Introduction
We use surveillance camera systems for a variety of purposes. This policy ensures these systems are used in a way that complies with legal requirements. These include:
- meeting our statutory obligations
- following relevant codes of practice
Aim
The aim of this policy is to set out our commitment and approach to meeting our legal obligations when using surveillance camera systems. Such legislation includes:
- Data Protection Act 2018
- UK General Data Protection Regulation
- Protection of Freedoms Act 2012
- any other applicable law concerning:
- the use of a surveillance camera system
- processing of personal data
This policy also supports our adherence to the Surveillance Camera Code of Practice (the Code) issued by the Biometrics and Surveillance Camera Commissioner (BSCC).
This policy must be read alongside our Data protection policy. This explains in more detail how we process personal data.
Scope
This policy covers all overt (visible) surveillance camera systems, including:
- CCTV
- body-worn video (BWV)
- dash-cams
- mobile cameras
- automatic number plate recognition (ANPR)
- drones
This policy does not apply to covert (secret) use of surveillance camera systems, which are regulated under the Regulation of Investigatory Powers Act 2000 (RIPA).
Roles and responsibilities
Chief executive
Is ultimately responsible for ensuring compliance with the 12 guiding principles in the Surveillance Camera Code of Practice (listed at Appendix A).
Senior information risk owner (SIRO)
Owns information risk management at director level and is responsible for leading and fostering a culture that values, protects and uses information responsibly.
Senior responsible officer (SRO)
Oversees the use of surveillance systems and assures the integrity and effectiveness of applicable processes and procedures. This role is currently fulfilled by our data protection officer.
Information assurance team
Acts as the single point of contact regarding the councils use of surveillance camera systems and ensures compliance with our legal obligations and relevant codes of practice.
System operators
Manage day-to-day surveillance system operations.
System users
Assist system operators in their duties.
Information asset owners
Oversee specific information assets and are key decision makers across information they are responsible for.
Managers
Ensure that the requirements of this policy are integrated into service procedures and that staff comply with all policies relevant to their role.
Biometrics and surveillance camera commissioner (BSCC)
System operators
System operators are responsible for:
- supporting the development of a surveillance camera systems
- defining their purpose
- overseeing the use or processing of images or other information obtained by such systems
The SRO will provide system operators with detailed guidance and support to enable them to understand and fulfill their role.
Use of surveillance camera systems
Each surveillance camera system will have clear objectives, such as protecting areas and premises used by our officers and members of the public by deterring and detecting crime and anti-social behaviour. We will:
- ensure systems have a legitimate purpose
- ensure they are proportionate and necessary
- place clear signage informing the public when they are being monitored
- assess and monitor the risks associated with the use of surveillance camera systems, by completion of a data protection impact assessment where appropriate
Security of systems, images and recordings
Access to systems and recordings will be restricted to only those who have a clearly defined business need. System operators are responsible for determining who can access the system.
We will ensure that any person who is required to operate and, or access a surveillance camera system is appropriately trained.
We will ensure that there are effective security measures in place to ensure the integrity of:
- our surveillance camera systems
- the images and information recorded by them
All images and information obtained from a surveillance camera system will be subject to our information security policies and procedures.
Retention
Images and information will be kept only as long as needed for the purpose they were collected.
We will agree retention periods for each surveillance camera system. We will review these at appropriate intervals.
Disclosure of images and recordings
We will carefully control the sharing of images and recordings obtained from surveillance camera systems.
Requests to access recordings will be evaluated on a case-by-case basis. Advice should be sought from the SRO or information assurance team prior to any information being shared.
We will ensure individuals are able to exercise their data protection rights in respect of images and recordings obtained from a surveillance camera system. Such requests will be considered in accordance with data protection legislation.
We will ensure that appropriate records are maintained in respect of all requests for disclosure of images and recordings obtained from a surveillance camera system.
Further information
For further information, contact:
- senior responsible officer: dpo@lincolnshire.gov.uk
- information assurance team: IA@lincolnshire.gov.uk
Review
We will review this policy on an annual basis.
Appendix A
Biometrics and surveillance camera commissioner’s 12 guiding principle
- Use of a surveillance camera system must always be for a specified purpose which is in pursuit of a legitimate aim and necessary to meet an identified pressing need.
- The use of a surveillance camera system must take into account its effect on individuals and their privacy, with regular reviews to ensure it remains justified.
- There must be as much transparency in the use of a surveillance camera system as possible, including a published contact point for access to information and complaints.
- There must be clear responsibility and accountability for all surveillance camera system activities including images and information collected, held and used.
- Clear rules, policies and procedures must be in place before a surveillance camera system is used, and these must be communicated to all who needed to comply with them.
- No more images and information should be stored than that which is strictly required for the stated purpose of a surveillance camera system, and such images and information should be securely deleted once their purposes have been discharged.
- Access to retained images and information should be restricted and there must be clearly defined rules on who can gain access and for what purpose such access is granted; the disclosure of images and information should only take place when it is necessary for such a purpose or for law enforcement purposes.
- Surveillance camera system operators should consider any approved operational, technical and competency standards relevant to a system and its purpose and work to meet and maintain those standards.
- Surveillance camera system images and information should be subject to appropriate security measures to safeguard against unauthorised access and use.
- There should be effective review and audit mechanisms to ensure legal requirements, policies and standards are complied with in practice, and regular reports should be published.
- When the use of a surveillance camera system is in pursuit of a legitimate aim, and there is a pressing need for its use, it should then be used in the most effective way to support public safety and law enforcement with the aim of processing images and information of evidential value.
- Any information used to support a surveillance camera system which compares against a reference database for matching purposes should be accurate and kept up to date.