An employer who installed CCTV on business premises has been convicted of a criminal offence under the Data Protection Act 1998. You can have CCTV but what did this employer fail to do?
There are many reasons why you might want to have CCTV installed at your business premises, e.g. it can be an added security measure and/or a deterrent to staff theft. If you use, or are thinking about, CCTV or other forms of surveillance cameras such as body-mounted or in-vehicle recording devices, there are three important things you must do.
Firstly, you must follow the CCTV Code of Practice issued by the Information Commissioner’s Office. Secondly, an impact assessment must be carried out. Although it sounds technical, this is simply an exercise that weighs up the benefits of having CCTV against the loss of employees’ privacy. The third thing you must do is register your use of CCTV with the ICO. Kavitha Karthikesu (K), who is a small employer, ignored this legal requirement when she installed CCTV in her business premises. The ICO was tipped off and in February 2017 she was convicted of breaching s.17Data Protection Act 1998 (DPA), fined £200 and ordered to pay costs totalling just under £450.
Interestingly, the ICO had formally written to K on a number of occasions advising her that she was in breach of the DPA regarding her use of workplace CCTV. Her defence to ignoring its communications was that she thought they were a scam. The use of CCTV must always be noted on your entry in the register of data controllers. If you need to amend your current DPA registration with the ICO to include CCTV, this can be done online or by phone.
We will update you shortly on the new changes coming into effect regarding Data Protection which will mean that HR processes may need to be reviewed.