Premium Directory Listings

directorylist
directorylist
directorylist
directorylist
directorylist
directorylist
directorylist
directorylist
directorylist
directorylist
directorylist
directorylist
directorylist
directorylist
directorylist
directorylist
directorylist
directorylist
directorylist
directorylist
directorylist
directorylist
directorylist
directorylist
directorylist
directorylist
directorylist
directorylist
directorylist
directorylist
directorylist

Guidance on the Use of CCTV – For Data Controllers

May 28, 2019

Introduction

This guidance is intended to assist owners and occupiers of premises, in particular those that are workplaces or are otherwise accessible to the public, to understand their responsibilities and obligations regarding data protection when using CCTV. Any person or organisation that collects and processes the personal data of individuals is considered a ‘data controller’.1 For this reason, any usage of a CCTV system must be considered in light of the obligations imposed by data protection legislation on data controllers, and implemented in accordance with the principles of data protection.

The use of CCTV systems has expanded significantly in recent years, due to the increased sophistication of the technology and its affordability. CCTV systems have legitimate uses in securing premises, supporting workplace safety management, and aiding in the prevention and detection of crime. However, unless CCTV is used proportionately, it can give rise to legitimate concerns of unreasonable and unlawful intrusion into the data protection and privacy rights of individuals and that excessive monitoring or surveillance may be taking place.

Data controllers should be aware that footage or images containing identifiable individuals captured by CCTV systems are personal data for the purposes of data protection law. Where processes are used to obscure or de-identify individuals from CCTV footage, the footage or images are still considered personal data if it is possible to re-identify the individuals. Further, if footage or images are initially captured in an identifiable form and then irreversibly de-identified, data protection law will still cover the processing up to the point of anonymisation.

Before installing a CCTV system, potential data controllers should consider the following questions. These issues, and others, are expanded upon in more detail in these guidelines.

CCTV Checklist

 Purpose: Do you have a clearly defined purpose for installing CCTV? What are you trying to observe taking place? Is the CCTV system to be used for security purposes only? If not, can you justify the other purposes? Will the use of the personal data collected by the CCTV be limited to that original purpose?

 Lawfulness: What is the legal basis for your use of CCTV? Is the legal basis you are relying on the most appropriate one?

 Necessity: Can you demonstrate that CCTV is necessary to achieve your goal? Have you considered other solutions that do not collect individuals’ personal data by recording individuals’ movements and actions on a continuous basis?

 Proportionality: If your CCTV system is to be used for purposes other than security, are you able to demonstrate that those other uses are proportionate? For example, staff monitoring in the workplace is highly intrusive and would need to be justified by reference to special circumstances. Monitoring for health and safety reasons would require evidence that the installation of a CCTV system was proportionate in light of health and safety issues that had arisen prior to the installation of the CCTV system. Will your CCTV recording be measured and reasonable in its impact on the people you record? Will you be recording customers, staff members, the public? Can you justify your use of CCTV in comparison to the effect it will have on other people? Are you able to Version Last Updated: May 2019 4 demonstrate that the serious step involved in installing a CCTV system that collects personal data on a continuous basis is justified? You may need to carry out a Data Protection Impact Assessment to adequately make these assessments.

 Security: What measures will you put in place to ensure that CCTV recordings are safe and secure, both technically and organisationally? Who will have access to CCTV recordings in your organisation and how will this be managed and recorded?

 Retention: How long will you retain recordings for, taking into account that they should be kept for no longer than is necessary for your original purpose?

 Transparency: How will you inform people that you are recording their images and provide them with other information required under transparency obligations? Have you considered how they can contact you for more information, or to request a copy of a recording?

To download the full article click here

Aritech

Dahua
« »

Leave a Reply

Your email address will not be published.