CCTV Policy

Last Updated: 14/04/2025

Thurstan Hoskin Solicitors LLP ("the Company") operates a closed-circuit television (CCTV) system across its business premises in Redruth and Hayle to support the safety, security, and lawful operation of the firm. This policy outlines how the Company collects, uses, stores, and discloses CCTV images and audio recordings in line with its obligations under data protection law.

1. Purpose of CCTV

1.1. The Company has undertaken a Data Protection Impact Assessment and considers the use of CCTV to be a necessary and proportionate measure for the following purposes:

• The prevention and detection of crime or malpractice;

• The identification and prosecution of offenders;

• The monitoring and safeguarding of the Company’s premises;

• Ensuring health and safety and compliance with Company procedures;

• Identifying unauthorised actions or unsafe practices, which may form part of disciplinary investigations or proceedings.

1.2. The Company’s CCTV system may include audio and visual recording. Where audio is recorded, this will be clearly indicated via signage placed adjacent to the relevant devices.

2. Location of Cameras

2.1. CCTV cameras are installed both inside and outside the Company’s premises. These may include:

• Internal areas accessible to employees, clients, and visitors;

• External areas immediately surrounding the premises.

2.2. External-facing cameras are configured not to record movement in public areas unless expressly permitted and defined.

2.3. Clear signage is prominently displayed at all entry points and throughout the premises to ensure individuals are aware they are entering areas monitored by CCTV.

3. Recording and Retention of Images

3.1. CCTV equipment is maintained regularly to ensure effective image quality.

3.2. Recordings may occur continuously (24/7) or at intervals defined by business need.

3.3. Digital recordings stored on internal servers or PCs are subject to automatic overwrite on a rolling basis. Devices are securely wiped before disposal.

3.4. Images stored on removable or digital media (e.g. CDs, USBs) are deleted or destroyed when no longer required for their intended purpose. Normally, this will be within 12 months, unless required longer for legal or investigatory reasons.

4. Access to and Disclosure of Images

4.1. CCTV images are held in a secure location and may only be accessed by:

• Approved system operators;

• Line managers authorised for relevant investigatory or compliance purposes.

4.2. Viewing will take place in a restricted area, and any physical media removed for review must be documented.

4.3. Disclosure of CCTV images to external third parties is limited to:

• Police and law enforcement agencies;

• Prosecuting bodies (e.g. the Crown Prosecution Service);

• Legal representatives involved in relevant matters;

• Authorised management personnel and/or the building’s landlord;

• Individuals captured in recordings (subject to conditions in Clause 5).

4.4. Only the Managing Director, Premises Landlord, or a senior director acting in their absence may authorise third-party disclosures.

5. Individual Access Rights

5.1. Under the UK General Data Protection Regulation (UK GDPR), individuals have the right to request access to personal data, including CCTV footage in which they are identifiable.

5.2. Requests must be submitted in writing to the Data Protection Officer (DPO) at:📧 info@thurstanhoskin.co.uk

5.3. Requests must include:

• The approximate date and time of the recording;

• The location of the relevant camera;

• Proof of identity (valid passport or photocard driving licence).

5.4. The Company may charge a reasonable fee where requests are manifestly unfounded or excessive, or where insufficient detail is provided.

5.5. The Company will respond within one month, or up to three months in complex cases, in accordance with the UK GDPR.

5.6. Access to footage will only be granted where:

• The requester is clearly identifiable in the footage;

• No third-party data is disclosed without appropriate redaction or anonymisation;

• Disclosure would not prejudice any ongoing criminal investigation or legal process.

  
  

6. Staff Training

6.1. Employees responsible for operating or reviewing CCTV systems will be trained on:

• Lawful operation and administration of CCTV;

• Data protection principles and the privacy rights of individuals.

  
  

7. Data Protection and Policy Oversight

7.1. The Company’s Data Protection Officer is responsible for implementing and reviewing this policy and ensuring ongoing legal compliance.

7.2. Any complaints or queries regarding CCTV use should be directed to:

Data Protection Officer: Barbara Archer📧 info@thurstanhoskin.co.uk📞 01209 213 646 (ask for the DPO)

7.3. Personal data collected via CCTV will be processed in accordance with the Company’s Data Protection Policy and internal Privacy Notices.

7.4. Any unauthorised access or disclosure will be treated as a data breach and dealt with in accordance with the Company’s disciplinary procedure and data protection processes.