CCTV Policy

This policy is presented in HTML to support accessibility needs and to work across multiple platforms. A full PDF copy is also available below.


1.    Introduction

  • At Kingsmead School, we take our responsibility towards the safety of staff, visitors and pupils very seriously. To that end, we use surveillance cameras to monitor any instances of aggression or physical damage to our School and its members.


  • The purpose of this policy is to manage and regulate the use of the surveillance and CCTV systems at Kingsmead School and ensure that:
  • We comply with the UK-GDPR, effective 1 January 2021.
  • The images that are captured are useable for the purposes we require them for.
  • We reassure those persons whose images are being captured, that the images are being handled in accordance with data protection legislation and their rights are being upheld.


  • This policy covers the use of surveillance and CCTV systems which capture moving and still images of people who could be identified, as well as information relating to individuals for any of the following purposes:
  • Observing what an individual is doing
  • Taking action to prevent a crime
  • Using images of individuals that could affect their privacy


2.    About this policy

  • This policy has been created with regard to following the statutory and non-statutory guidance:


  • This policy has due regard to legislation including, but not limited to, the following:
  • The UK General Data Protection Regulation
  • The Data Protection Act 2018
  • The Freedom of Information Act 2000
  • The Protection of Freedoms Act 2012
  • The Regulation of Investigatory Powers Act 2000


  • This policy operates in connection with the following school policies:
  • Data Protection and Freedom of Information Policy
  • Privacy Impact Assessment (PIA) for CCTV
  • Cyber Security Policy
  • Privacy Notices


3.    Definition of Data Protection terms

  • For the purpose of this policy a set of definitions will be outlined, in accordance with the Surveillance Camera Code of Practice:
  1. CCTV – Closed Circuit Television is a system of cameras which stream an image to a central monitor, where activity can be recorded.
  2. Surveillance – monitoring the movements and behaviour of individuals; through CCTV.
  3. Overt surveillance – any use of surveillance for which authority does not fall under the Regulation of Investigatory Powers Act 2000.
  4. Covert surveillance – any use of surveillance which is intentionally not shared with the subjects it is recording. Subjects will not be informed of such surveillance. Kingsmead School does not condone the use of covert surveillance when monitoring staff, pupils and/or volunteers. Covert surveillance will only be operable in extreme circumstances.


4.    The Data Protection Principles and Privacy by Design

  • Data collected from surveillance and CCTV will be:
  1. Processed lawfully, fairly and in a transparent manner in relation to individuals.
  2. Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes
  3. Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
  4. Accurate and, where necessary, kept up to date;
  5. Kept for no longer than is necessary for the purposes for which the personal data are processed;
  6. Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage.


  • The school will follow the ICO’s guidelines on Privacy by Design – before planning installing and using a surveillance system, the school will:
  • Consider whether the school can fulfil its requirements through a less privacy-intrusive system that does not include surveillance and recording.
  • Carry out a Privacy Impact Assessment (PIA) to assess security risks and how the rights of individuals will be upheld.
  • Where the school identifies a high risk to an individual’s interests, and it cannot be overcome, the school will consult the ICO before they use CCTV, and the school will act on the ICO’s advice.


5.    Responsibilities of Kingsmead School

  • The school, as the corporate body, is the data controller. The governing board of Kingsmead School therefore has overall responsibility for ensuring that records are maintained, including security and access arrangements in accordance with regulations.


  • The role of the data controller includes:
  • Processing surveillance and CCTV footage legally and fairly
  • Collecting surveillance and CCTV footage for legitimate reasons and ensuring that it is used accordingly.
  • Collecting surveillance and CCTV footage that is relevant, adequate and not excessive in relation to the reason for its collection.
  • Ensuring that any surveillance and CCTV footage identifying an individual is not kept for longer than is necessary.
  • Protecting footage containing personal data against accidental, unlawful destruction, alteration and disclosure.


