Extensive directory of 240+ ready-to-use and regularly updated policies, procedures, letters and contracts.
If you have CCTV cameras installed at work, or are thinking of installing them, you really should have a CCTV policy in place and you should also read the Information Commissioner’s Office CCTV Code of Practice. Our CCTV policy will help you get over the first hurdle.
Images which are recorded and held about identifiable individuals are covered by the Data Protection Act 1998 and therefore, if you’re thinking of installing CCTV cameras in the workplace to routinely capture images of individuals, you’ll need to comply with your legal obligations under that legislation. The CCTV Code of Practice sets out the Information Commisioner’s Office good practice recommendations on how you can meet the requirements of the Act and comply with the data protection principles and that’s why it’s important to read it. As CCTV is intrusive, the starting point is to consider whether you should use it in the first place, assessing what purposes you wish to use it for, what benefits you will gain, what better solutions might exist and what effect it may have on people’s privacy. Your impact assessment will need to reach a conclusion that CCTV is justified in all the circumstances.
Once you have taken the decision to install CCTV, you’ll then need to consider matters such as:
ensuring effective administration - who has responsibility for the control of the system, for example, deciding how the system is used, what is to be recorded and to whom the images may be disclosed
selection and siting the camera - you’ll need to choose equipment and locations which achieve the purposes for which you’re using CCTV
using the equipment - it’s important a CCTV system produces images that are of a suitable quality and it will need to be checked regularly to ensure it’s working properly
looking after the recorded material and using the images - recorded material should be stored in a way that maintains the integrity of the image; you’ll need to have clear rules on who can view the images and where they can be viewed and, in addition, the disclosure of images from the CCTV system must be controlled and consistent with the purpose for which the system was established
retention periods - this should reflect your purposes for recording images and you should not keep them for longer than strictly necessary
letting people know - you must let people know they’re in an area where CCTV surveillance is being carried out. With employees, this means having a CCTV policy, as well as having clear and prominent signage
dealing with subject access requests - individuals whose images are recorded have a right to view the images of themselves and to be provided with a copy of the images, in the same way as a standard subject access request for personal data.
Our CCTV Policy covers all these issues, but remember that it’s a precedent and you will probably need to adapt it to suit your particular business circumstances. Finally, our policy includes an optional section on vehicle tracking and monitoring which you should include if you intend to fit in-vehicle camera systems to company vehicles. If you do this, you should only monitor the vehicle during business use and there should be a privacy button or similar arrangement installed to enable the recording to be deactivated during private use.