CCTV Rules for Business
The massive adoption of CCTV technology in the mid-1990s prompted the government and public authorities to take a more active role in the regulation of video surveillance. UK legislation walks a thin border between recognising the benefits of CCTV surveillance and limiting its erosion of privacy.
The Human Rights Act (HRA) of 1998 is the broadest, but also the most fundamental piece of legislation that governs the use of CCTV cameras. Article 8 of the HRA outlines a person’s right to privacy, which extends to public spaces and the workplace, not only to their private home.
Overly intrusive CCTV surveillance, without legitimate security or business purpose, can constitute a breach of this right.
The Protection of Freedoms Act (POFA) of 2012 is primarily concerned with CCTV usage in public spaces, but it’s a useful landmark. The CCTV Code of Practice issued under its auspices is particularly useful, regardless of the deployment environment.
The GDPR clarifies that CCTV footage is personal information, and includes a number of specific requirements regarding how personal information is stored and processed. It also requires those who hold this data (i.e. employers) to disclose it, based on subject access requests (SARs) from employees.
The Data Protection Act (DPA) of 2018 expands upon the surveillance implications of Article 8 of the HRA and the GDPR. It’s an act with a long history: the one we have today replaces another act, whose history goes back to 1998. It details the status of CCTV footage and outlines requirements for the collection, processing and disclosure of CCTV data. Many of the explicit requirements for CCTV deployment originate in this document