CCTV Policy

1. You are here: CCTV (Surveillance Camera) Policy
2. Appendix

1. CCTV (Surveillance Camera) Policy

Date of publication: April 2025

Please note: This policy is intended to serve as general guidance only and does not constitute legal advice. The application and impact of laws can vary widely based on the specific facts involved. This policy should not be used as a substitute for consultation with professional legal or other competent advisers. Before making any decision or taking any action, you should consult a professional.

1. Introduction

1.1 Reigate & Banstead Borough Council (hereafter referred to as ‘RBBC’) uses surveillance cameras for the purpose of fulfilling its legal obligations and statutory functions, namely the prevention and detection of crimes; antisocial behaviour; maintaining public safety and National Security.

1.2 RBBC is committed to complying with the Human Rights Act 1998, the Data Protection Act 2018, the Investigatory Powers Act 2016, the Regulation of Investigatory Powers Act 2000 (RIPA 2000), and the Freedom of Information Act 2000. The purpose of this policy is to regulate the operation and management of surveillance cameras that are installed across RBBC premises, vehicles, and the wider borough.

1.3 RBBC ensures that appropriate security measures are put in place for the protection of the personal data of natural persons by securing the confidentiality, integrity, and availability of personal data being processed via surveillance cameras.

1.4 Surveillance cameras gather footage that are capable of identifying natural persons, and as such, are classified as personal data. The UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA 2018) governs the processing of personal data and provides that any processing must be done in a lawful, fair, and transparent manner.

1.5 Monitoring of public areas with surveillance cameras for security purposes will be conducted in a manner consistent with all existing policies adopted by RBBC, including the Equality and Diversity policy and codes of practice for dealing with complaint partners of RBBC. This includes representatives from Surrey Police, the Police and Crime Commissioner, Surrey Fire and Rescue Service, Clinical Commissioning Groups and Probation (the 'responsible authorities'), who have a responsibility for public safety in the area.

1.6 This policy should be read in conjunction with other related policies, guidance, and legislation including, Protection of Freedoms Act 2012 (PoFA 2012), the Surveillance Camera Commissioner’s Code of Practice, RBBC’s Data Protection Policy, Data Privacy Impact Assessment (DPIA) Policy, Access to Information Policy, the Information Sharing Policy, UK GDPR, DPA 2018, and the Human Rights Act 1998 (HRA).

1.7 The update to the Surveillance Camera Code of Practice released by the Biometrics and Surveillance Commissioner, which came into effect on the 12th of January 2022, covers current and future technologies for the gathering and use of footage and associated information. The overarching purpose of this code is to establish standards for current and future technologies, and to allow the legitimate use of these technologies in a way that maintains public trust and confidence. RBBC understands its responsibilities as outlined by this code of practice and will comply accordingly.

1.8 RBBC will formally notify the Information Commissioner’s Office (ICO), as a Data Controller on an annual basis that they are holding personal and sensitive information.

Failure to register a surveillance camera system is a criminal offence.

RBBC is registered with the ICO as follows:

