Data Protection and CCTV

February 9, 2008

The new CCTV Code of Practice makes it clear that the data protection legislation applies to CCTV in many cases. It describes the use of sound recording as ‘highly intrusive’ and warns organisations that its use would only ever be justified in highly exceptional circumstances. The Code outlines the key issues which organisations and businesses must consider when routinely capturing images of individuals on their CCTV equipment.


According to the ICO’s research over half of individuals are not aware that the use of CCTV cameras is covered by the Data Protection Act. As well as advising organisations on how to use CCTV responsibly, the Code of Practice also sets out what they need to do to ensure individuals can use their rights.


Jonathan Bamford, Assistant Commissioner at the ICO, said: ‘CCTV enjoys a lot of public support and can have benefits such as helping with the detection of crime. However, it can also be extremely intrusive, monitoring ordinary individuals as they go about their day to day business. It is essential that organisations and businesses use CCTV responsibly in order to maintain public trust and confidence in the use of CCTV and to prevent its use becoming increasingly viewed as part of the surveillance society.’


The Code also provides advice on the retention and use of CCTV images and outlines some of the circumstances when it would be appropriate to disclose images captured by CCTV, for example, to law enforcement bodies for the investigation of a crime.


In Freeth Cartwright’s excellent IMPACT blog, Alex Newson observes ‘The Code says that the DPA will apply to most usage of CCTV, because most usage is directed at viewing/recording the activities of people. This contrasts with the previous CCTV code, which stated that only usage of CCTV to monitor/record particular individuals would be subject to the DPA. Only very basic CCTV systems will not be subject to the DPA’. IMPACT offers a guide to the new Code.