This policy sets out the actions and procedures which must be followed to comply with the Data Protection Act in respect of the use of closed circuit television (CCTV) surveillance system managed by the Company.
The Data Protection Act covers the processing of images of individuals caught by CCTV cameras the legislation means that legally enforceable standards apply to the collection and processing of images relating to individuals.
This policy will cover all staff and visitors of the company and other persons whose image may be captured by the system.
The purpose of the CCTV system is for the:
Before any installation the location of the equipment will be carefully considered. The Company will ensure that the installation complies with the Data Protection Act and CCTV Code of Practice.
Signs will be erected on all entrance points to the premises and throughout the site to ensure that staff and visitors are aware they are entering an area that is covered by CCTV surveillance equipment.
The signs will include company contact details and the purpose for the surveillance. Recording equipment will be installed in secure locations with restricted access. The equipment, and placement of the cameras will be regularly reviewed to ensure that the system remains compatible with the purpose of the CCTV system.
The CCTV systems will be managed and maintained by the IT and Maintenance Departments under the direction of the IT Manager and the Technical Services Manager.
The images produced must be as effective as possible for the purpose for which they are intended.
Images, which are not required for the purpose for which the equipment is being used, will not be retained for longer than is necessary.
All recorded images will be stored securely within the systems hard drives, for up to 60 days when they are then automatically erased unless the images are required for evidential purposes in legal or Company disciplinary proceedings.
Evidential recordings will be stored securely until completion of the proceedings. If requested copies of the recordings shared with the police, in this case the recording will be copied onto a DVD marked with the date, time and location of the incident along with the crime number and handed directly to the police.
Viewing of images will be controlled by the Area Manager. Only persons authorised by the Area Manager can access CCTV data.
Third parties access and disclosure is only permitted under the control of the Area Manager if it supports the purpose for the surveillance scheme.
The Data Protection Act gives any individual the right to request access to CCTV images. The Company Data Protection Lead will deal with access request under the Company Data Protection Policy.
All employees have a role to play in enforcing the policy and are required to deal with any observed or reported breaches. Should employees feel apprehensive about their own safety in regard to addressing any breach, they should seek senior management support.
Failure to comply with this policy may lead to a lack of clarity over job role, learning needs or expected standards of performance, resulting in reduced effectiveness or efficiency, underperformance and putting service delivery at risk.
Any member of staff refusing to observe the policy will be liable to disciplinary action in accordance with the Company’s Disciplinary Policy up to and including dismissal.
Overall responsibility for policy implementation and review rests with the Company senior management. However, all employees are required to adhere to and support the implementation of the policy. The Company will inform all existing employees about this policy and their role in the implementation of the policy. They will also give all new employees notice of the policy on induction to the Company.
This policy will be implemented through the development and maintenance of procedures for appraisals and one-to-one meetings, using template forms, and guidance given to both managers and employees on the process.