Understanding the Surveillance Camera Code of Practice

This guide breaks down what the Code is, who must follow it, how it links with the ICO’s expectations, and what practical steps help you stay on the right side of scrutiny, especially when body-worn camera code of practice requirements sit alongside wider surveillance duties.

What is the Surveillance Camera Code of Practice?

The Surveillance Camera Code of Practice is guidance issued under the Protection of Freedoms framework for the appropriate and effective use of surveillance camera systems in public places. It is built around 12 guiding principles that focus on legitimacy, transparency, necessity, proportionality, security, accountability, and good governance.

The big idea is simple: surveillance must be used for a clearly defined purpose, delivered in a way that is proportionate to risk, and managed so that images and information are handled responsibly. That means you need more than a camera spec sheet and a retention setting. You need documented decision-making, training, access controls, audit trails, and a consistent operating model.

You will often see the Code referred to in different ways, including the Code of Practice for surveillance camera systems and the ICO Surveillance Camera Code of Practice. In practice, organisations should treat the Code as the governance backbone for surveillance operations, while aligning day-to-day privacy and data protection practice with ICO guidance on CCTV and video surveillance.

Who must comply with the Code?

In England and Wales, the Protection of Freedoms framework places a legal duty on “relevant authorities” to have regard to the Code when operating overt surveillance camera systems in public places. In practical terms, this includes:

• Local authorities (as defined by the Local Government Act 1972), including councils, the Greater London Authority, the Council of the Isles of Scilly, parish meetings, and the City of London when acting as a local authority.

   

• Certain specific local-authority bodies, including the Sub‑Treasurer of the Inner Temple and the Under‑Treasurer of the Middle Temple (in their local authority capacity).

   

• Policing bodies, including Police and Crime Commissioners, the Mayor’s Office for Policing and Crime (MOPAC), the City of London when acting as a police authority, and chief officers of police forces in England and Wales.

   

• The “chief officer” definition also covers the British Transport Police, Civil Nuclear Constabulary, Ministry of Defence Police, and the National Crime Agency.
  
  

For private sector organisations, contractors, venues, and operators, the statutory duty may not apply in the same way, but you are still accountable under data protection law. Aligning to the Code is a practical way to show your surveillance is justified, controlled, and professionally run, especially where you work alongside public bodies or your footage supports investigations, enforcement, or staff safety.

How the Code applies to body-worn cameras

Body-worn cameras raise the same governance questions as fixed CCTV, but with extra operational realities:

• Recording is mobile and unpredictable, not tied to a fixed viewpoint.
• Audio capture can be more intrusive than video alone.
• Footage can include vulnerable people, children, private conversations, and high-stress incidents.
• Devices are carried by individuals, so training and accountability matter even more.
  
  

A robust body-worn camera code of practice approach should cover the full lifecycle:

1) Purpose and trigger rules

Be clear on why you use body-worn video, for example, staff safety, deterring aggression, evidence capture, and incident review. Then set simple trigger rules:

• When the recording starts
• When it should not start
• When it stops
• How verbal announcements are handled
  
  

Clear rules support compliance and staff confidence.

2) Visibility and transparency

The Code prioritises transparency, so focus on practical communication:

• Public-facing notices in relevant areas
• On-device indicators where possible
• Consistent verbal notification
• Easy routes for people to request information
  
  

3) Data handling that matches operational reality

Body-worn footage is only as defensible as the system behind it: secure upload or docking, encryption, role-based access, audit logs, and clear retention. Issues usually appear when the workflow is not designed end-to-end.

Self-assessment tool and how to use it

The Surveillance Camera Code of Practice self-assessment tool is one of the most useful pieces of practical guidance available. It maps your operation against the 12 guiding principles and helps you document what you do, what evidence you have, and what needs improvement.

Importantly, the tool is not limited to fixed CCTV. It is designed to support self-assessment across CCTV, ANPR, body-worn video, drones, and other camera types, making it a sensible baseline for mixed estates.

A practical way to use the tool is to treat it as a mini-audit cycle:

1. Assign ownership: name the operational owner and the governance owner.
2. Gather evidence: policies, DPIAs, signage plans, training records, access logs, retention settings, supplier contracts, and incident procedures.
3. Score honestly: the value is in identifying gaps early, not in trying to look perfect.
4. Create an improvement plan: define actions, owners, and dates.
5. Repeat: revisit after major changes, incidents, or at least annually.
   
   

If you operate in a regulated environment, or you support public-facing safety teams, being able to show a completed self-assessment (and an improvement plan) is often the difference between “we think we are compliant” and “we can evidence compliance”.

Practical steps for compliance

The Code is principle-led, so the goal is turning those principles into repeatable day-to-day practice.

Build governance that stands up to scrutiny

Treat surveillance as a governed function, not just a camera rollout. Assign an owner, maintain a register of systems and purposes, and keep policies, approvals, and escalation routes clear and current.

Keep your DPIA practical

Where a DPIA is required, make it usable. It should reflect real operations, including trigger rules, retention, access and sharing, signage, supplier responsibilities, and the mitigations you rely on.

Design the workflow end-to-end

Most compliance failures happen in the handoffs. Define how footage moves from device to storage, who can access it and why, what happens if equipment is lost, how subject access requests are handled, and how evidence is exported securely.

Train the people who use it

Policies only work if they are followed. Train staff and supervisors on when to record, how to review footage appropriately, and how to protect privacy and dignity in high-pressure situations.

Make retention and suppliers defensible

Set retention by purpose and risk, automate deletion, and use platforms that support encryption, role-based access, audit logs, and controlled exports, then make sure supplier responsibilities are clearly documented.

Where Radiocoms fits in

For many teams, the challenge is not understanding what good looks like; it is delivering it consistently across sites, teams, and shifts. Radiocoms supports organisations with body-worn cameras and badges designed for professional use, alongside the practical guidance needed to deploy them responsibly.

That includes helping you think through the real-world workflow: how cameras are issued and returned, how footage is captured and uploaded, how access is controlled, how retention is applied, and how evidence is exported when it matters.

If you are assessing options, start with your governance questions first, then match the technology to the operating model you need. If you’d like support, feel free to reach out.