If you operate a commercial CCTV system in the UK then you should be aware that the law enforcement agencies can seize video evidence. Members of the public also have the right to see and request a copy of CCTV in which they themselves or information about them such as their car number plate has been recorded. This is known as a Subject Access Request.
The Data Controller responsible for your CCTV system should know how the system works and how to produce copies when requested. You should also be aware of how the Data Protection Act applies to CCTV recordings.
Giving video evidence to the police
The Police or other law enforcement agencies will usually ask to see or take copies of footage to investigate a crime. This is not a Subject Access Request.
When you hand over CCTV video evidence to the Police they will expect it to be an un-edited original or the best available working copy. With digital systems the best available working copy tends to be a disc or a USB stick – usually these are exact copies of the electronic evidence stored on the hard drive of your digital video recorder.
You should keep a log in your records of what was released and the reason why. From then on the Police (or other agency) takes responsibility for that video evidence and where it is shown. It could be used in Court or in some instances released to the media.
Giving video evidence to the public
Anyone can make a Subject Access Request to a CCTV operator (Data Controller) to request copies of CCTV data which could identify them. They must provide time and date information to help you locate the footage, a photograph so that you know what they look like and proof of identity. Once you produce and hand over the footage you cannot control where it is shown but you will continue to be responsible for it under the Data Protection Act if other people featured in the same images can be identified.
Under the Data Protection Act and GDPR individuals have the right have their identity protected. Therefore you must take steps to ensure that third parties cannot be identified. This usually mean masking, blurring or pixelating anyone else in the footage except the data subject.
You should keep proper records of Subject Access Requests, viewing logs and evidence disclosures.
Ensuring Compliance with GDPR and DPA
If you have been asked for video evidence under a Subject Access Request which contains identifiable imagery of other people then you must have those elements of the footage obscured. This is known as CCTV redaction.
Most CCTV digital video recorders (DVRs) produce exhibits which are designed to be tamper proof with no provision for editing or masking off sections of the footage. The vast majority of CCTV footage can only be played back on a computer (usually a Windows PC) often using a dedicated software player. Therefore specialist knowledge and equipment is required to make legally compliant, redacted copies of the evidence available.
CCTV Redaction for Compliant Disclosures
We’ve worked with video evidence for over a decade and are experienced in producing CCTV video evidence for:
- Retailers, insurers and associated legal teams
- Insurers for motor, fire and damage claims
- Criminal defence
- Government bodies
We can make high quality copies of your video evidence and obscure the identity of any person who is not the data subject and/or the incident in question. The working copy exhibits our CCTV experts produce are fully documented with a witness statement for your records.
If you instruct us to carry out CCTV redaction then you should ensure the data you send to us is encrypted. You must also enter into a formal data processing agreement with us.
Company Policy: Manchester Video Limited does not accept instruction from the general public for video evidence work of any description under any circumstances.
Please see the ICO website for more information about CCTV and Data Protection.