Computer installation services for SME business customers in Staffordshire and West Midlands
Computer & IT Services   Home About Us

Services

Products

Contact
 
 

Does the act apply to you and what you have to do to comply

Many small businesses using CCTV to monitor their factories, shops or offices are unsure whether they comply with the Data Protection Act 1998. Any CCTV system used to record images of individuals must comply with the requirements. Failure to do so may result in a fine by the government for the system owner. Some systems may be exempt from the act e.g. those that do not record and those that are installed in a private residence.

Few employees have difficulty being monitored by CCTV, particularly in retail environments. Many people working in shops these days are so worried of being attacked or held up they regard CCTV as essential protection. Nobody wants to prosecute small businesses for mistakes so the Commissioner is currently working on a simpler code of practice covering ten main points which is easier for small firms to apply:

1. Anyone using a CCTV system must notify the Government’s Information Commissioner that they are processing data in the form of CCTV recordings. Failure to notify carries a maximum penalty of £5,000 for the system owners. Registration can be done online at www.dataprotection.gov.uk with the charge currently about £35.

2. Check that the notification has been made and the next annual renewal date has been recorded and is fulfilled.

3. Cameras need to be sited so that images from them are clear enough to be used by the police to investigate a crime.

4. The operator needs to ensure that the cameras do not pick up images of people not on the premises. If cameras are capable of viewing areas where an individual may have a reasonable right to privacy e.g. within his/her home or on public property then some form of physical masking or electronic privacy zoning should be installed.

5. Signs indicating that CCTV is in use need to be clearly visible to anyone visiting the premises. The signs need to make clear who is responsible for the monitoring. Signs must be mounted adjacent to the entrance to areas where CCTV is in operation. For external areas where CCTV is in operation signs should be fitted to the perimeter or approaches.

6. Recordings must be securely stored and accessible only to authorised individuals and organisations named in a site specific code of practice. Recording equipment and media should be held in a secure area i.e. a locked room or office or in purpose made secure storage cabinets and accessible only by individuals responsible for the operation of the system.

7. The recorded images should only be kept long enough for any incident to come to light.

8. The recordings must only be made available to a law enforcement agency such as the police involved in the prevention and detection of crime and to no other third parties.

9. The operator needs to ensure that the equipment is regularly checked to make sure it is working properly. The date and time stamp must be correctly set. Video cassettes etc on which the images are captured should be erased before re-use so that images are not recorded on top of images recorded previously. At the end of a recording mediums useful life it is recommended that you destroy it.

10. The controller needs to know how to respond to requests from individuals to access images relating to that individual. If unsure, the controller needs to seek advice from the Information Commissioner as soon as the request is made. Under the Data Protection Act a small business can only use CCTV for the prevention and detection of crime or for protecting the safety of customers and cannot be used for any other purpose.
Full details of the act can be found at www.dataprotection.gov.uk
 
© Copyright 26.08.2008 IMPlog
HOME | ABOUT US | SERVICES | PRODUCTS | CONTACT