CCTV and business
The United Kingdom has a set of legal requirements that must be followed when using a Closed Circuit Television (CCTV) system. CCTV is a powerful tool for deterring and detecting crime, and it is important that these systems are properly regulated. This article will explain the UK legal requirements for CCTV, including registration and data protection, as well as the use of CCTV footage in criminal proceedings.
Businesses must ensure that if they use CCTV, they do so legally and that any footage recorded is securely stored, as opposed to the recent incident involving the UK’s health secretary, Matt Hancock Chris Price reports.
Shaky CCTV footage and still images of former health secretary Matt Hancock embracing his aide recently went viral, prompting his resignation for violating his own COVID regulations.
While it is unknown how the video was obtained, it is clear that government agencies, like other businesses, are increasingly using CCTV to monitor their employees and visitors, as well as their buildings.
Well, what can a business do to make sure they stay on the right side of the law when it comes to using overt and covert surveillance? And what can they do to prevent the footage from being leaked, if not to media organisations, then to people they don’t want to see it?
Is surveillance more important than people’s privacy?
Firstly, there is the problem of whether using CCTV in the workplace is even legal. It is, but with some caveats. Under surveillance law, businesses have the right to protect their legitimate business interests using CCTV, as long as its use is proportionate, necessary, and addresses a pressing need that cannot be handled in any other way.
On the other hand, Article 8 of The Human Rights Act (1998) lets us know what a person’s rights to privacy are in public spaces and the workplace, as well as the home. The legislation also reveals an individual’s right to freedom including the Data Protection Act (DPA) of 2018 which expands on Article 8 of The Human Rights Act and GDPR (General Data Protection Regulation) which makes it clear that CCTV is personal info and includes specific requirements about how footage is collected, processed and disclosed.
Toni Vitale, a partner at Gateley Legal, says businesses should never invade people’s privacy. An example would be that while it is perfectly legal to monitor how long people are working at their desks and their work-related emails if they are informed, it would be illegal to check private emails whether they are from a work or personal email address.
Informants
The use of recording equipment isn’t always by the employer. Sometimes it can be used by an employee. Toni says he’s dealt with employees recording managers due to concerns of bullying or sexual harassment.
In many cases, this audio or video evidence will be admitted by an employment tribunal, but if the employer is innocent then it would technically be a breach of their human rights and so would be a criminal offence under the Data Protection Act, section 170. Likewise, if an employee takes footage of another employee who has done nothing wrong then this may also be a breach of their data protection rights.
However, in the case of Matt Hancock, the person who captured footage from the security camera in his office probably affirmed they were a ‘whistleblower’ and that it was in the public interest to reveal the health secretary’s breach of the social distancing regulations he promotes.
Letting the ICO know
Most businesses simply use CCTV for security-related or intelligence purposes, like tracking the number of people who enter and leave a building for insurance reasons. However, it’s vital that if they use cameras for management purposes – like logging how long employees are spending at their desk – that staff are informed of this, claims ACCL’s, Andy Stocker.
‘Every camera needs to be registered with the ICO (Information Commissioner’s Office), stating its purpose and use. This isn’t an issue for ‘overt surveillance cameras’, Stocker claims that the use of covert surveillance cameras in the workplace ‘would almost certainly never be given’ unless it was for a ‘very specific criminal investigation.’ Stocker says it’s vital that every camera has a specific purpose and that people know how it is used.
Stocker says in the case of Matt Hancock that it’s not likely the camera was moved. “As a designer of a CCTV system, that’s where I would put a camera to get the image of someone coming through a door.” That said, he admits that most organisations will install cameras in more public areas such as the lobby, lift or entrance and exit points of the building. “We tend not to put cameras in areas where people have a reasonable expectation of privacy such as inside an office.”
Storing CCTV footage
Archiving CCTV footage, according to Genetec’s Nick Smith, keeping data secure, including CCTV footage, is becoming increasingly difficult for businesses, especially when it is typically stored for at least a month. “With everyone having mobile devices with cameras, it is difficult to stop data movement outside of the control room.” However, measures can be put in place so that if CCTV footage is shot from a computer monitor, as appears to be the case in the Matt Hancock case, the details of the operator who is logged into the system at the time will appear as a watermark on the screen. CCTV can be an effective way for businesses to protect their assets, comply with health and safety regulations, and possibly monitor employee behaviour. They must, however, be fully transparent with employees about how cameras are used, registration with the ICO, and balancing business interests with individual privacy rights. Appropriate steps must also be taken to mitigate risks in the event that the worst happens and CCTV footage falls into the wrong hands, as happened recently in a UK government building.
Please see our course page for CCTV, Alarm, Access Control, and Fire Alarm courses.