Locations
The Data Protection Commissioner issued an updated guidance note in December 2015 in relation to the use of CCTV. The guidance note provides that data controllers (including employers) are required to put in place a written CCTV policy.
The guidance note also provides that data controllers who wish to use CCTV should ensure that they complete the following steps:
- conduct and document a risk assessment process;
- conduct and document a Privacy Impact Assessment;
- prepare a specific data protection policy dealing with CCTV devices, which should include data retention and disposal policies for the CCTV footage recorded;
- be able to demonstrate, using documentary evidence, previous incidents that have led to security or health and safety concerns that may justify the use of CCTV; and
- prepare and display clear signage indicating that there is image recording in operation.
Whilst the guidance note is not law, failure to comply with the guidance note could result in difficulties relying on CCTV footage in, for example, disciplinary processes or employment law claims. If your business uses CCTV, it is time to review your employee handbook and employer practices to ensure that the steps referred to above are carried out.
Note: Our Employment Unit will hold a seminar on the topic of ‘Employment Law – Review of Key Developments in 2015′ on February 10th 2016. If you are interested in registering for this event please contact ccruz@mcdowellpurcell.ie.