Open navigation
Search
Search
All expertise
Explore our breadth of expertise.
International Desks
Helping you access overseas markets with support from our country and region-specific experts
Sectors View all
Practice Areas View all
Offices
Discover the scope of our presence in the jurisdiction.
Global Reach
Learn about our capabilities beyond borders.
CMS United Kingdom
All insights
Leverage our expert analysis, intelligence and thought leadership for your strategic advantage.
Personalised updates
Receive tailored insights and intelligence that apply directly to your business.
Topics in focus View all
Insights by type
CMS Spotlight: join our events and webinars!
CMS News
Stay up to date with our growth, evolution and our many successes.
CMS Press Office
Contact us
For all general enquiries.
About CMS
CMS Careers

Select your region

International Europe Africa Asia-Pacific The Americas Middle East
Legal Update

New Data Protection Code of Practice for CCTV and Surveillance Technology

19 Jan 2015 United Kingdom 3 min read

The Information Commissioner’s Office (ICO) has published an updated Code of Practice for those involved in operating CCTV and surveillance cameras. The Code is primarily aimed at businesses and organisations that routinely capture individuals’ information on their surveillance systems and will be relevant to public sector organisations using CCTV.

The Code provides best practice advice on complying with the legal requirements of the Data Protection Act 1998 and the Protection of Freedoms Act 2012. The full text is available here.

Why has the Code been updated?
 Recent technological developments have meant that there are increasing numbers of ways in which individuals can be identified and records can be kept of people’s activities. Since the Code was last updated in 2008, there has been growing public concern about the increasing use of CCTV as well as other new surveillance technology. The new Code seeks to address these concerns and bring the ICO’s best practice advice on data protection compliance up to date. The Code also recognises various new types of technology surveillance which look likely to become increasingly popular. As well as CCTV, the updated Code now covers use of new camera-related surveillance equipment such as Automatic Number Plate Recognition, bodyworn cameras, unmanned aerial systems (e.g. drones) and other systems used to capture information relating to individuals.

What do you need to do?
The Code contains guidance and good practice on the issues organisations should consider in respect of surveillance technology. Organisations should:

  • carefully consider whether or not to use a surveillance system in the first place – take into account the nature of the problem you are seeking to address and whether a surveillance system is justified and proportionate;
  • if a surveillance system is already being used, regularly evaluate whether it is necessary and proportionate to continue using it;
  • put in place a clear governance policy for handling and processing any personal information gathered via surveillance technology. This should include establishing responsibility for control of personal information and documenting procedures on the handling, retention and disclosure of recorded material;
  • ensure that viewing of recorded material is restricted to authorised persons and disclosure of material is controlled and consistent with the purposes for which the system was established;
  • ensure that individuals who may be recorded are fully aware of their rights, and that staff using the surveillance systems are aware of their obligations, both under the DPA and the Code; and
  • provide fair processing information by means of a privacy notice. The Code recognises that drone users may face problems in identifying individuals captured on camera, but suggests coming up with “innovative ways” of providing this information.

Wider Context
The Code also incorporates various principles previously established under the Home Office’s Surveillance Camera Code (“SCC”). The SCC is available here. The SCC applies to certain public authorities such as the police and local authorities. However, the Code recommends that all users of surveillance technology seek to comply with the SCC as well.

More insights
Public Procurement Data Protection & Freedom of Information Scotland

Explore more

Event United Kingdom

IP Insights webinar series 2026

28 Apr 2026
Publication United Kingdom

Procurement Cube

09 Feb 2026 5 min read
Back to top Back to top
You will now find all Law-Now content on CMS.law
Explore more
Law-Now, RegZone, LEXplicite and Blogtt have moved to CMS.law. Law-Now has moved to CMS.law. RegZone has moved to CMS.law. LEXplicite has moved to CMS.law. Blogtt has moved to CMS.law.
Learn more Learn more Learn more Learn more
If you want to use third party tools, please enable personalisation cookies as part of your cookie preferences. You can change this setting at any time via the button below or in our Cookie Notice.