Data controller: Reigate & Banstead Borough Council

Address: Town Hall, Castlefield Road, Reigate, Surrey, RH2 0SH

Registration number: Z5833130

Date registered: 1 October 2001

2. Definitions

2.1 For the purposes of this Surveillance Camera Policy, the following terms have the following meanings:

ANPR: Automatic number plate recognition. This is not currently in use by RBBC but may be adopted on a needs basis.
BWV: Body Worn Video. This is not currently in use by RBBC but may be adopted on a needs basis.
CCTV: Closed Circuit Television, used to monitor a wide variety of locations to aid the deterrence and detection of crime and other incidents. For the purposes of this Policy, CCTV does not include portable media, such as iPads, phones or video recording devices used in training.
Commissioner: the role undertaken by the Biometric and Surveillance Camera Commissioner, as set out in PoFA 2012. To encourage compliance with the Surveillance Camera Code of Practice, it is the function of the Commissioner to provide information and advice on all matters within this code relevant to surveillance camera systems.
Covert Surveillance: means any use of surveillance for which authority does fall under RIPA 2000.
Data: means information, which is stored electronically, or in certain paper-based filing systems. In respect of surveillance cameras, this generally means video footage. It may also include static pictures such as screenshots or audio footage.
Data Controllers: the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
Data Processors: ‘processor’ means a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.
Data Subjects: The identified or identifiable living individual to whom personal data relates.
Data Users: means those RBBC employees whose work involves the processing of personal data. This will include those whose duties are to operate surveillance cameras to record, monitor, store, retrieve, and delete footage. Data Users must protect the personal data they handle in accordance with this Surveillance Camera Policy and RBBC’s Data Protection Policy.
Data Protection Impact Assessment (DPIA): refers to a process which helps assess data protection and privacy risks to individuals in the collection, use, and disclosure of data.
DEMS: Digital Evidence Management System.
Overt Surveillance: means any use of surveillance for which authority does not fall under RIPA 2000.
Personal Data: means data relating to a living individual who can be identified from that data. This will include video footage of identifiable individuals.
Processing: any activity which involves the use of personal data, including obtaining, recording, or holding data, or carrying out any operation on the personal data including organising, amending, retrieving, using, disclosing, or destroying it. Processing also includes transferring personal data to third parties.
Public place has the meaning given by Section 16(b) of the Public Order Act 1986 and is taken to include any highway and any place to which at the material time the public or any section of the public has access, on payment or otherwise, as of right or by virtue of express or implied permission.
Surveillance Cameras: means any devices or systems designed to monitor or record footage of individuals or information relating to individuals. The term includes CCTV cameras as well as any other cameras/systems that capture information about identifiable individuals or information relating to identifiable individuals.
System Operator: person or persons that take a decision to deploy a surveillance camera system, and/or are responsible for defining its purpose, and/or are responsible for the control of the use or processing of footage or other information obtained by virtue of such system.
System User: person or persons who may be employed or contracted by the system operator who has access to live or recorded footage or other information obtained by virtue of such system.

3. Scope of policy

3.1 RBBC currently uses surveillance cameras to view and record individuals in RBBC premises, public spaces, vehicles, and the wider borough. This Surveillance Camera Policy outlines why RBBC uses surveillance cameras, how RBBC will use surveillance cameras and how RBBC will process personal data recorded by surveillance cameras to ensure that RBBC is compliant with data protection legislation and best practices.

3.2 This policy applies to all surveillance cameras controlled by RBBC, whether fixed, visible cameras, mobile, visible cameras, motion detection cameras or hidden cameras.

3.3 This policy applies to the use of surveillance camera systems as defined by Section 29(6) of PoFA 2012 that operate in public places in England and Wales, regardless of whether there is any live viewing or recording of images or information or associated data. Covert surveillance by public authorities (as defined in Part II of RIPA 2000) is covered in part by this policy but is regulated by RIPA 2000.

3.4 Covert surveillance is when someone or something is being observed without knowledge. The covert use of surveillance requires authorisation from the Home Office under the Regulation of Investigatory Powers Act (RIPA) 2000 and Investigatory Powers Act 2016. RBBC currently undertakes covert surveillance.

3.5 This Surveillance Camera Policy covers all employees, directors, officers, consultants, contractors, freelancers, volunteers, interns, casual workers, zero-hours workers, and agency workers, and may also be relevant to visiting members of the public.

3.6 This policy is non-contractual and does not form part of the terms and conditions of any employment or other contract. RBBC may amend this policy at any time. The policy will be regularly reviewed by RBBC to ensure that it meets legal requirements.

4. Surveillance camera objectives

4.1 RBBC operates its surveillance camera systems for the purposes of:

(a) to prevent crime and protect buildings and assets from damage, disruption, vandalism, and other crime;
(b) for the personal safety of employees, visitors, and other members of the public and to act as a deterrent against crime;
(c) to support law enforcement bodies in the prevention, detection, and prosecution of crime;
(d) to assist in day-to-day management, including ensuring the health and safety of employees, members of the public, and others; and
(e) to assist in the effective resolution of disputes which arise in the course of disciplinary, legal, insurance or grievance proceedings.

