The UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.

This page contains resources and support that organisations in the police, justice and surveillance sector may find useful. 

Appropriate policy document

Paying the data protection fee

On 1 April 2019, the rules around paying the data protection fee changed. Members of the House of Lords, elected representatives and prospective representatives (including police and crime commissioners) are exempt from paying a fee, unless they process personal data for purposes other than the exercise of their functions as a Member of the House of Lords, an elected representative or as a prospective representative. For more information, read our guidance on the data protection fee.

The use of live facial recognition technology by law enforcement in public places

The Information Commissioner has issued the first Commissioner’s Opinion under data protection law about the use of live facial recognition technology be law enforcement. 

Processing gangs information: a checklist for police forces

The ICO recently issued an Enforcement Notice to the Metropolitan Police Service (MPS) in relation to their Gangs Matrix, after we found it breached data protection laws. You can read a blog about it. The ICO is also investigating how information about gangs is used by other public authorities.

This checklist has been created specifically for police forces who might be using, or considering using, a Gangs Matrix, or similar system. Please note that the checklist will help you to assess compliance with data protection law, and is a guide – not a guarantee of compliance.


Our team often receives enquiries about surveillance technology including body worn video, ANPR and unmanned aerial systems. Advice about these technologies is provided in the updated version of the CCTV code of practice. The code sets out the Information Commissioner’s recommendations on how organisations can process personal data within the legal requirements of the Data Protection Act when using these technologies.

Toolkit for organisations considering using data analytics

A toolkit designed to help the law enforcement sector comply with data protection law when using data analytics has been created by the ICO. The toolkit will be most helpful to you if your organisation is at the beginning of your data analytics project lifecycle. It will help you to recognise some of the central risks to the rights and freedoms of individuals created by the use of data analytics.

The Home Office has published detailed guidance for police forces about the use of body worn video (BWV), which takes into account the management of personal data obtained by the cameras.

Guidance about data protection concerns and BWV was also produced by The College of Policing in August 2014.

 You may also be interested in reading our guide on the responsible recreational use of drones – also called unmanned aerial systems (UAS) or unmanned aerial vehicles (UAVs).

We liaise with the Surveillance Camera Commissioner where appropriate. The Surveillance Camera Commissioner has also produced a code of practice. 

There is more information available about the role of the Surveillance Camera Commissioner and the tools available to help with compliance.


Data Controllers must ensure that they take appropriate technical and organisational measures against unlawful or unauthorised processing, accidental loss, destruction or damage to personal data.  Some of the ICO’s largest civil monetary penalties have been served on data controllers in the police, justice and borders sectors. This frequently occurs where insufficient safeguards have been in place for handling sensitive personal data. Here you will find advice on security measures safeguarding cloud computing and privacy impact assessments.

Further reading