.

These signs should be checked at regular intervals to ensure they have not been damaged and are clearly visible.

1.4          Lawful Purpose

The CCTV system on this site is used for the monitoring and collection of visual images for the purpose of maintaining security of the premises, preventing crime and assisting with the investigation of crime when a crime is committed.

It must not be used for any other purpose unless that purpose has been approved by the data controller and notified to the information commissioner’s office.

1.5          Adequacy

To ensure that the system is fit for the notified purpose, it will be the responsibility of the [insert name] to ensure that –

• the system is maintained in a serviceable condition so as to ensure the quality of the recorded images
• only such information as is necessary to achieve the purpose of the scheme should be recorded.

Care should be taken so as to ensure no excess information is gathered.

1.6          Accuracy

[Insert name] will take steps to ensure that data processed by the system is accurate.  He will be responsible for ensuring that –

• the recording machine’s counter is zeroed before each recording is commenced
• the time and date display appearing on the screen is checked as correct before each recording is commenced.

1.7          Retention

Information recorded by the system should not be stored longer than necessary.  The normal period of retention will be 31 days.  Images may be stored for longer periods where this can be justified, e.g. for evidential purposes.

Any recordings used for evidence will be copied onto two cd’s one of which will be the master and the other the working copy. The cd’s should be of the ‘write once read many’ (WORM) type and kept in a secure manner.  Copies of recordings may be admissible as evidence providing there is a clear audit trail to the original.

Any copies of recorded material should be documented and made traceable.

1.8         Rights of Individuals

Individuals caught by the system may request a copy of any recording of them that exists.  This would normally be in the form of a cd.

All requests for subject access must be referred to the [insert name].  [Insert name] will ensure that all aspects of the subject rights provisions under the act are complied with.

Unauthorised persons must not be allowed access to any images recorded by the system.

1.9          Privacy

Cameras must only be used for the purposes set out so as to achieve the objects of the scheme.  They should not be used for viewing areas that would reasonably be considered private.

Intentional voyeurism via the operation of CCTV cameras is an invasion of privacy in any circumstances.  Such use is unacceptable and will render an operative liable to disciplinary proceedings.