While your organisation needs to protect its digital assets, it also needs to protect itself physically. This is why most organisations run Closed Circuit Television (CCTV) throughout their premises.
However, despite so many organisations operating CCTV, many are still unaware of CCTV best practices. There are a number of things to consider from a legal and operational point of view.
The following blog will take you through the benefits of using CCTV, how to use it correctly, when & how to release footage and why it’s important.
CCTV is paramount to physical security. By being able to record and rewatch footage of your premises, you can identify risks & suspicious activity, keep an accurate record of any malicious activities for later legal action, and maintain the health & safety of your organisation.
From a crime prevention point of view, CCTV is invaluable as a tool for collecting evidence and monitoring risks. For example, if you notice a suspicious individual, you can monitor their activity to see if they return or actually do something to harm your business. The police can then act on this information with video evidence by their side.
CCTV cannot be used without first displaying signs that indicate its use. This is so members of the public are aware that they will be filmed when on your premises, maintaining transparency and trust between your organisation and the public.
It doesn’t just stop with signs either. You can’t display CCTV in a location that you cannot justify. The reasons you could use to justify CCTV use include crime prevention and ensuring health & safety.
Lastly, you should regularly check and make sure your cameras are facing the right way and are not obstructed.
There are a number of reasons why you might release CCTV footage.
If a crime has been committed in the area that your CCTV covers, the police may request specific footage to help with their investigation. This is one of the most common reasons for releasing CCTV footage.
Additionally, CCTV footage of a person is classed as personal data, which means that data subjects (individuals you hold the personal data of) have a right to access this information.
Data subjects can do this by submitting a Subject Access Request (SAR). You must respond to SARs within one month in order to comply with the Data Protection Act (DPA) (2018) and the General Data Protection regulations (GDPR).
Remember, when responding to a SAR, do not include any footage that could identify another individual. This would be classed as a data breach.
Bob’s Business has spent over a decade helping organisations protect their digital and physical assets. Below are a number of simple dos and don’ts, which will help you maintain a strong and secure CCTV system.
Do…
Don’t…
Whether you’re looking for complete culture change, phishing simulations or compliance training, we have solutions that are tailor-made to fit for your organisation.