Images which are recorded and held about identifiable individuals are covered by the Data Protection Act 1998. If you have or are thinking of installing CCTV cameras in the workplace to routinely capture images of individuals; you will need to comply with your legal obligations under the Act.

The Code of Practice for Surveillance Cameras and Personal Information sets out the Information Commissioner's Office (ICO) recommendations on how you can meet the requirements of the Act and comply with the data protection principles.

There are many reasons why you might want to have CCTV installed at your business premises, e.g. it can be an added security measure and/or a deterrent to theft. However, many employees will see this as ‘big brother' watching them and feel it is an invasion of their privacy at work. It is therefore important to undertake an impact assessment to weigh up the benefits of having CCTV. The starting point is to consider whether you should use it in the first place, assessing what purposes you wish to use it for, what benefits you will gain, what better solutions might exist and what effect it may have on your employees' privacy.

If you reach the conclusion that CCTV is justified in all circumstances, then you must register your use of it with the ICO. Failure to do so could lead to you being prosecuted and fined for breaching the Data Protection Act.

If you would like guidance or advice on this matter, please call Practical HR on 01702 216573 or email

Back to recent articles