In 2013, the cost of retail crime was estimated to have risen to £1.6 billion in the UK. This is clearly not only a problem for shop owners, but also for the economy as a whole. CCTV is one of the most effective ways that businesses can protect themselves. Not only will the presence of cameras deter potential thieves, but the images they record can be vital evidence in court.
However, there are number of laws relating to CCTV that business owners are responsible for upholding. These laws are there to ensure that the use of cameras doesn’t infringe on people’s right. And if they are not adhered to, recorded footage is unlikely to be admissible in court.
These guidelines are an overview and should not be interpreted as legal advice.
Data Protection Act
The use of CCTV by retail businesses is subject to the 1998 Data Protection Act. This is a set of rules that operators must follow when they gather, store or release images of individuals, which can be enforced by the Information Commissioner. They also give individuals rights, such as the ability to gain access to the images or to request compensation.
The Information Commissioner’s Office is an independent authority and provides a code of practise for CCTV usage with the aim of helping businesses comply with the Data Protection Act. Due to the sensitive nature of monitoring the public, businesses are advised to carry out an impact assessment. If you do decide that you require CCTV, here is an overview of the guidelines you need to follow:
- Ensure Effective Administration: It is important to establish who has control of the images. The body, which is responsible, is called the Data Controller and is legally responsible for compliance with the Data Protection Act.
- You will also need clear procedures for how you use the system in practise, such as, defining a specific purpose for the images, creating clearly documented procedures and ensuring standards are kept in place by doing regular audits.
- Selecting And Siting The Cameras: You need to choose cameras and locations that serve the purpose for which you are collecting images. This includes ensuring the system has the necessary technical specifications that the location minimises viewing of areas that are not relevant to your purpose, that there are sufficient light levels, and that the cameras are protected from vandalism.
- You should also take the time to consider privacy-friendly ways of processing images like only recording when there is cause for concern.
- Using The Equipment: The system should have sufficient image quality for individuals to be identified. However, you should avoid choosing cameras that can record conversations, as this is an unnecessary invasion of privacy.
- Storing And Viewing The Images: Recorded material should be stored in a way that preserves its integrity to be able to use the footage in court. This means carefully choosing the medium on which the images are stored and restricting access to them.
- They should be viewed in a protected area and only by authorised personnel. In case, the individual was recorded in a place where they had a reasonable expectation of privacy.
- Disclosure: Images should only be disclosed in line with the purpose that the system was set up for. For example, if cameras were installed to detect crime, it would be reasonable to release images to a law enforcement body if a crime is committed.
- Only in some limited circumstances would it be appropriate to release images to a third party, where their needs outweigh those of the individuals recorded.
- Retention: Retention should reflect the organisation’s own purposes, as the Data Protection Act does not specify minimum or maximum periods. You should not keep images for longer than you require them.
- Letting People Know: You must let the public know when they are in an area that is being recorded. Clear and prominent signs should be installed, particularly, in the case of hidden cameras.
Protections Of Freedoms Act
In June 2013 the coalition government introduced a new Code of Practice for CCTV under the Protection of Freedoms Act 2012. This code relates to the use of surveillance cameras by bodies like local authorities and the police rather than private businesses. In the ICO’s response to the Home Office’s new guidelines they stated that
“The Government has made it clear that the role and responsibilities of the new Surveillance Camera Commissioner will complement but be distinct from those of the Information Commissioner and there will be a strong degree of mutual interest.”
It seems that the two bodies will be taking distinct but complementary roles, when it comes to CCTV regulation.
The laws regarding the use of CCTV operation in businesses are complex. Whilst this guide provides an overview of the main regulatory bodies and guidelines, it is essential to refer to the official documents.
Image by charbel.akhras