Does anyone have any tips or guidelines on internal CCTV. What to consider with how and where signs need to be place (on each floor, or only at the main entrance), retention time frames and other employee notifications
Best practices for in office CCTV
Share
HellenB
As Suze says – the ICO has plenty of really good guidelines.
Key thing to remember is that you have to have a purpose for having the CCTV, e.g. prevention of crime so where you site the cameras is very important (i.e. in corridors rather than office spaces, covering warehouse doors rather than whole warehouses), server room doors and they can’t be seen as surveillance tools. You absolutely can’t have them in toilets or rest areas, nor should you be recording sound. .Employees have a right to privacy which must be respected
Once you have determined the purpose, this will tell you how long to keep the footage, i.e. if it is to detect a break in then you would spot this no more than 3 days later (i.e. if it happens on a Friday) so you would probably want a 7 day retention.
Suze
Hi – the ICO has really good guidance for the use of CCTV e.g. https://ico.org.uk/media/for-organisations/documents/1542/cctv-code-of-practice.pdf
It’s also worth remembering that CCTV is in the scope of Data Subject Access etc. There are no defined retention periods in law, but the more data you hold, the higher your risk and the more it will cost.
Chris Roberts
I’ve recently carried out two CCTV audits. Suze and Hellen provide great input. Here’s a view of some of the things I caught in the to cases, listed in no particular order.
1. CCTV provider, the clients Processor, refused to answer any legitimate security and GDPR compliance questions siting their own security. Recommendation vendor is not fit for purpose!
2. Anecdotal evidence, all the passwords for all the CCTV systems the Processor sells have the same login details. Why? Because their engineers at 3-m on a Friday logon to all the hospitality sites and see which is the quietest to go and have a beer in!!!!
3. The Recording unit, fully visible behind the bar. No limit to how long recordings kept because the new shiny box has massive disk space.
I could go on ….. hope this helps?
Chris Roberts
4. A legal firm requested images for an employee dispute and the client downloaded and sent to the legal firm using an unencrypted disk by standard post! No logs were being kept of requests for personal data!
5. Cameras pointing towards a Gents toilets and house next door did have blocking technology enabled on them (this was good).
6. All users share the same login details.
The CCTV world has some way to go.
Elisavet D.
Have also in mind that there might be a national law imposing specific requirements. In Sweden for example we have “Kamerabevakningslag” (Camera Surveillance Act).