The Data Protection Act
The Data Protection Act is there for the protection of data, to wherever possible prevent the misuse of data (in our case video images) being misused by the companies or organisations that have recorded them. There are a number of common misconceptions to do with the act;
-
That the installer or supplier has any responsibilities, they do not. The responsibility is with the Data Controller within the company or institution that operates the CCTV system.
-
That you require specific training to be a Data Controller, you do not. The government website www.ico.gov.uk has all the information that is required. There are of course third party training organisations, however I believe the first port of call should be this government website. The site is very extensive so I have listed the relevant pages below.
-
That all systems need to be covered by the act, this is not the case. If you sell a system that is to be installed domestically in an area that does not have public access then this is under Section 36 and does not need to be registered. The exemption covers a domestic system with a camera that records the public pavement or street. This is common sense as mobile phone recording and personal camcorders are also exempt.
-
That the Data Controller for a system will automatically be prosecuted if the system is not registered. This is not strictly true. The DPA is a regulator and not an enforcement agency. Similar to television licensing you will be generally be given an opportunity to comply prior to any prosecution. Therefore responsible companies and organisations should register their systems.
-
That any system is acceptable as long as it is registered. This is definitely not the case. Consideration must be given to the privacy of the public, members of staff and customers, that the system is in proportion to the risk and that other options have been considered before a system has been installed
-
That one small sign is enough to let people know you are recording. The signage must reflect not only what is installed, but the purpose for which it is installed and if it is installed in an areas that does not make the system operator obvious then the signage must reflect who is responsible. The size and quantity of signs has to be proportional to the area covered
-
That once the system is in and registered that is the end of the responsibility of the system operator. The system needs not only an annual review as to its usefulness but it must be maintained such that the data is useable and that data is stored safely and a register of information released is kept.
To obtain a copy of the Data Protection Act is very easy. Go onto the website of the Information Commissioner’s Office www.ico.gov.uk . Then the tab “FOR ORGANISATIONS”, then “CCTV”. You can now download the “CCTV CODE OF PRACTICE” in either HTML or PDF. Alternatively you can go straight to http://www.ico.gov.uk/Home/for_organisations/topic_specific_guides/cctv.aspx This is 24 pages long but it contains all the information required.
For you to register as the “Data Controller” you can either start from the HOME page www.ico.gov.uk then go to “FOR ORGANISATIONS”, then “TOOLS AND RESOURCES”. Finally go to the link “REGISTER OF DATA CONTROLLERS” and you are there! Alternatively http://www.ico.gov.uk/tools_and_resources/register_of_datacontrollers.aspx does the trick. There is an option of registering online with a helpline if you get stuck.
|
|
