The Information Commissioner’s Office (ICO) has launched a consultation on a new draft CCTV Code of Practice to replace its 2008 code.
The code provides good practice recommendations for businesses and organisations that routinely capture individuals’ information using CCTV and other surveillance devices.
While much of the content remains the same as the 2008 code, the draft takes account of the technical, operational and legal developments that have taken place since 2008. In particular, the draft code emphasises the importance of conducting privacy impact assessments and notes that surveillance should not be used unless it is a justified and effective solution and a necessary and proportionate response to the problem its use seeks to solve. It stresses the importance of good governance and provides recommendations on ensuring effective administration which include taking into account the ICO’s relevant rules and guidance.
A new chapter on emerging technologies such as remotely operated vehicles (drones) and body-worn video cameras has been included and the draft code specifies that organisations using such technologies should ensure, where appropriate, that equipment has the capability to record non-continuous video.
The ICO’s new draft also gives recommendations as to the recording of audio through CCTV devices. The code states that CCTV must not be used to record conversations between members of the public as this is “highly intrusive and unlikely to be justified”.
Emphasis has also been placed on organisations’ consideration of the management of subject access requests under the Data Protection Act 1998 and requests for information under the Freedom of Information Act 2000. The code also highlights that organisations will need to find innovative ways of informing individuals of their rights including through social media and, where body-worn cameras are used, displaying signage on uniforms alerting individuals to the recording. Emphasis is also placed on the importance of notifying individuals of the fact that they are in an area where a surveillance system is being operated and examples are provided of signage that would comply with the DPA.
The new code contains best practice on storing and viewing recorded information which includes ensuring that it is kept secure and is encrypted where necessary. The code also provides guidance on data retention and a recommendation that data controllers should carry out periodic reviews of the effectiveness of systems to ensure that they are functioning as intended.
The consultation closes on 1 July 2014 and interested parties can provide their feedback by completing the ICO’s questionnaire (ICO webpage: Our current consultations) and by submitting it to email@example.com.