This list is not exhaustive and other purposes may be or become relevant.

4.2 Local Strategic Objectives

Under Section 6 of the Crime and Disorder Act 1998, all Local Authorities have a statutory obligation to bring together named ‘Responsible Authorities’ to work in partnership to develop and implement strategies to protect the local community from crime and disorder related issues including anti-social behaviour, drug or alcohol misuse and reoffending.

Within RBBC, this statutory partnership is known as the Reigate & Banstead Community Safety Partnership (CSP) and includes representatives from RBBC, Surrey County Council, Surrey Police, Surrey Fire and Rescue Service, Clinical Commissioning Groups and Probation (the 'responsible authorities'). Other cooperating bodies and invitees of the CSP include the Office of the Police and Crime Commissioner for Surrey (OPCC), registered social landlords, Raven Housing Trust, and voluntary sector representatives.

Surveillance cameras are employed for the following reasons:

To support the delivery of the Reigate & Banstead Community Safety Partnership (CSP) action plan and objectives by assisting in the prevention and detection of crime and anti-social behaviour.
To ensure that RBBC’s surveillance systems are operated in accordance with regulatory requirements in a transparent and cost-efficient manner, taking account of appropriate technological developments.
To assist in the protection of RBBC’s clients, employees, assets, and public areas.
To assist RBBC, Surrey Police, and other statutory and enforcement agencies in carrying out their regulatory, investigatory and enforcement duties in Banstead, Horley, Redhill, Reigate, and the wider borough.

5. Roles and responsibilities

5.1 Employees that handle surveillance camera operations across RBBC will have the responsibility to comply with relevant legislation and codes of guidance relating to surveillance cameras. They must ensure that:

Appropriate technical and organisational measures are put in place for the recording, storage, and retention to provide adequate protection of surveillance footage.
Employees responsible for the operation of surveillance cameras receive the relevant training to operate and manage surveillance cameras and footage in line with the relevant legislation.
There is secure storage with controlled access for storing surveillance records.
Appropriate processes are put in place to deal with disclosures and access to information requests.
Data subjects are made aware of their right to be informed, right of access, and other data subject rights including the right to complain. Employees should be familiar with relevant guidance, such as the ICO codes of practice and relevant legislation.
Wireless transmissions are adequately protected by providing appropriate measures and controls.
Access to copying, deleting, and viewing surveillance footage is appropriately restricted.
All staff actions which effect the operation of CCTV equipment should be captured in audit logs held on the devices or controlling applications. This includes, any actions which change the field of vision, any downloads of footage and any deletion of footage. All CCTV equipment must be specified so as to provide accurate time and date stamping.
All CCTV installations will be recorded on the Council’s CCTV Register.

6. Data Protection Officer (DPO)

6.1 The DPO has the responsibility to advise RBBC on how to comply with the UK GDPR, and the DPA 2018.

6.2 The DPO will provide advice and assistance to RBBC when carrying out Data Protection Impact Assessments (DPIAs). See the DPIA Policy for further detail.

6.3 The DPO acts as a point of contact for data subjects and the supervisory authorities such as the ICO, and the Biometrics and Surveillance Camera Commissioner.

7. Operational standards - guidance and legislation

7.1 Processing of surveillance footage must comply with relevant guidance and legislation including:

ICO Video Surveillance Guidance.
Biometrics and Surveillance Camera Commissioner’s Surveillance Camera Code of Practice.
Biometrics and Surveillance Camera Commissioner’s Guide to the 12 Principles.
Freedom of Information Act 2000 (FOIA).
Regulation of Investigatory Powers Act 2000 (RIPA 2000).
Protection of Freedoms Act 2012 (PoFA 2012).
Human Rights Act 1998 (HRA).
Data Protection Act 2018 (DPA 2018).
UK General Data Protection Regulation (UK GDPR).

