Luckily, there is a simple answer for this and no need for extensive polices or procedures. Only one policy statement is necessary that can be placed in your employee manual, or any other document, that is the most forceful for all staff.
Only [person] or the security officer can approve or release photos from [institution's] security camera systems. Any staff member allowing for the release of security footage can be terminated for releasing this information without proper approval." This is very clear and will make people think twice about it.
When you add it to the existing policies, send an e-mail to staff about the addition and explain the problems of releasing photos to anyone, including law enforcement, without proper documentation. For example, "The release of photographs from our camera system without subpoenas or proper documentation places the bank in violation of staff and customer privacy. If a staff member were to deliver a photograph to law enforcement without a subpoena, this could result in a lawsuit against the financial institution. The institution could be compromised if a photo was released, causing harm to someone's reputation or our image. There are many reasons for not releasing photographs for any reason without permission. Failure to follow this policy are grounds for immediate termination.
Learn more about Barry Thompson and Randall Phillips
25 Critical Mistakes a Smart Institution NEVER Makes “Updated”