Introduction and scope
We use surveillance camera systems for a variety of purposes.
To ensure the use of any surveillance camera system considers the effect on individuals and their privacy they must be operated in a manner which meets:
- our statutory obligations
- relevant codes of practice
Aim
The aim of this policy is to set out our commitment and approach to meeting our legal obligations when using surveillance camera systems. Such legislation includes:
- Data Protection Act 2018
- UK General Data Protection Regulation
- Protection of Freedoms Act 2012
- any other applicable law concerning:
- the use of a surveillance camera system
- processing of personal data
It also aims to assist us to comply with the Surveillance Camera Code of Practice (the Code) issued by the Biometrics and Surveillance Camera Commissioner (BSCC).
This policy must be read alongside our Data protection policy. This explains in more detail how we process personal data.
Scope
This policy applies to all our overt (open) use of surveillance camera systems. A surveillance camera system means :
- closed circuit television or automatic number plate recognition systems
- any other systems for recording or viewing visual images for surveillance purposes
- any systems for storing, receiving, transmitting, processing or checking images or information obtained by systems falling within the above; or
- any other systems associated with, or otherwise connected with, systems falling within the above
Within the council such systems could include:
- internal and external closed-circuit television (CCTV)
- body worn video (BWV)
- dashboard mounted cameras (‘dash-cams’)
- mobile camera systems
- automatic number plate recognition (ANPR); and
- unmanned aerial systems (UAS or Drones)
This policy does not apply to covert (secret) use of surveillance camera systems. This is governed specifically by the Regulation of Investigatory Powers Act 2000 (RIPA). We set out the requirements of this in our RIPA Policy.
Our roles and responsibilities
We have in place the following roles and responsibilities. These support the implementation of this policy:
- The Chief Executive has ultimate responsibility for ensuring that surveillance camera systems used by us adhere to the 12 guiding principles set out in the Surveillance Camera Code of Practice (listed at Appendix A).
- the Senior Information Risk Owner (SIRO) is the owner of information risk and management at director level. They are responsible for leading and fostering a culture that values, protects and uses information in a way that benefits us and our service users
- the Senior Responsible Officer (SRO) has strategic responsibility for the integrity and effectiveness of the processes regarding the use of surveillance camera systems. This role is currently fulfilled by our Data Protection Officer
- the Information Assurance Team act as the single point of contact regarding our use of surveillance camera systems. They support the SRO regarding compliance with our legal obligations and relevant codes of practice
- System Operators are our employees that have been given responsibility for the day to day management of a surveillance camera system.
- System Users support System Operators to meet their responsibilities. They are our employees who have contact with the surveillance camera systems either as:
- a direct responsibility
- a peripheral task
- Information Asset Owners (IAO) are individuals appointed to ensure that specific information assets are handled and managed appropriately. IAO’s are key decision makers across the information they own. They are responsible for ensuring that any use of surveillance camera systems across their assets are identified to the SRO.
- All managers are responsible for ensuring that:
- the requirements of this policy are integrated into service procedures
- that staff comply with all relevant policies in their area of responsibility
Biometrics and surveillance camera commissioner (BSCC)
System operators
System operators shall:
- support the development of a surveillance camera system
- help to define its purpose
- oversee the use or processing of images or other information obtained by such system
- the SRO shall provide system operators with detailed guidance and support to enable them to understand and fulfill their role
Use of surveillance camera systems
Each surveillance camera system will have its own site or task specific objectives, for example protecting areas and premises used by our officers and members of the public by deterring and detecting crime and anti-social behaviour.
We will ensure that:
- the use of a surveillance camera system is in pursuit of a legitimate aim
- the installation or deployment of such a system is a proportionate and necessary response in those circumstances
We will aim to ensure that the use of new surveillance camera systems is subject to both:
- a Data Protection Impact Assessment
- an assessment against the Surveillance Camera Commissioner’s Self-Assessment Tool. The outcome of that assessment shall be subject to regular review
We will ensure that clear signage is in place identifying when an individual is entering into an area that is monitored by a surveillance camera system. Signage will identify the council as the organisation responsible for the information captured by that system. It will state the purpose for which the recording is taking place along with contact details for further information.
We shall ensure that privacy notices include appropriate information to inform individuals where their personal data may be processed by a surveillance camera system.
Security of surveillance camera systems, images and recordings
We will restrict access to surveillance camera systems, images and recordings only to those who have a clearly defined business need. System Operators are responsible for determining who can access the system.
We shall ensure that any person who is required to operate and, or access a surveillance camera system is appropriately trained.
We shall ensure that there are effective security measures in place to ensure the integrity of:
- our surveillance camera systems
- the images and information recorded by them
All images and information obtained from a surveillance camera system shall be subject to our information security policies and procedures.
Retention
We will not keep images and information obtained from a surveillance camera system for longer than is necessary to fulfill the purpose for which they were obtained.
We will agree retention periods for each surveillance camera system. We will review these at appropriate intervals.
Disclosure of images and recordings
We will control the disclosure of images and recordings obtained from a surveillance camera system. This will ensure consistency with the stated purpose for which the system was established.
We will consider any request to access images and recordings obtained from a surveillance camera system on a case by case basis. Advice should be sought from the SRO or Information Assurance Team prior to any information being shared.
We shall ensure individuals are able to exercise their data protection rights in respect of images and recordings obtained from a surveillance camera system. Such requests will be considered in accordance with data protection legislation.
We shall ensure that appropriate records are maintained in respect of all requests for disclosure of images and recordings obtained from a surveillance camera system.
Further information and review
For further information please email:
- the SRO at dpo@lincolnshire.gov.uk or
- the Information Assurance Team at IA@lincolnshire.gov.uk
Policy review
We will review this policy on an annual basis.
Biometrics and Surveillance Camera Commissioner’s 12 Guiding Principle
- Use of a surveillance camera system must always be for a specified purpose which is in pursuit of a legitimate aim and necessary to meet an identified pressing need.
- The use of a surveillance camera system must take into account its effect on individuals and their privacy, with regular reviews to ensure it remains justified.
- There must be as much transparency in the use of a surveillance camera system as possible, including a published contact point for access to information and complaints.
- There must be clear responsibility and accountability for all surveillance camera system activities including images and information collected, held and used.
- Clear rules, policies and procedures must be in place before a surveillance camera system is used, and these must be communicated to all who needed to comply with them.
- No more images and information should be stored than that which is strictly required for the stated purpose of a surveillance camera system, and such images and information should be securely deleted once their purposes have been discharged.
- Access to retained images and information should be restricted and there must be clearly defined rules on who can gain access and for what purpose such access is granted; the disclosure of images and information should only take place when it is necessary for such a purpose or for law enforcement purposes.
- Surveillance camera system operators should consider any approved operational, technical and competency standards relevant to a system and its purpose and work to meet and maintain those standards.
- Surveillance camera system images and information should be subject to appropriate security measures to safeguard against unauthorised access and use.
- There should be effective review and audit mechanisms to ensure legal requirements, policies and standards are complied with in practice, and regular reports should be published.
- When the use of a surveillance camera system is in pursuit of a legitimate aim, and there is a pressing need for its use, it should then be used in the most effective way to support public safety and law enforcement with the aim of processing images and information of evidential value.
- Any information used to support a surveillance camera system which compares against a reference database for matching purposes should be accurate and kept up to date.