8. Data protection principles

8.1 RBBC will ensure that surveillance footage is:

Processed lawfully, fairly, and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’).
Collected for specified, explicit, and lawful purposes and not further processed in a manner that is incompatible with those purposes (‘purpose limitation’).
Adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’).
Accurate and, where necessary, kept up to date (‘accuracy’).
Kept for no longer than is necessary for the purposes for which it was obtained (‘storage limitation’).
Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’).

8.2 RBBC will ensure appropriate policies and procedures are in place to facilitate data subjects in exercising their rights.

8.3 RBBC will also ensure that they take appropriate measures to satisfy the data subject’s right to be informed.

9. Monitoring

9.1 Surveillance camera monitoring varies from site to site and is dependent on the service area responsible. Fixed location surveillance camera systems are typically placed in the communal areas of buildings. These systems are typically operational 24 hours a day.

9.2 Surveillance camera locations are chosen to minimise viewing of spaces not relevant to the legitimate purpose of the monitoring. As far as practically possible, surveillance cameras will not focus on private homes, gardens, or other private areas.

9.3 Surveillance footage is monitored by authorised personnel.

9.4 Employees using surveillance systems (system users) will be given appropriate training to ensure they understand and observe the legal requirements related to the processing of relevant data.

10. Appropriate signage

10.1 As part of the data subject’s right to be informed, RBBC will display signs informing data subjects about the operation of surveillance cameras and the reasons for installing them.

10.2 The signs will be appropriately sized and located so that they are visible and readable to the audience. They will contain the following information:

The identity of the Controller (for example, RBBC or RBBC’s representative if RBBC has given responsibility for the surveillance system to another party).
Details of where the data subject can find further information.

10.3 The signs will be appropriately located, for example, at the entrances and communal areas of RBBC premises, and limited to what is necessary.

10.4 Where RBBC wishes to use BWVs, these cameras should be clearly marked denoting that video and audio recording is in operation. This sign should be of a suitable size so that people can easily read it. In addition, all BWV operators should announce that BWV recording is in operation when in use.

11. Use Use of data gathered by surveillance cameras

11.1 In order to ensure that the rights of individuals recorded by the surveillance system are protected, RBBC will ensure that personal data gathered from surveillance cameras is stored in a way that maintains its integrity and security. This may include encrypting personal data, where it is possible to do so.

11.2 Given the large amount of personal data generated by surveillance cameras, RBBC may store video footage using a cloud computing system. RBBC will take all reasonable steps to ensure that any cloud service provider maintains the security of information, in accordance with industry standards.

11.3 RBBC may engage Data Processors to process personal data on our behalf. RBBC will ensure reasonable contractual safeguards are in place to protect the security and integrity of the data.

11.4 RBBC will ensure that the ongoing use of existing surveillance cameras is reviewed periodically to ensure that their use remains necessary and appropriate, and that any surveillance system is continuing to address the needs that justified its introduction.

12. Maintenance

12.1 RBBC is responsible for the maintenance of all its surveillance systems. Routine maintenance is conducted regularly, and additional repairs are conducted as and when necessary.

12.2 RBBC in some cases will use private surveillance camera contractors to carry out this work. It is the responsibility of all RBBC employees to ensure these contracts are regularly reviewed.

13. Camera life expectancy

13.1 The average projected lifespan of an external surveillance camera is estimated at between 6 to 8 years. This is dependent on; the type of camera and camera mount, the exposure of the camera site; the camera receiving regular maintenance over its lifespan; and the camera being subject to a midlife span refurbishment programme.

13.2 When surveillance cameras are no longer deemed necessary, the following should take place:

Hard drives must be removed from the surveillance system (where applicable).
The hard drive is wiped when data is deemed to be no longer required (in accordance with the retention policy).
Report the decommissioning of surveillance camera(s) to RBBC’s Data Protection Officer.
The surveillance camera owner must update the following documentation:
1. The applicable Data Protection Impact Assessment (DPIA).
2. Information Asset Registers/Record of Processing Activities (ROPA).

