Originally Posted On: What Are the Rules of CCTV in a Business? – Business Division (business-division.co.uk)
Millions of businesses and organisations rely on CCTV as their first line of defence against illegal activity – but many more are hesitant as they aren’t sure of the legalities!
The legislation around CCTV use in UK companies is all about privacy protection and refers back to regulations such as the Data Protection Act.
Understand your obligations and things you can’t do, and you’re set to install advanced surveillance with confidence that you’re fully compliant!
Cerberus, providers of commercial CCTV clarify the rules on CCTV management in a business.
Any recording equipment produces information.
That means you’re capturing movements, activities, behaviour, number plates, and assigning dates and times to each video, for example.
The primary rules about CCTV are that you need to respect individuals’ right to information security – and you can’t use information about people outside of the permissible regulations.
Here’s what you’ll need to do:
Employees, visitors, service users, and overlooked neighbouring businesses need to be informed if you fit a surveillance system.
For staff, that can be a meeting, memo, direct correspondence or any other process that fits your organisational policies.
Installing signs on doors or windows is also convenient to ensure you’re notifying the public or any visitors that live recording equipment is in use.
Businesses need to have an identified person responsible for managing their CCTV. Your Data Controller is registered with the Information Commissioner’s Office (along with a small fee).
Their role is to verify the purpose of the CCTV, make sure it is compliant, and control access to footage. You can also have one Data Controller and a separate manager in charge of the CCTV system reviews and procedures – although one person often deals with both roles.
It’s essential to create a policy – that should outline things like:
Putting these factors on paper makes it easier to be consistent.
You can refer back to the business policy at any time, provide copies to staff or new employees, and use it as a training tool if you need to appoint a new Data Controller.
Those three steps cover most of the critical requirements.
Many businesses also opt to complete a privacy risk assessment. That exercise helps to identify any potential risks and informs decisions about where you position your cameras.
The rules are pretty vague, so you have discretion when deciding how long you’ll retain your captures.
Some companies might delete videos every two weeks, others every 30 days – if you have outlined your retention period in your policy, the same process must apply to every set of footage.
What you should do is:
You’d rarely be able to charge a fee for CCTV footage, and it’s crucial only to store video information as long as you need it.
Keeping surveillance of staff over a month, for example, is likely to be a breach of their data protection rights.
The location of your CCTV cameras is all-important!
It’s vital to cover entrances, car parks or stairwells where the property is most exposed to illegal intruders, or perhaps where you park vehicles or store assets overnight.
It’s always worth using a security professional to instal and monitor your CCTV (read more about CCTV monitoring here) – they’ll know the lines of sight each camera offers and where to fit them to ensure complete coverage of the area.
Employers can use CCTV to record staff, but they must inform employees of the recording and advise the purpose behind the surveillance.
In some cases, CCTV is used to protect staff, deter criminals, and reinforce other security solutions.
Managers also leverage it to track footfall, monitor productivity, or review site activity to ensure everything is running smoothly.
Provided you inform all individuals of the recording and stick to the identified purposes, your CCTV can be a powerful resource to help you stay on top of business activities and protect against a wide variety of potential crimes.
Information contained on this page is provided by an independent third-party content provider. Frankly and this Site make no warranties or representations in connection therewith. If you are affiliated with this page and would like it removed please contact firstname.lastname@example.org