The Data Protection Commissioner has issued new guidelines on the installation and operation of CCTV systems in the workplace. There is now a requirement that  “a written CCTV policy must be in place”.
The guidance note provides that data controllers who wish to use CCTV should ensure that they complete the following steps:

* conduct and document a risk assessment process;
* conduct and document a Privacy Impact Assessment;
* prepare a specific data protection policy dealing with CCTV devices, which should include data retention and disposal policies for the CCTV footage recorded;
* be able to demonstrate, using documentary evidence, previous incidents that have led to security or health and safety concerns that may justify the use of CCTV; and
* prepare and display clear signage indicating that there is image recording in operation.

The full guidance note can be accessed here: