In order to protect the security of surveillance data, you must be able to find it and track it.  Any policy that regulates the use of a surveillance system should require that the data collected be both indexed and secured.  Indexing the data not only helps to assure that you can account for its whereabouts, it also makes the information easier to use, maintain, and delete according to its retention policy.  Details about how the data is organized should be written into the policy to  facilitate permitted uses and to dissuade the use of data in new, unauthorized ways.

Surveillance data should be secured throughout its life cycle: during collection, storage, processing, and use.  At no time should data be allowed to pass through or reside on insecure systems.  To assure that any approved system is secure, it is important to work with independent experts who can help to design and implement processes and protocols that will adequately protect data.