VeriFi EIDOS

12.1 CCTV

When considering the installation of a CCTV system, reference should be made to the advice given in the Home Office CCTV Operational Requirements Manual in order to establish whether CCTV is the optimum solution to the security risk.

Principles from the Surveillance Camera Code of Practice

The following principles are also relevant to the operation of CCTV systems:

  1. Use of a surveillance camera system must always be for a specified purpose which is in pursuit of a legitimate aim and necessary to meet an identified and pressing need.
  2. The use of a surveillance camera system must take into account its effect on individuals and their privacy, with regular reviews to ensure its use remains justified.
  3. There must be as much transparency in the use of a surveillance camera system as possible, including a published contact point for access to information and complaints.
  4. There must be clear responsibility and accountability for all surveillance camera system activities including images and information collected, held and used.
  5. Clear rules, policies and procedures must be in place before a surveillance camera system is used, and these must be communicated to all who need to comply with them.
  6. No more images and information should be stored than that which is strictly required for the stated purpose of a surveillance camera system, and such images and information should be deleted once their purposes have been discharged.
  7. Access to retained images and information should be restricted and there must be clearly defined rules on who can gain access and for what purpose such access is granted; the disclosure of images and information should only take place when it is necessary for such a purpose or for law enforcement purposes.
  8. Surveillance camera system operators should consider any approved operational, technical and competency standards relevant to a system and its purpose and work to meet and maintain those standards.
  9. Surveillance camera system images and information should be subject to appropriate security measures to safeguard against unauthorised access and use.
  10. There should be effective review and audit mechanisms to ensure legal requirements, policies and standards are complied with in practice, and regular reports should be published.
  11. When the use of a surveillance camera system is in pursuit of a legitimate aim, and there is a pressing need for its use, it should then be used in the most effective way to support public safety and law enforcement with the aim of processing images and information of evidential value.
  12. Any information used to support a surveillance camera system which compares against a reference database for matching purposes should be accurate and kept up to date.

CCTV Status Checka routine check of the operational status of the surveillance camera system should be carried out and any system failure should be managed and documented from initial report through to remedial action being noted. VeriFi EIDOS CCTV status check software is provided within the scope of VeriFi’s Compliance Support Service.

Checks should include:-

  • quality of image;
  • pan, tilt & zoom functionality of each camera;
  • recording playback; and
  • accuracy of time and date display.

Right to be Informed (CCTV Signs)There are no hard and fast rules relating to location and size of CCTV information signs, however you should aim to inform persons whose images may be captured as they enter the area of surveillance and circulate within and around it.

These signs must state the purpose of the surveillance and contact details of the data controller. Please refer to section 15 of this document where you will find various sign templates. It would be best practice to include instructions for accessing your Privacy Policy on the sign. You can use VeriFi’s datasubject.info service to do this in a simple, space-saving way.

It may be appropriate in certain applications that information signage be supplemented by public address broadcasts.

As to the matter of size the following guidance may be appropriate:

  • eye-level A5 size where impact on the visual amenity or listed building status is an issue, otherwise A4 size is preferable;
  • where post-mounted in a car park area, at vehicle entrance points and where applied to a perimeter fence, A3 size may be preferable; and
  • where CCTV is installed in lift cars it would be good practice to install signs stating that CCTV cameras are operating. These signs could be A8 size and limited to a camera graphic and text “CCTV In Operation’, provided fuller data processing information (e.g. with a link to the appropriate datasubject.info Privacy Policy page) is available nearby.

Subject Access Request – refer to section 8.1.

Consentdue to the lawful basis of this processing consent would not be required.

Archive Retentionthe recognised standard is 30 days however in setting this parameter consider how long it is likely to be before you become of aware an incident. The shorter the archive retention the less potential impact right of access and right to erasure requests will have on the business. You may however set a longer archive period for reasonable and justifiable purposes.

We recommend that archive retention of footage relating to incidents that are, or may be, the subject of investigation shall be until notification by the investigating body that the case is closed or in the absence of such notification for a period not exceeding 6 years.

PrivacyCameras should not view areas where individuals have a reasonable expectation of privacy, including, but not limited to:-

  • residential housing including external areas not in public view;
  • commercial property neither in public view or associated with the purpose of the surveillance;
  • changing rooms and toilets;
  • public areas outside the scope of the purpose of the surveillance unless for the justifiable purpose of tracking subjects of surveillance.

Access to recordings shall be password protected and managed on recording / computer devices identified by unique reference numbers logged in a Controlled Data Register. The recording must be deleted at the end of the archive period (see above).

ProcessTo be documented using the VeriFi Compliance Manual or VeriFi EIDOS Management Information System.