The Information Commissioner’s Office (ICO) has launched a  consultation on a new draft CCTV Code of Practice to replace  its 2008 code.

The code provides good practice recommendations for  businesses and organisations that routinely capture individuals’  information using CCTV and other surveillance devices.

While much of the content remains the same as the 2008 code,  the draft takes account of the technical, operational and legal  developments that have taken place since 2008. In particular,  the draft code emphasises the importance of conducting  privacy impact assessments and notes that surveillance should  not be used unless it is a justified and effective solution and a  necessary and proportionate response to the problem its use  seeks to solve. It stresses the importance of good governance  and provides recommendations on ensuring effective  administration which include taking into account the ICO’s  relevant rules and guidance.

A new chapter on emerging technologies such as remotely  operated vehicles (drones) and body-worn video cameras has  been included and the draft code specifies that organisations  using such technologies should ensure, where appropriate, that  equipment has the capability to record non-continuous video.

The ICO’s new draft also gives recommendations as to the  recording of audio through CCTV devices. The code states  that CCTV must not be used to record conversations between  members of the public as this is “highly intrusive and unlikely to  be justified”.

Emphasis has also been placed on organisations’ consideration  of the management of subject access requests under the Data  Protection Act 1998 and requests for information under the  Freedom of Information Act 2000. The code also highlights  that organisations will need to find innovative ways of informing  individuals of their rights including through social media and,  where body-worn cameras are used, displaying signage on  uniforms alerting individuals to the recording. Emphasis is also  placed on the importance of notifying individuals of the fact  that they are in an area where a surveillance system is being  operated and examples are provided of signage that would  comply with the DPA.

The new code contains best practice on storing and viewing  recorded information which includes ensuring that it is kept  secure and is encrypted where necessary. The code also  provides guidance on data retention and a recommendation  that data controllers should carry out periodic reviews of the  effectiveness of systems to ensure that they are functioning as intended.

The consultation closes on 1 July 2014 and interested  parties can provide their feedback by completing the ICO’s  questionnaire (ICO webpage: Our current consultations) and  by submitting it to