14. Data Protection Impact Assessment (DPIA)

14.1 Due to the intrusive nature of using surveillance cameras and the possible impacts on individuals, RBBC must carry out a Data Protection Impact Assessment (DPIA) to decide whether surveillance cameras should be used.

14.2 RBBC will need to ensure a DPIA is completed prior to the installation or expansion of a surveillance system. In addition, a DPIA should be conducted whenever the purpose of processing surveillance footage changes.

14.3 Whenever a Surveillance Camera DPIA is required, the template in Appendix Two should be used.

14.4 The items on the following list need to be considered when conducting a DPIA:

The risks to the rights and freedoms of the individuals.
The justification or legal basis for using the surveillance cameras.
Whether there are alternative means of achieving the same results.
The benefits of using surveillance cameras and the possible impacts on the affected individuals.
Whether the use of surveillance is necessary and proportionate to the purpose.
Whether a less privacy intrusive method could be used to address the pressing need.

14.5 Completion of a DPIA should be built into the organisational business approval and procurement processes.

14.6 Principle 2 of the Surveillance Camera Code of Practice requires regular reviews to be carried out to ensure the use of surveillance cameras remains justified.

15. Recording and storing surveillance footage

15.1 RBBC must ensure that surveillance footage is stored in a manner that ensures that the footage is not corrupted, deleted, or misplaced.

15.2 RBBC must ensure that any footage collected supports its purpose for processing.

15.3 RBBC should ensure that the duration for which surveillance footage is captured must be proportionate to its purposes.

15.4 RBBC should ensure measures have been taken to minimise the amount of data that is collected as per the data minimisation principle in UK GDPR (Article 5(1)(c)).

15.5 If RBBC conducts covert surveillance they will do so in accordance with RIPA 2000.

15.6 Any evidence of criminal activity will be processed in line with the Police and Criminal Evidence Act 1984 and Part 1 and Part 2 of RIPA 2000.

15.7 Footage will be sent securely to each control room or secure cupboard within RBBC’s premises, where the footage will be recorded onto local hard drives.

15.8 Re-deployable and standalone surveillance cameras have onsite recording functionality so surveillance footage will be recorded onto an SD card or hard drive within each camera. This footage is then uploaded to a secure RBBC server.

15.9 BWVs record footage onto an SD card located within each tamperproof device. All recorded footage will be uploaded to a secure RBBC IT System and/or Digital Evidence Management System (DEMS).

15.10 Vehicle surveillance cameras footage is stored on the encrypted hard drive in the vehicle. Footage from these cameras can be viewed by secure access to the cloud, where the footage is backed up or by requesting footage from the hard drive.

16. Retention of surveillance footage

16.1 RBBC must demonstrate compliance with data protection principles by putting in place measures for the permanent deletion of records when no longer needed.

16.2 The retention of surveillance camera footage will depend on the purposes for recording it. Unless required for legal proceedings, police investigations, or crime detection, RBBC will keep surveillance footage for no longer than necessary. After which time footage will be automatically overwritten.

16.3 Surveillance footage should be retained for no longer than 30 days in line with industry best practices, unless exemptions apply. Exemptions may include where the police make a request for footage.

16.4 If a request for surveillance footage is not received within its retention period (for example, 30 days), the surveillance footage is automatically deleted. RBBC should make this clear in all communications, including its website to adhere to the transparency principle under UK GDPR.

16.5 Footage for active investigations or claims will be stored on secure systems until no longer required.

16.6 When footage that has been retained for an investigation, and is no longer required, the following should take place:

Hard drives should be wiped.
Any footage that has been printed off as a still shot should be shredded.
Any surveillance camera footage that has been put onto a disc should be destroyed.

17. Access to surveillance footage

17.1 RBBC must ensure all measures are in place to ensure the security and confidentiality of surveillance footage.

17.2 Only authorised individuals by RBBC will be able to access the footage. Appropriate access controls should be in place, such as password encryption and individual user accounts should be set up.

17.3 In some cases surveillance footage will be backed up by a third-party cloud provider, but they will not be permitted to access the footage.

