CCTV Policy and Guidance

From Wiki

Jump to:navigation, search

To aid and improve security of buildings and facilities, and for the security and protection of staff and students, [school name] is moving to an environment of greater control. This covers several areas but this document deals with the implementation and use of CCTV.

Common CCTV systems are now based around digital technology and therefore need to be treated as information that will be processed under the general principles of the Data Protection Act 1998. We will be following the CCTV Code of Conduct generated by the Data Protection Commissioner in July 2000 (available via the Information Commissioner’s Office).

[School name] is committed to ensure that the data will be

  • fairly and lawfully processed;
  • processed for limited purposes and not in any manner incompatible with those purposes;
  • adequate, relevant and not excessive;
  • accurate;
  • not kept for longer than is necessary;
  • processed in accordance with individuals’ rights;
  • secure;
  • not transferred to countries without adequate protection.

The person ultimately responsible for Data Protection within Lodge Park Technology College is the Headteacher. Those with designated management are the nominated Data Control Officer and the nominated Financial Officer.

These are [name], [position], and [name], [position].

The requirements of the scheme were assessed by the above, in conjunction with the Estates Manager.

The purpose of the scheme is to ensure that key areas of the site of [school name] are available for recording and monitoring for training purposes, are kept secure from intrusion, damage or disruption and those within the site of [school name] from intentional or accidental hurt, or for such incidents to be monitored, either in real-time or for subsequent investigation.

Siting of cameras is documented in Appendix I, with a brief summary for requirements for cameras in that location.

All relevant stakeholders will be informed of the use and purpose of the site of [school name] by letter, by electronic notification and by signage, where appropriate. All signage will be relevant to the location, including the identity of the College, the purpose of the scheme and details of who to contact regarding the scheme, eg for a sign with a camera symbol “This scheme is controlled by [school name]. For further information contact the [position], [contact number]”

The quality of images produced by the equipment will be such that positive matches against any existing member of staff, student, authorised visitor or unauthorised intruder may be made by nominated personnel or legal authorites. This may only be done in accordance with the purpose of the scheme, eg legal authorities identifying intruders, Heads of Year identifying perpetrators of vandalism. Records of assessments made will be logged, including who requested the match, who made the assessment, which subjects were involved and whether the match was positive or not. A sample log sheet is attached as Appendix II. All cameras and equipment will require regular maintenance, by [school name] staff or by 3rd party contactors. Such maintenance will be logged in the sample maintenance log attached as Appendix III, including periods of repair, unavailability of equipment and quality of maintenance and / or repair.

Images will be kept no longer than is necessary. For [school name] this will be 31 days, unless a request has been made for images to be processed or assessed by relevant members of staff or by a legal authority. Such data will be retain only for the period required for any investigation or legal proceedings to take place and be concluded. Images required for evidential purposes will be retained in a secure location. Once the retention period has expired the images will be removed or erased. Should media, on which images have been recorded, be removed for use in legal proceedings the nominated operator will ensure that the following is documented:

1) the date on which the images were removed from the general system for use in legal proceedings.
2) The reason why they were removed from the system.
3) Any crime incident number to which images may be relevant.
4) The location of the images.
For example – if the images were handed to a police officer for retention, the name and station of that police officer.
5) The signature of the collecting police officer, where appropriate.
6) The reason for the viewing.
7) The names, where appropriate, of those who viewed the images.
8) The outcome of any viewing.
9) The date and time the images were returned to the system or secure location (if they still require retention).

All operators will receive instruction in the Data Protection Principles involved when view images, whether monitoring in real-time or recorded images. This includes ensuring that no others shall view images outside of the purposes of the scheme, access to images by those outside of the control of the scheme shall be limited to legitimate reasons associated with the purpose of the scheme. For example – Law enforcement agencies where images recorded would assist in a specific criminal enquiry associated with the College, prosecution agencies, relevant legal authorities, the media (where it is decided that the public’s assistance is needed in order to assist with the identification of victim, witness or perpetrator in relation to a criminal incident. As part of that decision, the wishes of the victim of an incident should be taken into account). The decision to allow access to those outside of the scheme shall be taken by two members of senior staff, one of which must be either the Headteacher or nominated person.

The College will not make images more widely available by any media other than those specified above. Third parties with access to images are required to sign a statement to say that they agree to abide by the College’s published policy and procedures for the use of CCTV images, including forming a contractual obligation if required. All parties will follow the Data Protection Principles at all times.

Access by data subjects is a right provided under section 7 of the Data Protection Act 1998. The College recognises this right and will follow a standard set of procedures should a request be made upon a completed request form being submitted to the Headteacher or nominated person. Any fee charged will be made clear on the request form. Requests will be processed within a specified time period (ie 21 days of receiving the required fee and information).

The person making the request must be clearly identified and made known to the operator. This may require the presentation of legal documentation with photographs, eg passport or driving licence. Other members of staff may be requested to vouch for the person making the request and this shall be recorded. Individuals will be provided with a leaflet which describes the types of images which are recorded, the purposes for which they are recorded and retained and the disclosure policy in relation to those images. This leaflet, attached as Appendix IV, will be provided at the time that the individual is presented with the request form. Where possible, the information request form should be completed by the person making the request.

The Headteacher or nominated person will consult with relevant members of staff to determine whether it is appropriate for images of other parties to be disclosed to an individual, and whether any images which include third parties are held in confidence. If third party images are not to be disclosed then the Headteacher or nominated person is to arrange for third party images to be disguised or blurred. If this is completed by a company or third party then a contractual relationship may be required in addition to signing agreement to follow the College’s policy on use of images.

All requests should be dealt with under the following procedure.

1) All staff involved in operating the equipment must be able to recognise a request from an individual to :
a. Prevent processing likely to cause substantial and unwarranted damage to that individual.
b. Prevent automated decision taking in relation to an individual.
2) In relation to a request to prevent processing likely to cause substantial and unwarranted damage, the Headteacher’s or nominated person’s response should indicate whether he or she will comply with the request or not.
3) The Headteacher or nominated person must provide a written response to the individual with 21 days of receiving the request setting out their decision on the request.
4) If the Headteacher, or nominated person, decide that the request will not be complied with, they must set out their reasons in the response to the individual.
5) A copy of the request and the response will be retained for the period specified for all data requests under the Data Protection Policy.
6) If an automated decision is made about an individual, the Headteacher or nominated person must notify the individual of that decision.
7) If, within 21 days of that notification, the individual requires, in writing, the decision to be reconsidered, the Headteacher or nominated person shall reconsider the automated decision.
8) On receipt of a request to reconsider an automated decision, the Headteacher or nominated person shall respond within 21 days setting out the steps that they intend to take to comply with the individual’s request.
9) All correspondence dealing with requests, decisions, appeals and subsequent responses shall be documented and retained as per the schedule specified with the College’s Retention Schedule as held in Appendix II of the Freedom of Information Act policy.

All staff who may come into contact with images, individuals requesting access to images or third parties requesting information about images will be made aware of this policy, the contents and procedures involved. Nominated operators are recorded in Appendix V and additions or deletions from this list will be made by the Headteacher. The amended appendix will be publish at the first opportunity. Complaints about any part of this policy or procedures contained within will be dealt with by the College’s Complaint Procedure. This policy and containing procedures are subject to ratification by the Governing Body and will be reviewed annually. A report on requests, incidents and complaints will be made annually and information made available as per guidance in the College’s Freedom of Information Act policy.