6.    Responsibilities of the Data Protection Officer / Lead

  • As a school we are data controllers in law and are required to appoint a Data Protection Officer. Our DPO is Amy Brittan and can be contacted at The school has also appointed a Data Protection Lead. Our DPL is Rob Trowbridge (Director of Finance & Operations) and can be contacted on


  • The DPO / DPL is responsible for ensuring compliance with the Data Protection legislation and with this policy. Their responsibilities are laid out in the Data Protection policy, but in relation to CCTV and surveillance they include:
  • Ensuring that all data controllers at the school handle and process surveillance and CCTV footage in accordance with the 6 data protection principles.
  • Ensuring that surveillance and CCTV footage is obtained in line with legal requirements.
  • Supporting the school to complete a Privacy Impact Assessment when installing or replacing cameras (see paragraph 4.2).
  • Reviewing the effectiveness of the current CCTV system and making recommendations if appropriate.
  • Ensuring that surveillance and CCTV footage is destroyed in line with legal requirements when it falls outside of its retention period.
  • Informing data subjects of how their data captured in surveillance and CCTV footage will be used by the school; their rights for the data to be destroyed and the measures implemented by the school to protect individuals’ personal information.


7.    Responsibilities of the Headteacher

  • The Headteacher has the following responsibilities:
  • Meeting with the DPO / DPL to decide where CCTV is needed to justify its means.
  • Liaising with the DPO / DPL with regard to the lawful processing of the surveillance and CCTV footage.
  • Reviewing the CCTV Policy to ensure it is compliant with current legislation.
  • Monitoring legislation to ensure the school is using surveillance fairly and lawfully.
  • Communicating any changes to legislation to all members of staff.


8.    Purpose and justification

  • The school will only use surveillance cameras for the safety and security of the school and its staff, pupils and visitors.


  • Surveillance will be used as a deterrent for violent behaviour and damage to the school,


  • The school may share surveillance footage to assist the police in identifying persons who have committed an offence (see paragraph 14.1).


  • The school will only conduct surveillance as a deterrent and will not site cameras in classrooms or any changing facility.


  • The school may use surveillance data as part of disciplinary and grievance processes. This will be communicated to students and staff through the school Privacy Notices.


  • If the surveillance and CCTV systems fulfil their purpose and are no longer required the school will deactivate them.


9.    How the school manages CCTV and surveillance

  • The school is registered as a data controller with the Information Commissioner’s Office, which also covers the use of surveillance systems.


  • CCTV warning signs are clearly and prominently placed at all external entrances to the school, including gates if coverage includes outdoor areas and high impact privacy zones. The signs contain details of the purpose for using CCTV e.g. public safety or crime prevention.


  • In areas where CCTV is used, the school ensure that there are prominent signs placed at both the entrance of the CCTV zone and within the controlled area.


  • The surveillance system is a closed digital system will not record audio by default, as audio recording may be considered an excessive intrusion of privacy. If audio recording is possible, this option will be turned off.


  • The surveillance system has been designed for maximum effectiveness and efficiency; however, the school cannot guarantee that every incident will be detected or covered and ‘blind spots’ may exist.


  • The surveillance system will not be trained on individuals unless an immediate response to an incident is required.


  • The surveillance system will not be trained on private vehicles or property outside the perimeter of the school.


10.         Security

  • Access to the surveillance system, software and data is strictly limited to authorised members of the Senior Leadership Team and IT Services. A list of authorised users can be found on the Privacy Impact Assessment (PIA) for CCTV.


  • Access to the surveillance system is password protected following password requirements stated within the schools Cyber Security Policy and used Multi-Factor Authorisation (MFA) where possible.


  • Access to the surveillance system can only be accessed via pre-authorised computers.


  • The networking infrastructure controlling the system is kept secure and locked when not in use.


  • The surveillance systems will be tested for security flaws once a term to ensure that they are being properly maintained at all times.