17.4 In the event that an external maintenance company is used to conduct annual maintenance or ad hoc maintenance of surveillance systems, they will not be permitted to access the footage.

18. Individual rights (including subject access requests)

18.1 Under the UK GDPR individuals have numerous rights including:

The right to be informed.
The right of access (subject access request).
The right to rectification.
The right to restrict processing.
The right to object.
The right to erasure.
The right to portability.
Rights in relation to automated decision making.

18.2 Under the UK GDPR, RBBC must deal with the requests free of charge and within one month, subject to certain exemptions.

18.3 Individuals are entitled to a copy of surveillance footage containing their personal data held by RBBC, subject to certain exemptions.

18.4 The data subject will be required to provide proof of their identity and full details of their personal data being sought, including dates and locations.

18.5 RBBC will ensure that the relevant operational employees are given the appropriate training to recognise and deal with requests for personal data.

18.6 Subject Access Requests for surveillance footage should be sent to the RBBC Data Protection Officer.

Phone: 01737 276 000 (ask to speak to the Data Protection Officer)
Email: data.protection@reigate-banstead.gov.uk

18.7 For further details about Individuals’ Rights and Subject Access Requests, see RBBC’s Subject Access Requests Policy.

19. Disclosures

19.1 All requests for copies of surveillance footage should be sent to appropriately trained professionals from the relevant team who will review each request.

In the first instance requests should be sent by email to:

Communitypartnerships@reigate-banstead.gov.uk

If further support is needed this should be directed to the Data Protection Officer:

Phone: 01737 276 000 (ask to speak to the Data Protection Officer)
Email: data.protection@reigate-banstead.gov.uk

19.2 Media

RBBC is not permitted to disclose surveillance camera footage of identifiable people to the media or to post them on the internet for entertainment. Footage from RBBC’s surveillance systems can, however, be released to help identify a person or for legal reasons. For example, for the purposes of crime detection or under court order.

19.3 Police Officers and Statutory Agencies

Enforcement Agencies and Police Departments may request copies of surveillance camera footage from RBBC’s surveillance camera systems when investigating criminal or civil offences or where court proceedings or other enforcement action is required. Before releasing footage or allowing a viewing, RBBC will ensure that they:

Receive a valid, signed, written request on the appropriate form providing all relevant information.
Log the request.
Download/copy the footage onto an encrypted and password-protected memory stick (USB: drive)/disc or upload it via an online secure link to a DEMS.
Obtain the signature of the requestor when the memory stick is collected.
Retain a copy of the footage which has been released.
If surveillance footage is requested outside of office hours (9 am - 5 pm) or the nature of the incident requires more expedient footage review/download, the request form will be completed retrospectively and will be sent to the DPO.
No footage is to be reviewed/downloaded without a relevant reference number, for example, CAD, Custody Record, and Operation Name.

19.4 Other disclosures

The disclosure of footage to other local authorities may take place on the authorisation of the Legal Services Team.

19.5 Where RBBC shares footage with another organisation, that organisation is mandated to process the footage in compliance with the UK GDPR and the DPA 2018.

20. Freedom of information requests

20.1 Surveillance camera operations may be subject to the Freedom of Information Act 2000 (FOIA).

20.2 This Act entitles individuals to request official information relating to surveillance cameras’ operation held by RBBC, such as a copy of this Surveillance Camera policy, and must provide a response within 20 working days, unless exemptions apply.

20.3 Where surveillance footage is requested under the Freedom of Information Act by a data subject (i.e., the person whose images are captured), this should be dealt with as a Subject Access Request (SAR).

20.4 Requests for footage made under the FOI Act, will automatically be exempt under section 40 of FOIA (personal data exemption). Employees must consult RBBC’s DPO and legal team.

21. Personal data breach

21.1 A personal data breach refers to any compromise of security that may lead to the accidental or unlawful destruction, loss, alteration, and unauthorised disclosure of, or access to, personal data, whether caused deliberately or by accident.

