The following selection of
recommended 'GOOD PRACTICE' rules are not law, but are nearly impossible to
do without if the law is to be complied with to its full extent. These rules
are not entirely complete, and are only intended as a guide to the
recommendations contained in the 'CCTV Code of Practice'
issued by the Office of the Information Commissioner.
Operators of CCTV surveillance systems should......
Document details of the scheme, its purpose, responsible persons,
security and disclosure policies
Document the standards that must be met regarding the quality of
Document date and time that access to or disclosure of images is
allowed, the ID of any third party, the reason for allowing access and the
extent of access or disclosure given
Data subjects should be provided with a standard subject access
request form indicating the information needed to locate the requested
images, identify the person making the request, explains their rights,
indicates the fee, and other details
All subject access requests should be dealt with by a manager or
designated member of staff
If a request for access is refused by the manager, the decision and
details should be documented
All staff must be aware of the manager or member of staff responsible
for responding to requests to prevent processing likely to cause
unwarranted damage to that individual
The contact point indicated on the signs should be available to
members of the public during office hours. Employees staffing the contact
point should be aware of the policies and procedures relating to the CCTV
Enquirers should be provided with a leaflet giving general
information, a copy of the official code of practice, a subject access
request form and the complaints procedures in place
A complaints procedure should be clearly documented
A record of complaints or enquiries should be kept, outlining actions
An assessment of complaints and enquiries should be recorded, an
annual internal evaluation of the effectiveness of the system should be
made, and should be publicly available.
All recommendations above require specific
documents that are provided in our Data Protection Act CCTV Management
Package. In addition, we supply all documents that are required by law to
operate a CCTV system, together with a personalised code of practice.