  • The school Senior Leadership Team and IT Services Team will decide when to record footage, e.g. continuous loop outside the grounds to deter


  • Any unnecessary footage captured will be securely deleted from the


  • Any cameras that present faults will be repaired as soon as possible to avoid any risk of a data


  • Staff must request access to footage using the school’s CCTV Request Form on eForms and approval by a member of the Senior Leadership Team is required.


  • A CCTV Incident Report must be completed by the staff member who accessed the footage.



11.         Convert Monitoring

  • The school may in exceptional circumstances set up covert monitoring. For example:
  • Where there is good cause to suspect that an illegal or unauthorised action(s), is taking place, or where there are grounds to suspect serious misconduct.
  • Where notifying the individuals about the monitoring would seriously prejudice the reason for making the recording.


  • In these circumstances authorisation must be obtained from a member of the Senior Leadership Team.


  • Covert monitoring must cease following completion of an investigation.


  • Cameras sited for the purpose of covert monitoring will not be used in areas which are reasonably expected to be private, for example toilets.


  • The Human Rights and Employment Rights of all the people who use the school must be respected and covert monitoring must only be used as a last resort.


12.         Storage and retention of images

  • Recorded data will not be retained for longer than is necessary. While retained, the integrity of the recordings will be maintained to ensure their evidential value and to protect the rights of the people whose images have been recorded.


  • The CCTV images will be kept for 30 days (in line with the purpose for recording this data) unless there is a current incident that is being investigated;


  • All retained data must be stored in a searchable system. Only a primary copy should be kept, and secondary copies should only be created in exceptional circumstances.


  • All retained data will be stored securely and will be listed on the school’s Data Asset Audit.


13.         Subject Access Requests (SARs)

  • Individuals have the right to request access to video footage relating to themselves under the Data Protection Act 2018.


  • All requests should be made to the Director of Finance & Operations. Individuals submitting requests for access will be asked to provide sufficient information to enable the footage relating to them to be identified, for example, date, time and location. Requests may be written or verbal.


  • The school will immediately indicate receipt and then respond within one calendar month of receiving the request.


  • The school reserves the right to refuse access to video footage where this would prejudice the legal rights of other individuals or jeopardise an ongoing investigation.


  • All attempts will be made to allow the viewing of the video. If others can be identified, the school will assess the risk to others from the video being viewed by the requester. If there is likely to be a risk of harm, the school may consider the following options where appropriate:
  • Obtain the consent of others to share the video with the requester;
  • Use video-editing software to blur the faces of others who can be identified from the video;
  • Provide selected still images from the video and blur the identifiable faces;
  • Provide a transcript or written description of the contents of the video.


  • If all options have been considered and the school still consider there to be a risk to others from the requester viewing the video, the school may decline the request to view the video (although relevant exemptions in the Data Protection Act 2018 will need to be identified by the school provided to the requester).


  • The school should not provide copies of the video to others unless instructed to do so in law or there is no risk to individuals who may be identifiable from the video.


14.         Access to and disclosure to other third parties

  • There will be no disclosure of recorded data to third parties other than to authorised personnel such as the Police and service providers to the school where these would reasonably need access to the data (e.g. investigators) and with the correct authorisation.


  • Requests from third parties should be made in writing to the Headteacher or Director of Finance and Operations or the Data Protection Officer. However, consideration must also be given to the following paragraph (14.3)


  • Consideration should always be given to the safeguarding and best interest of pupils. Data Protection should not be used as an excuse to prevent the viewing of images if there is an overwhelming need. All disclosures and the reasons for release should be recorded.


  • The data may be used within the school‘s discipline and grievance procedures as required and will be subject to the usual confidentiality requirements of those procedures. This will be communicated to staff through the school Privacy Notices.


15.         Complaints

  • Complaints and enquiries about the operation of CCTV within the school should be directed to the Headteacher, Director of Finance and Operations or the Data Protection Officer in the first instance.


The second issue of the Kingsmead Newsletter is now available. A packed edition with staff and student news, fundraising, events and sporting successes. All in an easy-to-read flip book, no need to download!

Skip to content