This page contains a Flash digital edition of a book.
PROFESSIONAL PRACTICE EMPLOYABILITY SKILLS


cameras, Lawful use of CCTV


Lights,


With public distrust of surveillance at a high Matthew Orme, a barrister with Bates, Wells & Braithwaite, explains how the Data Protection Act should be interpreted by parking operators


ACTION C


CTV and ANPR cameras are under the spotlight at the moment. For one, the Home Offi ce is consulting on a


draft Surveillance Camera Code of Practice. This is part of a wider public focus on CCTV/ ANPR usage. While such systems provide valuable data for parking operators, it is often ‘personal data’, and must be used lawfully. So how does the law apply to CCTV/ANPR? The main legislation is the Data Protection Act 1998, which covers organisations’ use of personal data. This is data referring to a living individual, which enables them to be identifi ed. The individual might be identifi able from the data alone, or by referring to other data held by an organisation. For example, a driver’s name and address are personal data, as is data about when the driver entered and exited a car park. If a person is identifi able from a camera image, then the image contains their personal data. Vehicle registration marks held by parking operators may be personal data about the vehicles registered keeper, or about a driver if the operator can connect them to the mark. The Act places obligations on ‘data controllers’ – organisations that decide how and for what purposes personal data are used. Data controllers must notify the Information Commissioner’s offi ce annually that they are acting as such. Organisations that only handle the data on someone else’s behalf for their defi ned purposes, for example under a contract with a car park landowner, are likely to be ‘data processors’ and not subject to the Act (for that data at least). Data processors may still be fi nancially


30 MARCH 2013


liable to the data controller if they cause breaches of the Act. Landowners who engage parking operators should ensure their contract with the operator has appropriate data protection clauses about compliance with the Act, and protection for the landowner if the operator causes a breach.


How should data be handled? Data controllers must always comply with the data protection principles set out in the Act. These include that the use must be “fair and lawful” and only for the purposes for which the data was obtained. Personal data must also only be used in circumstances permitted by the Act. These include where the individual has consented to the use of their personal data, or where the use is necessary in relation to a contract, such as a contract for parking. This makes parking signs important. Signs are likely to determine the terms that an individual is deemed to have consented to, and so form part of a contract to park.


www.britishparking.co.uk


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52