21.2 The UK GDPR and DPA 2018 require RBBC to notify the ICO of a ‘reportable’ personal data breach within 72 hours of becoming aware of it. Not all personal data breaches are ‘reportable’. See RBBC’s Data Breach Policy. Failure to report a breach within the prescribed time may result in significant penalties against RBBC.

21.3 In the event of a breach, contact RBBC’s DPO (see details below) immediately.

Phone: 01737 276 000 (ask to speak to the Data Protection Officer)
Email: data.protection@reigate-banstead.gov.uk

22. Risks of non-compliance

22.1 If RBBC fails to comply with this policy and, as a result, breaches the UK GDPR/DPA 2018, they will be at significant risk of receiving a penalty.

22.2 In addition to fines, the ICO has a range of corrective powers and sanctions namely, issuing warnings, reprimands, imposing temporary or permanent bans on data processing, ordering the rectification of inaccurate information, restriction, or erasure of data, and suspending data transfers to third countries.

22.3 RBBC may be fined or penalised if it commits one of the following offences which includes but is not limited to:

Processing without notification.
Failing to notify the Commissioner of changes in your circumstances.
Failing to comply with written requests.
Failing to comply with enforcement notices.
Knowingly or recklessly making false statements in compliance with an information notice.
International obstruction of or failure to give reasonable assistance in the execution of a warrant.

It is also an offence for an employee without the consent of the Data Controller, knowingly or recklessly to:

Obtain or disclose personal data or the information contained in personal data.
Unlawfully sell personal data.
Unlawfully disclose information.

All of these offences may be tried in either the Magistrates Court or the Crown Court. Upon conviction in the Magistrates Court, an offender is personally liable to a maximum fine of £5000. Whilst in the Crown Court an unlimited fine may be imposed.

23. Employees being filmed by members of the public

23.1 RBBC employees should be alert to members of the public filming them; however, there is no current legislation that prevents members of the public from filming anyone in public spaces. Therefore, although employees may be subject to this, providing this is not on RBBC premises, then a member of the public is not breaking any legislation by doing so. Powers under section 43 of the Terrorism Act 2000 to stop, examine and seize are only available to Police Officers who should be called if required.

24. Training requirements

24.1 All employees are to be informed of this policy during induction and reminded of this policy at regular intervals.

24.2 Training in the usage and retrieval (downloading) of surveillance camera footage will be given when required for nominated employees only. Employees are not authorised to obtain surveillance camera footage unless they are appropriately trained and authorised to do so by RBBC.

24.3 It is the responsibility of every employee to ensure they have read and understood the operating procedures for surveillance cameras, prior to assuming responsibility.

24.4 All employees who operate BWVs will receive full training in the use of BWVs. This training will include practical use of equipment, on-street operational guidance and best practice; when to commence and cease recording; and the legal implications of using such equipment. Records of employees’ training will be stored on their training record and refresher training will be provided annually. Employees will not be deployed with a BWV until training has been undertaken.

24.5 It is the responsibility of operators who require a Security Industry Authority (SIA) licence to conduct live monitoring of surveillance footage to ensure their SIA licence is valid and that they have completed the required training for the SIA licence.

25. Complaints

25.1 It is acknowledged that surveillance cameras may generate complaints from employees or members of the public and RBBC has a duty to ensure these complaints are responded to within 15 working days.

25.2 Any complaints regarding surveillance cameras should be made to RBBC’s Data Protection Officer who will investigate the matter, see details below.

Phone: 01737 276 000 (ask to speak to the Data Protection Officer)
Email: data.protection@reigate-banstead.gov.uk

25.3 If after this, a complainant is still dissatisfied, they should submit a Stage 2 Complaint via RBBC’s Complaints Procedure. RBBC has a duty to ensure these complaints are responded to within 21 working days. The complainant can submit their request via email, see details below.

Email: democratic@reigate-banstead.gov.uk

25.4 If the complainant is still dissatisfied after the independent assessment by the Information Governance team, then they can contact the Information Commissioner’s Office, see details below.

