CCTV legislation was introduced in the UK in 2012, followed by a Code of Conduct in 2013. CCTV recordings are also covered by the Data Protection Act.

More and more people are investing in CCTV cameras to protect their properties and why not? It’s the sensible thing to do. However, many people are unaware of the various pieces of CCTV legislation and their personal responsibilities under the law.


Guidelines for Commercial CCTV:

Because CCTV recording is governed by the Data Protection Act, businesses can be liable for fines of up to £500,000 if it is misused. So it’s important to make sure guidelines are closely followed.

As the person responsible for CCTV in your business, it is your duty to make sure the CCTV system is installed correctly and the company complies with CCTV legislation guidelines.

If you are unsure at any time, then please get in touch with your CCTV company.


1. Register with the Information Commissioner’s Office as a CCTV operator

2. Have a stated purpose for your CCTV system and review this regularly

3. Carry out a Privacy Impact Assessment and publish this if appropriate

4. Put up clear signage, warning there is CCTV surveillance on the property

5. Publish the name of someone in your business that people can raise queries and complaints with

6. Appoint a person responsible for your CCTV system

7. Implement clear rules, policies, and procedures around CCTV surveillance for your business

8. Make sure your staff are fully aware of their responsibilities and any policies and procedures

9. Make sure CCTV recordings are captured and stored securely

10. Don’t keep recordings for longer than you need (31 days is standard)

11. Delete older CCTV recordings regularly and in a secure way

12. Restrict staff access to CCTV recordings and implement a disclosure policy

14. Don’t record conversations between members of the public

15. Follow recognised technical and operational standards as appropriate

(Your CCTV company should be able to advise on these)

16. Do not install CCTV in private spaces such as changing rooms and toilets

17. Make sure recordings you capture can be used by the police and courts if necessary, e.g. by ensuring the date and time are set correctly

18. Audit your CCTV operation regularly to check legal requirements, policies and standards are complied with

19. Publish your audit findings in a document

20. If you are using your CCTV system to cross-reference against a database (for example, if you are checking car number plates), then make sure your reference database is accurate and up to date


There are 3 main pieces of CCTV legislation:

– The Protection of Freedoms Act 2012
– The Surveillance Camera Code of Practice 2013 (the ‘SCCOP’)
– The Data Protection Act (the ‘DPA’)

The Information Commissioner’s Office, or ‘ICO’ is responsible for enforcing this legislation.

The SCCOP legislation is designed to balance the need for CCTV cameras with the public’s right to privacy. Some of the SCCOP only applies to CCTV for commercial use.

The DPA legislation gives individuals the right to see information held about them, including CCTV recordings.

If you have residential CCTV, you are NOT affected by the DPA, unless your cameras are set up to record beyond the boundary of your property (e.g. the pavement)