The Data Protection Act 1998, which replaces the 1984 Act,  came into force in March 2000. The Data Protection Commissioner, Elizabeth France  published her first Code of Practice to assist with compliance with the Act  in July 2000. This first Code covers CCTV systems.

Please note all CCTV systems that cover locations to which the public have access to must be registered with the Commission and comply with the Act.

The Key Elements that are required to ensure compliance with the Act are:-

You must have legitimate reasons for using CCTV cameras.

You must have aims and objectives as to what you require of the system.

Cameras must be located in positions that meet the above aims.

The equipment must be of a high enough specification to meet the aims.

The equipment must be properly serviced and maintained.

The recorded images must be clear and show the images required.

‘Tapes’ must be properly maintained and controlled.

Prior to re-recording tapes must be wiped or cleaned.

Suitable signage must be in place to advise the public that they are being recorded and by whom.

A contact telephone number must be included on the above, allowing access to information on the system.

Procedures must exist to allow controlled third parties access to your recorded images.

Access to your recorded images generally must be controlled.

You are also legally obliged to allow Data Subjects (anyone recorded by your CCTV system) access to any recorded images you have of them.

It is also a requirement or best practice (in the code) to have the following leaflets/forms available for the public:-

General – Describes types of images which are recorded and retained, the purposes for which those images are recorded and retained and information on the disclosure policy.

Standard Data Subject Access Request Form.

A copy of the DPA Code of Practice.

A complaints procedure to be followed if they have concerns about the use of the system.

A complaints procedure about non-compliance with the provisions of the Code of Practice.

To assist both existing and future customers meet the requirements of the Act, Securasound limited through MCC has launched a compliance and management service.

To explain in more detail about the act and our service we hold regular seminars at our offices in Whitchurch. These seminars are free to attend and open to customers and none customers a like. For further details n the seminars please use the link below.

Data Protection Act Seminars

A Brief Guide to Data Protection Act for Controllers