CCTV Policy

1.1 Introduction

Closed Circuit Television Systems (CCTVS) are installed at Level Peaks Ltd.

New CCTV systems will be introduced in consultation with employees and the board of directors.  Where systems are already in operation, their operation will be reviewed regularly in consultation with employees and the board of directors.


1.2 Purpose of this policy

The purpose of this policy is to regulate the use of Closed-Circuit Television and its associated technology in the monitoring of both the internal and external environments of the premises.

CCTV systems are installed (both internally and externally) in premises for the purpose of enhancing security of the building and its associated equipment as well as creating a mindfulness among the occupants, at any one time, that a surveillance security system is in operation within and externally to the premises during both the daylight and night hours each day. CCTV surveillance is intended for the purposes of:  

  • Protecting the company buildings and assets, both during and after working hours;
  • Promoting the health and safety of employees and visitors. 
  • Reducing the incidence of crime (including theft and vandalism);

This policy relates directly to the location and use of CCTV and the monitoring, recording and subsequent use of such recorded material.  


1.3 General Principles

  1. Level Peaks Ltd has a statutory responsibility for the protection of its property, equipment and other plant as well providing a sense of security to its employees and visitors to the premises.  Level Peaks Ltd holds a duty of care under the provisions of Safety, Health and Welfare at Work Act 2005 and associated legislation and utilises CCTV systems and their associated monitoring and recording equipment as an added mode of security and surveillance for the purpose of enhancing the quality of life of the employees by integrating the best practices governing the public and private surveillance of its premises. 
  2. The use of the CCTV system will be conducted in a professional, ethical and legal manner and any diversion of the use of CCTV security technologies for other purposes is prohibited by this policy e.g. CCTV will not be used for monitoring employee performance.  
  3. Information obtained through the CCTV system may only be released when authorised by the board of directors. Any requests for CCTV recordings/images will be fully recorded and legal advice will be sought if any such request is made. (See “Access” below).  If a law enforcement authority is seeking a recording for a specific investigation, if such a request is made it should be requested in writing and Level Peaks Ltd will immediately seek legal advice.
  4. This policy prohibits monitoring based on the characteristics and classifications contained in equality and other related legislation e.g. race, gender, sexual orientation, national origin, disability etc. 
  5. Video monitoring of public areas for security purposes within Level Peaks premises is limited to uses that do not violate the individual’s reasonable expectation to privacy. 
  6. Information obtained in violation of this policy may not be used in a disciplinary proceeding against an employee or visitor.
  7. All CCTV systems and associated equipment will be required to be compliant with this policy, images captured by CCTV systems are “personal data.”  They are therefore subject to the provisions of the Data Protection Act 2018 and GDPR 2018.


1.4 Justification for use of CCTV

  1. The Data Protection Act requires that data is “adequate, relevant and not excessive” for the purpose for which it is collected. This means that Level Peaks Ltd needs to be able to justify the obtaining and use of personal data by means of a CCTV system. The use of CCTV to control the perimeter of the building for security purposes has been deemed to be justified by the board of management.  The system is intended to capture images of intruders or of individuals damaging property or removing goods without authorisation.  
  2. CCTV systems will not be used to monitor normal day to day activity in the offices.
  3. In other areas of the workplace where CCTV has been installed, e.g. hallways and stairwells the board of directors has demonstrated that there is a proven risk to security and/or health & safety and that the installation of CCTV is proportionate in addressing such issues that have arisen prior to the installation of the system.


1.5 Location of Cameras

The location of cameras is a key consideration.  Use of CCTV to monitor areas where individuals would have a reasonable expectation of privacy would be difficult to justify. Level peaks Ltd has endeavoured to select locations for the installation of CCTCV cameras which are least intrusive to protect the privacy of individuals.  Cameras placed to record external areas are positioned in such a way as to prevent or minimise recording of passers-by or of another person’s private property.

