CCTV cameras must only be used as a necessary and proportionate response to a real and pressing problem, the data protection watchdog the Information Commissioner’s Office (ICO) has warned.
The ICO published its updated 44-page CCTV code of practice (as a free pdf available on the ICO website). The update includes a look at the data protection requirements placed on operators of new and such emerging technologies as drones and body worn video cameras.
ICO Head of Strategic Liaison, Jonathan Bamford, said: “The UK is one of the leading users of CCTV and other surveillance technologies in the world. The technology on the market today is able to pick out even more people to be recorded in ever greater detail. In some cases, that detail can then be compared with other databases, for instance when automatic number plate recognition is used. This brings new opportunities to tackle problems such as crime, but also potential threats to privacy if they are just being used to record innocent members of the public without good reason.
“Surveillance cameras should not be deployed as a quick fix, but a proportionate response to a real and pressing problem. Putting in surveillance cameras or technology like automatic number plate recognition and body worn video is often seen as the first option, but before deploying it you need to understand the problem and whether that is an effective and proportionate solution. Failure to do proper privacy impact assessments in advance has been a common theme in our enforcement cases.”
The ICO says that the updated code explains how CCTV and other forms of camera surveillance can be used to process people’s information. The guidance explains the issues that operators should consider before installing such surveillance, the measures that CCTV users should have in place to make sure excessive personal information isn’t being collected and the steps those users should have to make sure the information is kept secure and destroyed once it is no longer required.
The ICO’s CCTV Code of Practice complements the provisions in the Surveillance Camera Code of Practice, which applies to police forces, local authorities and police and crime commissioners in England and Wales, as described in the Protection of Freedoms Act. The ICO’s guidance covers a wider area, as the requirements of the Data Protection Act apply to all sectors processing personal information across the whole of the UK, including the private sector. The Data Protection Act does not apply to people using CCTV for their domestic use.
The ICO has much on its plate besides CCTV, notably the public complaining about nuisance marketing phone calls; and the scandals over private investigators and newspaper hacking, and historic construction industry blacklist databases. However the ICO points to recent enforcement action to stop the excessive use of CCTV includes an enforcement notice served on Southampton City Council after the council required the video and audio recording of the city’s taxi passengers 24 hours a day. The ICO also served an enforcement notice on Hertfordshire Police after the force began using Automatic Number Plate Recognition (ANPR) cameras to record every car entering and leaving the small rural town of Royston in Hertfordshire. In both cases the excessive use of surveillance cameras was reduced the ICO adds.
For the code in full visit the ICO website – http://ico.org.uk/for_organisations/data_protection/topic_guides/~/media/documents/library/Data_Protection/Detailed_specialist_guides/cctv-code-of-practice.pdf
Pictured: CCTV signage beside the Thames in North Woolwich, east London.
