Document the name of the person or organisation responsible for administrating the CCTV system.

Document the reason(s) for the utilising CCTV equipment

Document the purpose of the proposed system

Ensure that notification is lodged with the data protection commissioner for the purpose of the proposed system and the name of the person or organisation responsible for the CCTV system.

Establish and document security and disclosure polices

Employees must be made aware of the purpose for which the system has been established.

Operators must be made aware that they are only able to use the equipment in order to achieve the purpose for which it has been installed.

Signs must be placed so that the public are made aware that they are entering a zone, which is covered by surveillance equipment.

If time and date information is recorded onto each image it must be ensured that these are correct.

If images are retained for evidential purposes, they should be retained in a secure place to which access is controlled.

On removing the medium on which the images have been recorded, for use in legal proceedings the operator should ensure that they have documented: -

A. The date on which the images were removed from the general system for legal use.
B. The reason why they were removed from the system.

C. The crime incident number to which the images relate.
D. The signature of the collecting police officer and the images location.

Access to recorded images must be restricted to a manager or designated member of staff who will decide whether to allow access by third party's to in accordance with the companies documented disclosure policies.

All requests for access or disclosure should be recorded. If access or disclosure is denied, the reason should be documented.

All staff involved must be able to recognise a request for access to recorded images by data subjects.

Individuals should be provided with a leaflet which describes the types of images recorded and retained, the purposes for which those images are recorded and information about the disclosure policy relating to those images. This should be provided at the time the individual is provided with a request form.

The time and date recorded on each image should be periodically checked for accuracy.

A maintenance log should be kept.

If a camera is damaged there should be clear procedures for defining the person responsible for ensuring the camera is fixed and the time frame it must be fixed within.

All operators and employees with access to images should be made aware of the procedures which need to be followed when accessing recorded images

If access or disclosure is allowed then the following must be documented:

A.  The date and time access was allowed or the date that disclosure was made.
B.  The identification of the third party.

C.  The reason for allowing access.
D.  The extent of the information to which access was allowed.

Data subjects should be provided with a standard subject access request form detailing information required, time, date, and detailing the charge for accessing the information (A maximum of £10.00 may be charged for each search)