Don't be taken in by CCTV scare stories.
Small businesses have long been the target of scams. Frankly, if I get one more e-mail from the usurped King of Nigeria promising riches beyond my wildest imaginings (all I have to do is give them my bank account number, PIN number, keys to my house, etc), then I think I'll scream.
But recently I found out that many small businesses using CCTV to monitor their factories, shops or offices been subject to scare stories that they may be breaching the Data Protection Act.
A number have been told this by unscrupulous salesmen, who said that they need to buy expensive gadgets to make their systems compliant. Such advice is often very misleading.
There are lots of scams going on with rogue traders approaching firms saying they need this or that piece of equipment. Many are told they need to buy a degausser to remove images from video tapes, when in fact taping over the existing recording with modern equipment will do the job just as well.
In fact, the vast majority of small businesses that use CCTV are currently doing so in a way that complies with the data protection laws, and have nothing to worry about. The Information Commissioner has said that there is no great concern of widespread misuse of CCTV by small businesses.
The reason why there is so much uncertainty dates back to 2000, when data protection legislation came into force. Then, relatively few small businesses had CCTV, because it was very expensive.
The code of practice for its use, issued by the Information Commissioner responsible for policing the Data Protection Act, was therefore geared towards larger businesses who were then the main users. The code had 62 legally-enforceable standards and 30 points of good practice.
Since then, however, the cost of CCTV has fallen dramatically, making it more widely available to small firms. The Information Commissioner has started work on a new, simpler code of practice for using CCTV, which will be easier for small firms to apply. In the meantime, it has issued an interim CCTV small-user checklist.
This checklist consists of the following main elements: that anyone using a CCTV system must be aware they need to notify the Information Commissioner, and to renew that notification annually. Failure to notify the Commissioner carries a maximum penalty of pounds 5,000.
The cameras need to be sited so that the images from them are clear enough to be used by the police to investigate a crime, and the operator needs to ensure that the cameras do not pick up images of people not on the premises, such as on the pavement outside.
In addition, the images must be securely stored, such as in a locked cupboard, and it is important that only a limited number of authorised people have access to them.
And the recorded images should only be kept long enough for any incident, such as a theft, to come to light. Features, such as the date and time stamp, need to be correctly set.
Under the Data Protection Act, a small business can only use CCTV for the prevention and detection of crime, or for protecting the safety of customers. It cannot be used for any other purpose.
Few employees have difficulty being monitored by CCTV, particularly in retail environments. Many people working in shops these days are so worried of being attacked or held up, they regard CCTV as essential protection.
So the important message for small business owners is not to panic. Nobody wants to prosecute small businesses for mistakes.