Email: casework@ico.org.uk
Phone: 0303 123 1113
Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

25.5 A register of such complaints and their outcomes must be kept for monitoring.

25.6 All complaints will be monitored and reported on an annual basis.

25.7 For more information see the Complaints Policy.

26. Other legislation impacting the use of surveillance cameras

26.1 Surveillance cameras are used by RBBC in accordance with criminal and civil law. In addition to the legislation already mentioned above, the following also impacts the use of surveillance.

26.2 Regulation of Investigatory Powers Act (RIPA) 2000 - Covert Surveillance

RIPA 2000 is the law governing the use of covert techniques by public authorities. It requires public authorities, such as the police or government departments, who need to use covert techniques to obtain private information about someone, to do so in a way that is necessary, proportionate, and compatible with human rights.

RIPA’s guidelines and codes apply to actions such as:

Intercepting communications.
Acquiring communications data: the ‘who, when and where’ of communications, such as telephone billing or subscriber details.
Conducting covert surveillance, either in private premises or vehicles (intrusive surveillance) or in public places (directed surveillance).
The use of covert human intelligence sources, such as informants or undercover officers.
Access to electronic data protected by encryption or passwords.

RIPA 2000 applies to a wide range of investigations in which private information might be obtained. Cases in which it applies include:

Terrorism.
Crime.
Public safety.
Emergency services.

In the context of local authorities, RIPA 2000 may not be used by local authorities unless the offence is likely to carry a custodial sentence of 6 months or more and is approved by a Magistrate. Any consideration of operating covert surveillance under RIPA 2000 must be discussed and approved by the Head of Legal Services and the DPO, before any action is taken.

26.3 Police and Criminal Evidence Act 1984

The Police and Criminal Evidence Act 1984 (PACE) requires any person with a duty of investigating criminal offences or charging offenders is also required to follow the provisions of the PACE codes of practice as practically required.

PACE requires local authorities to cooperate with the police regarding any act of criminal activity. Any evidence of criminal activity should be processed in line with the requirements set out in PACE ensuring that evidence is kept secure and reliable. Under the requirements of PACE, local authorities should ensure that any surveillance camera footage required for the prevention and detection of crime is of sufficient quality that can be used to identify individuals in connection with criminal investigations.

26.4 Criminal Justice and Public Order Act 1994

Section 163 of the Criminal Justice and Public Order Act allows local authorities to use surveillance cameras to promote the prevention of crime or the welfare of victims of crime and requires that the local authority consult the police over these cameras.

26.5 Criminal Procedures and Investigations Act 1996

This Criminal Procedures and Investigations Act creates a statutory framework for the disclosure to defendants of material which the prosecution does not intend to use in the presentation of its own case – known as unused material. This may include, where in existence, surveillance camera footage.

26.6 Human Rights Act 1998

Article 8 of the Human Rights Act 1998 provides for the right to respect your private and family life.

26.7 Crime and Disorder Act 1998

Section 17 of the Crime and Disorder Act 1998 requires a local authority to consider the impact of everything it does on crime and disorder e.g., what impact the operation of a service, policy, procedure, working practice, or service level agreement, have on community safety. As part of RBBC’s duty under Section 17, they are bound to do everything they reasonably can to “prevent people from becoming involved in serious violence in its area and reduce instances of serious violence in its area”.

26.8 Private Security Industry Act 2001

Under the Private Security Industry Act, a Security Industry Authority (SIA) licence is required for personnel who carry out public space surveillance.

Section 12 of the Act requires a local authority to establish and maintain a register of persons licenced under this Act. This register should contain the following information for each licence holder:

(a) the name of the holder of the licence;
(b) an address for the holder of the licence which satisfies the prescribed requirements;
(c) the time when the licence will cease to have effect unless renewed; and
(d) the terms and other conditions of their licence.

27. Policy review

27.1 This policy will be regularly reviewed and updated as and when necessary to reflect best practices and changes in legislation.

The next review date for this policy is April 2027.

Next Appendix

Was this page useful? * Required

Yes

It's good, however

No, here's why:

Other feedback about this webpage. (Please note this is for website feedback only, do not enter any personal details as we are unable to get back to you.) (optional)