 CCTV Video Monitoring and Recording of Public Areas may include the following: 

  • Protection of workplace building and property: The building’s perimeter, entrances and exits, lobbies and corridors, special storage areas, receiving areas for goods/services 
  • Monitoring of Access Control Systems: Monitor and record restricted access areas at entrances to buildings and other areas. 
  • Verification of Security Alarms: Intrusion alarms, exit door controls, external alarms. 
  • Video Patrol of Public Areas: Parking areas and Main entrance/exit.
  • Criminal Investigations such as robbery, burglary and theft surveillance


1.6 Covert Surveillance 

  1. Level Peaks Ltd will not engage in covert surveillance.
  2. Where law enforcement agencies request to carry out covert surveillance on the premises any such request will be in writing and Level Peaks Ltd will seek legal advice.   


1.7 Notification – Signage

  1. The Principal will provide a copy of this CCTV Policy on request to employees and visitors to the premises. This policy describes the purpose and location of CCTV monitoring, a contact number for those wishing to discuss CCTV monitoring and guidelines for its use.  The location of CCTV cameras will also be indicated to the board of directors.  
  2. Adequate signage will be placed at each location in which a CCTV camera(s) is sited to indicate that CCTV is in operation.  Adequate signage will also be prominently displayed at the entrance to the premises. Signage shall include the name and contact details of the data controller as well as the specific purpose(s) for which the CCTV camera is in place in each location. An example of which can be seen in annex A.

Appropriate locations for signage will include:

  • At entrances to premises i.e. external doors.
  • Reception area.
  • At or close to each internal camera.


1.8 Storage and Retention

  1. The Data Protection Act states that data “shall not be kept for longer than is necessary for” the purposes for which it was obtained.  A data controller needs to be able to justify this retention period. For a normal CCTV security system, it would be difficult to justify retention beyond a month (28 days), except where the images identify an issue – such as a break-in or theft and those images/recordings are retained specifically in the context of an investigation/prosecution of that issue. 
  2. Accordingly, the images captured by the CCTV system will be retained for a maximum of 28 days, except where the image identifies an issue and is retained specifically in the context of an investigation/prosecution of that issue.
  3. The images/recordings will be stored in a secure environment with a log of access kept. Access will be restricted to authorised personnel. Supervising the access and maintenance of the CCTV System is the responsibility of the DPO. The DPO may delegate the administration of the CCTV System to another employee.  In certain circumstances, the recordings may also be viewed by other individuals in order to achieve the objectives set out above such as law enforcement agencies. When CCTV recordings are being viewed, access will be limited to authorised individuals on a need-to-know basis.  
  4. Tapes/DVDs will be stored in a secure environment with a log of access to tapes kept.  Access will be restricted to authorised personnel. Similar measures will be employed when using disk storage, with automatic logs of access to the images created.


1.9 Access

Tapes/DVDs storing the recorded footage and the monitoring equipment will be securely stored in a restricted area.  Unauthorised access to that area will not be permitted at any time. The area will be locked when not occupied by authorised personnel.  A log of access to tapes/images will be maintained. 

Access to the CCTV system and stored images will be restricted to authorised personnel only.

In relevant circumstances, CCTV footage may be accessed:

  • As required by law to make a report regarding the commission of a suspected crime; or
  • Following a request by law enforcement agencies when a crime or suspected crime has taken place 
  • To data subjects (or their legal representatives), pursuant to an access request where the time, date and location of the recordings is furnished to Level Peaks Ltd or
  • To individuals (or their legal representatives) subject to a court order. 
  • To the insurance company where the insurance company requires in order to pursue a claim for damage done to the insured property or theft.


1.10 Requests by law enforcement agencies

Images and video obtained through video monitoring will only be released when authorised by the by the board of directors. If law enforcement agencies request CCTV images for a specific investigation, any such request made should be made in writing and Level Peaks Ltd would immediately seek legal advice.


