The Data Protection Act 1988 is a piece of legislation in the UK designed to protect an individual’s sensitive data. This could relate to their race, ethnic origin, political opinions, religious beliefs, sexual orientation, physical or mental health, and more. The act was brought about to prevent organisations from taking advantage of sensitive data, giving people the right to have their data stored securely. Providing the data is gathered lawfully, it can only be passed on with an individual’s consent. The same applies to CCTV. If an individual can be identified from CCTV footage, that is regarded as ‘sensitive data’. However, the data protection law around CCTV usage for businesses is slightly different. These are the main points to consider:
> Your business must have a legitimate reason for gathering the data, such as ensuring the safety and wellbeing of customers and staff or protecting against theft.
> The CCTV footage must only be kept or used until its purpose is fulfilled, then it must be discarded. Many organisations only keep footage for a period of days or weeks.
> Storage of any footage must be secure to prevent unauthorised access.
> Subject access requests still apply. That means any individual who appears on your CCTV footage has a right to request a copy of that footage by law.
Those are the basic essentials of data protection when it comes to using CCTV systems, but the law around data protection is constantly evolving. It’s always best to speak to a CCTV professional if you’re considering installing a new system. Not only will they be able to lend their expertise and give you an optimised system, they’ll make sure you’re operating within the law and advise you of any steps you need to take while monitoring.