Your business securely stores CCTV images and limits access to authorised individuals. Your business regularly checks that the CCTV system is working properly.
You must sufficiently protect all information to ensure that it does not fall into the wrong hands.
Poor security can lead to your cameras’ feeds being viewed by criminals, or being hijacked by them for use in computer botnets.
Security precautions should include technical, organisational and physical security. For example:
• Protect wireless transmission systems from interception.
• Restrict the ability to view or make copies of information to appropriate staff.
• A secure space where footage is stored.
• Staff training in security procedures and sanctions against staff who misuse surveillance system information.
• Establish appropriate controls if the system is connected to, or made available across, a computer network. Internet-protocol (IP) cameras should be protected by firewall and router controls, and wherever possible default passwords should be changed.
• Apply any software updates (particularly security updates) published by the equipment’s manufacturer to the system in a timely manner. Modern IP camera manufacturers issue security advisories and fixes to security problems, and users should keep these patched and up to date just as much as their other computer equipment.
• Protect the recorded footage from a CCTV, whether tapes or hard disk, and against access by any unauthorised person, whether an unauthorised staff member or an outsider.
• Store any data you have collected securely, for example by using encryption or another appropriate method of restricting access to the information.