As well as choosing equipment that's fit for purpose, you must keep records about how the system is managed. You’ll need to you have the right policies and your staff will need training to protect what you collect.
Research the type of equipment you need
When you choose equipment, you must make sure it's fit for purpose. For example, it may need to capture video at a high enough resolution that you can recognise people.
Other things you must consider include:
- it's likely you’ll need to collect and store metadata – like date, time and location
- you'll need to make sure the equipment is well maintained
- make sure the equipment does not pose any health and safety risks.
Staff training and record keeping
You must keep records showing:
- who is responsible for operating the surveillance system
- how you protect and manage the information it collects.
You must make sure the only people with access to recorded information are people with a legitimate and lawful need. For example:
- CCTV monitors need to be in a lockable office
- you must use strong passwords to protect information.
You're responsible for the security of the information you collect even if it's held by someone on your behalf. For example, it could be on a server managed by a hosting company.
To protect people's information, you must make sure:
- your staff are properly trained in handling information gathered by surveillance
- you have clear policies and procedures for when people ask for access to recordings, about sharing information and for complaints about surveillance
- you keep a record of who has had access to the information, when and why
- you have a clear policy about keeping information and recordings secure, how long you keep them for, and when and how you destroy them
- if someone else (like a security company) is handling personal data on your behalf, your contract with them must set out clear rules on how they process it.