12.1 CCTV
12.1.1 Codes of Practice – when considering the installation of a CCTV system, reference should be made to the advice given in the Home Office CCTV Operational Requirements Manual in order to establish whether CCTV is the optimum solution to the security risk.
Further information relating to the effective use of surveillance camera systems can be found at the Draft updated surveillance camera code of practice.
12.1.2 CCTV Status Check – a routine check of the operational status of the surveillance camera system should be carried out and any system failure should be managed and documented from initial report through to remedial action being noted. VeriFi EIDOS CCTV status check software is provided within the scope of VeriFi’s Compliance Support Service.
Checks should include:-
- quality of image;
- pan, tilt & zoom functionality of each camera;
- recording playback; and
- accuracy of time and date display.
12.1.3 Right to be Informed (Public Information CCTV Signs)
Public Information CCTV signs should state the purpose of the scheme, contact details of the organisation and it is good practice to give access to the data controller’s Privacy Notice
ANONYMITY – In cases where it is preferred that the data controller/managing agents’ contact details are not shown, and that requests for further information are dealt with at arm’s length, a site reference code shown on the sign with direction to datasubject.info will give access to site specific information and a link to the data controller’s privacy notice.
There are no hard and fast rules relating to location and size of CCTV information signs. However you should aim to inform persons whose images may be captured as they enter the area of surveillance and circulate within and around it.
Please refer to section 15 of this document where you will find various sign templates. It would be best practice to include instructions for accessing your Privacy Policy on the sign.
It may be appropriate in certain applications that information signage be supplemented by public address broadcasts.
As to the matter of size the following guidance may be appropriate:
- eye-level A5 size where impact on the visual amenity or listed building status is an issue, otherwise A4 size is preferable;
- where post-mounted in a car park area, at vehicle entrance points and where applied to a perimeter fence, A3 size may be preferable; and
- where CCTV is installed in lift cars it would be good practice to install signs stating that CCTV cameras are operating. These signs could be A8 size and limited to a camera graphic and text ‘CCTV In Operation’, provided full Public Information Signs are located nearby.
12.1.4 Subject Access Request – refer to section 8.1
12.1.5 Archive Retention – the recognised standard is 30-60 days, however in setting this parameter consider how long it is likely to be before you become aware of an incident. The shorter the archive retention the less potential impact right of access and right to erasure requests will have on the business. You may however set a longer archive period for reasonable and justifiable purposes.
We recommend that archive retention of footage relating to incidents that are, or may be, the subject of investigation shall be until notification by the investigating body that the case is closed. Or in the absence of such notification for a period not exceeding 7 years.
12.1.6 Privacy – Cameras should not view areas where individuals have a reasonable expectation of privacy, including, but not limited to:-
- residential housing including external areas not in public view;
- commercial property neither in public view nor associated with the purpose of the surveillance;
- changing rooms and toilets;
- public areas outside the scope of the purpose of the surveillance unless for the justifiable purpose of tracking subjects of surveillance.
12.1.7 Process – To be documented using the VeriFi Compliance Manual or VeriFi EIDOS Management Information System.