The Office of the Data Protection Commissioner recently updated their Guidance Notes on the use of CCTV systems, which will have a significant impact on employers.

The Data Protection Commissioner CCTV Guidance Notes now state that data controllers should have a written CCTV policy, which should include the following information:-

  1. The identity of the data controller;
  2. The purposes for which data are processed;
  3. Any third parties to whom the data may be supplied.
  4. How to make an access request
  5. Retention period for CCTV
  6. Security arrangements for CCTV

The Guidance Notes also state that the CCTV policy must be publicly communicated which may prove to be an issue for employers, as many employers will not have a CCTV policy in their workplace yet alone be in a position to confirm that they have communicated this policy to their staff.

It is advisable that employers ensure that they now implement a CCTV policy in their workplace, if they have not already done so, and ensure that all staff are aware of this policy. As regards notifying staff, this could be done by providing a copy of the CCTV policy to staff and having the staff sign a receipt document, so as to confirm that they have received a copy of the CCTV policy.

It should be noted that if an employer fails to implement a CCTV policy then they will fall foul of the Data Protection Acts and this failure could lead to their staff making complaints to the Data Protection Commissioner.

To read more:-