Images of a living individual recorded by CCTV cameras are considered personal information about that individual. The processing of the images should be in compliance with the Data Protection Act 1998 which was extended from the Data Protection Act 1984 (which was repealed on 1st March 2000) to cover all types of records which contain information about individuals.
The Act consists of 8 principles of good information handling and personal data is entered onto a register controlled by the Information Commissioner.
The 8 principles require that:
WHO IS THE DATA CONTROLLER?Part of the answer supplied to Leasehold Life by the ICO concerned Section 5 of the CCTV Code of Practice 2008:Establishing a clear basis for the handling of any personal information is essential and the handling of images relating to individuals is no different. It is important to establish who has responsibility for the control of the images, for example deciding what is to be recorded, how the images should be used and to whom they may be disclosed. The body which makes these decisions is called the Data Controller and it is legally responsible for compliance with the DPA.More Than One OrganisationIf two organisations are used then each should know its responsibilities and obligations. If both make decisions about the purposes and operation of the scheme, then both are responsible under the DPA. This may be the case, for example, where the police have a ‘live feed’ from a local authority-owned camera.
Clear procedures will also need to be established to determine how the system is used in practice:
The ICO then went on to advise that as can be seen, the Data Controller would be the organisation responsible for making decisions about the processing of the images. If this is our freehold RMC then they may, as Data Controller allow other oganisations, such as the company installing the CCTV or the managing agent, to process the images on their behalf, under contract, as data processors. In this the freehold RMC would remain data controllers and be responsible under the DPA for any processing of the images.In finishing they advised particular attention be paid to to Section 9 of the CCTV Code of Practice 2008:You must let people know that they are in an area where CCTV surveillance is being carried out. The most effective way of doing this is by using prominently placed signs at the entrance to the CCTV zone and reinforcing this with further signs inside the area. Clear and prominent signs are particularly important where the cameras themselves are very discreet, or in locations where people might not expect to be under surveillance. As a general rule, signs should be more prominent and frequent where it would otherwise be less obvious to people that they are on CCTV.In the exceptional circumstance that audio recording is being used, this should be stated explicitly and prominently.Signs should:
NOTIFIYING THE ICOThe Data Protection Act 1998 requires every data controller who is processing personal information to register with the ICO, unless they are exempt.To demonstrate who is the contact operator our signs have www.whoiswatchingme.org and on completion the Scheme ID will provide further information.SUMMARYData protection legislation ensures that personal data is not processed without the knowledge and consent of the person on whom the data is held (except in certain cases). Legislation enforces a set of standards for both the accuracy and the processing of such information.Data Protection can however often be a somewhat contentious issue because it is often used as a blanket response to the most reasonable requests for information. The ICO on the other hand state that where the request is made for legitimate reasons, the Data Protection Act wiill not prevent the disclosure of such information.
While this website is constantly checked and updated for accuracy, the information and articles provided by Leasehold Life and it's guest contributors are not to be construed as legal advice.
We have 16 guests and no members online