 |
The Data Protection Act
General Information on the Data Protection Act (1998) The Data Protection Act, (1998) came into effect on March 1st 2000. It has implications for the Owners and operators of CCTV systems that monitor areas to which the public have access. Any organisation whose use of CCTV falls within the remit of the Act and is found to be in breach of the legislation may be held liable in court of law. Evidence gathered on a non-compliant CCTV system may be deemed inadmissible in a criminal prosecution, thus negating the use of the system. The Data Protection Commissioner has issued a Draft Code of practice for Users of CCTV that is accessible on www.dataprotection.gov.uk. 1. A 'Data Controller' must be appointed in every organisation to monitor files and deal with applications from employees and third parties to access records. They then determine the purpose for processing personal information. This is normally for the prevention and detection of crime and public safety within areas the public have access. 2. Notify the Office of the Data Protection Commissioner that you are processing personal data. There must be a legitimate basis for installing CCTV Cameras. 3. Use appropriate signage to notify individuals that CCTV is in operation. This must notify individuals that CCTV is being used, the purpose of the system, who the owner is and contact details. 4. Authorised disclosees and compatibility of disclosure. You must state recipients of information. If you wish to disclose information it must be for a compatible purpose. 5. Unauthorised Disclosure. Be aware of who can see the monitors and who has access to tapes to reduce risk of unauthorised disclosure. 6. An individuals access rights. An individual on payment of the appropriate fee who are the subject of stored data images must be allowed access to them, given satisfactory reasons for doing so and suitable identification. 7. Protect Third Parties . You must not disclose third party details without their consent. This may mean pixilating (obscuring or masking) out third parties from footage in access requests. 8. Train your staff. You must train your staff in Data Protection Principles and Legislation. They must be made aware of their responsibilities i.e. information must be relevant, accurate, kept up to date, kept secure and obtained fairly. 9. Breach of legislation. A breach of the legislation may be a criminal offence and it carries an unlimited fine in Solemn proceedings and is down to personal liability. If an individual suffers damage and distress due to a breach of the Act they may be entitled to compensation. 10. Information. Information must be processed fairly and lawfully, documented and retained no longer than is necessary. The tape retention period should be 31 days. 11. Security. Tapes must be kept secure with only authorised and trained staff having access. Appropriate physical security measures must be taken. 12. Covert cameras. The use of Covert cameras is only lawful if the criminal activity under surveillance can be specifically identified: routine and general covert surveillance is not authorised. If the Principles of the Act are not complied with then, apart
from being a breach of the Act itself, any evidence gathered for
court proceedings may become inadmissible. |