1.11 Subject Access Requests

  1. On written request, any person whose image has been recorded has a right to be given a copy of the information recorded which relates to them, provided always that such an image/recording exists i.e. has not been deleted and provided also that an exemption/prohibition does not apply to the release.  
  2. Where the image/recording identifies another individual, those images may only be released where they can be redacted/anonymised so that the other person is not identified or identifiable.  
  3. To exercise their right of access, a data subject must make an application in writing to the DPO.  The DPO may charge for responding to such a request when pictures and/or video is provided. 
  4. The DPO must respond within 30 days of where the data subject has been identified. This can be a government identification such as a passport or driving licence. For more information please refer to the SARS (Subject Access Request) procedure.
  5. Access requests can be made through the contact us form on the website.
  6. A person should provide all the necessary information to assist the DPO in locating the CCTV recorded data, such as the date, time and location of the recording.  If the image is of such poor quality as not to clearly identify an individual, that image may not be personal data and may not be handed over by DPO
  7. In giving a person a copy of their data, the DPO may provide a still/series of still pictures, a tape or a disk with relevant images.  However, other images of other individuals will be obscured before the data is released.


1.12 Responsibilities

The DPO will:

  1. Ensure that the use of CCTV systems is implemented in accordance with the policy.
  2. Oversee and co-ordinate the use of CCTV monitoring for safety and security purposes.
  3. Ensure that all existing CCTV monitoring systems will be evaluated for compliance with this policy 
  4. Ensure that the CCTV monitoring is consistent with the highest standards and protections 
  5. Review camera locations and be responsible for the release of any information or recorded CCTV materials stored in compliance with this policy 
  6. Maintain a record of access (e.g. an access log) to or the release of tapes or any material recorded or stored in the system 
  7. Ensure that monitoring recorded tapes are not duplicated for release 
  8. Ensure that the perimeter of view from fixed location cameras conforms to this policy both internally and externally 
  9. Provide a list of the CCTV cameras and the associated monitoring equipment and the capabilities of such equipment. 
  10. Approve the location of temporary cameras to be used during special events that have particular security requirements and ensure their withdrawal following such events.   NOTE: [Temporary cameras do not include mobile video equipment or hidden surveillance cameras used for authorised criminal investigations.
  11. Consider both visitors and employee feedback/complaints regarding possible invasion of privacy or confidentiality due to the location of a particular CCTV camera or associated equipment 
  12. Ensure that all areas being monitored are not in breach of an enhanced expectation of the privacy of individuals within the premises and be mindful that no such infringement is likely to take place 
  13. Co-operate with the Health & Safety Officer in reporting on the CCTV system in operation on the premises
  14. Ensure that adequate signage at appropriate and prominent locations is displayed as detailed above and in annex A.
  15. Ensure that external cameras are non-intrusive in terms of their positions and views of neighbouring properties and comply with the principle of “Reasonable Expectation of Privacy” 
  16. Ensure that monitoring tapes are stored in a secure place with access by authorised personnel only 
  17. Ensure that images recorded on tapes/DVDs/digital recordings are stored for a period not longer than 28 days and are then erased unless required as part of a criminal investigation or court proceedings (criminal or civil) or other bona fide use as approved by the board of directors
  18. Ensure that when a zoom facility on a camera is being used, there is a second person present with the operator of the camera to guarantee that there is no unwarranted invasion of privacy 
  19. Ensure that camera control is solely to monitor suspicious behaviour, criminal damage etc. and not to monitor individual characteristics 
  20. Ensure that camera control is not infringing an individual’s reasonable expectation of privacy in public areas 
  21. Ensure that where law enforcement agencies request to set up mobile video equipment for criminal investigations, legal advice has been obtained and such activities have the approval of the board of directors.


1.13 Implementation and Review

The policy will be reviewed and evaluated from time to time. On-going review and evaluation will take place in accordance with changing information or guidelines (e.g. from the Information Commissioners Office), law enforcement agencies and feedback from employees and visitors.  


1.14 Annex A – Example Signage


CCTV cameras in operation

Images are being monitored and recorded for the purpose of crime-prevention and the safety of our staff and visitors and for the protection of the premises.  This system will be in operation 24 hours a day, every day.  

These images may be passed to law enforcement agencies.  

For more information contact Jim Smith on 01432 341686


Read more