Download original attachment
(Word document)
This is an HTML version of an attachment to the Freedom of Information request
'CCTV Policy'.
(Word document)
Redcar & Cleveland
Borough Council
CCTV Code of Practice
In respect of the operation of
Closed Circuit Television
In the Borough of
Redcar & Cleveland
November 2006
Redcar & Cleveland Borough Council
Kevan Taylor Security Manager, Eston Town Hall
Contents
Index |
i |
Certificate of Agreement |
ii |
|
|
|
|
Introduction and Objectives |
Section 1 |
Statement of Purpose and Principles |
Section 2 |
Privacy and Data Protection |
Section 3 |
Accountability and Public Information |
Section 4 |
Assessment of the System and the Code of Practice |
Section 5 |
Human Resources |
Section 6 |
Control and Operation of the Cameras |
Section 7 |
Access to, and Security of, Monitoring Room and/or Associated Equipment |
Section 8 |
Management of Recorded Material |
Section 9 |
Video Prints |
Section 10 |
|
|
|
|
References |
|
|
|
Appendices |
|
Key Personnel and their Responsibilities |
Appendix A |
Extracts from the Data Protection Act, 1998 |
Appendix B |
National Standard for the Release of Data to Third Parties |
Appendix C |
Restricted Access Notice |
Appendix D |
|
|
|
|
|
|
Code of Practice in Respect of
The Operation of CCTV
In the Borough of Redcar & Cleveland
Redcar & Cleveland Borough Council
And
Cleveland Police
Certificate of Agreement
The content of both this Code of Practice and the Procedural Manual are hereby approved in respect of the Redcar and Cleveland Closed Circuit Television System and,
as far as reasonably practicable, will be complied with by all who are involved in the
Management and operation of the System.
Signed for and on behalf of Redcar & Cleveland Borough Council
Signature: …………………… Name: ………………………..
Position held: ………………………………………………………..
Dated the ……………………. Day of ……………………….. 2006
Signed for and on behalf of Cleveland Police
Signature: ………………….. Name: ……………………..
Position held: ………………………………………………………
Dated the ……………………day of …………………………2006
Section 1
Introduction and Objectives
I Introduction
Closed Circuit Television (CCTV) systems have been introduced to the Borough of Redcar & Cleveland. The systems, which are known as the Grangetown, South Bank, Redcar, Saltburn, Skelton and Guisborough CCTV Systems', collectively known as the Redcar & Cleveland Borough Council system comprises a number of cameras installed at strategic locations. Most of the cameras are fully operational with pan, tilt and zoom facilities. (Others are fixed cameras, images from which are presented in the same room). Secondary monitoring and control facilities may be located at other locations (e.g. police control room) but there are no recording facilities at any location other than the monitoring room.
The Redcar & Cleveland Borough Council CCTV System have evolved from the formation of a partnership between Redcar & Cleveland Borough Council and Cleveland Police. For the purposes of this document, the `owner' of the system is Redcar & Cleveland Borough Council and the `manager' and therefore `data controller' is Redcar & Cleveland Borough Council. Details of key personnel, their responsibilities and contact points are shown at appendix A to this code.
II Objectives of the System
a. The objectives of a town centre CCTV system should include the following points:
To help reduce the fear of crime,
To help deter crime and detect crime
To assist in the overall management of Redcar and Cleveland town centre and its hinterland
To enhance community safety, boost the economy and encourage greater use of the town centre/shopping malls, etc
To assist the Local Authority in its enforcement and regulatory functions within the town centre
To assist with traffic management
To assist in supporting civil proceedings help detect crime, and
b) Within this broad outline, the Local Police Commander, in partnership with the Chief Executive will draw up, and publish specific key objectives which will be reviewed annually based on local concerns.
III Procedural Manual
This Code of Practice (hereafter referred to as `the Code') will be supplemented by a separate procedural manual that offers instructions on all aspects of the operation of the system. To ensure the purpose and principles (See Section 2) of the CCTV system are realised, the manual is based upon the contents of this Code of Practice.
Section 2
Statement of Purpose and Principles
I Purpose
The purpose of this document is to state the intention of both the owner and the manager, on behalf of the partnership as a whole and as far as is reasonably practicable, to support the objectives of the Redcar & Cleveland Borough Council CCTV System, (hereafter referred to as `The System') and to outline how it is intended to do so.
II General Principles
a) The System will be operated fairly, within the law, and only for the purposes for which it was established or which are subsequently agreed in accordance with this Code of Practice.
b) The system will be operated with due regard to the principle that everyone has the right to respect for his or her private and family life and their home.
c) The public interest in the operation of the system will be recognised by ensuring the security and integrity of operational procedures.
d) Throughout this Code of Practice it is intended, as far as reasonably possible, to offer a balance between the objectives of the CCTV System and the need to safeguard the individual's right to privacy. Throughout the Code every effort has been made to indicate that a formal structure has been put in place, (including a complaints procedure) by which it should be identified that the System is not only accountable, but is seen to be accountable.
e) Participation in the system by any local organisation, individual or authority assumes an agreement by all such participants to comply fully with this Code and to be accountable under the Code of Practice.
III Copyright
Copyright and ownership of all material recorded by virtue of the Redcar & Cleveland Borough Council CCTV System will remain with the data controller.
IV Cameras and Area Coverage
The areas covered by CCTV to which this Code of Practice refers within the Redcar & Cleveland Borough Council area. From time to time transportable or mobile cameras may be temporarily sited within the area. The use of such cameras, and the data produced by virtue of their use, will always accord with the objectives of the CCTV System.
The majority of the cameras offer full colour, pan tilt and zoom (PTZ) capability, some of which automatically switch to monochrome in low light conditions. None of the cameras forming part of the System will be installed in a covert manner.
V Monitoring and Recording Facilities
a) A staffed monitoring room is located at The Fabian Road, Eston. The CCTV equipment has the capability of recording all cameras simultaneously throughout every 24 hour period.
b) Secondary monitoring equipment is located in Police HQ at Ladgate Lane (However no equipment, other than that housed within the monitoring centre has the capability to record images, from any of the cameras).
c) CCTV operators are able to record images from selected cameras in real time, produce hard copies of recorded images, replay or copy an pre-recorded data at their discretion and in accordance with the Code of Practice.
VI Human Resources
Authorised persons will normally be present whenever the monitoring equipment is in use.
VII Processing and Handling of Recorded Material
All recorded material, whether recorded digitally, in analogue format or as a hard copy video print, will be processed and handled strictly in accordance with this Code of Practice and the Procedural Manual.
VIII Operators Instructions
Technical instructions on the use of equipment housed within the monitoring room are contained in a separate manual provided by the equipment suppliers.
IX Changes to the Code or the Procedural Manual
a) Any major changes to either the Code or the procedural manual (i.e. such as will have a significant impact upon the Code of Practice or upon the operation of the system) will take place only after consultation with all relevant interested groups, and upon the agreement of all organisations with a participatory role in the operation of the system.
b) A minor change, (i.e. such as may be required for clarification and will not have such a significant impact) may be agreed between the manager and the owner of the system.
Section 3
Privacy and Data Protection
I Public Concern
a) Although the majority of the public at large may have become accustomed to `being watched' those who do express concern do so mainly over matters pertaining to the processing of the information, (or data) i.e. what happens to the material that is obtained.
NB: `Processing' means obtaining, recording or holding the information or data or carrying out any operation or set of operations on the information or data, including;
i) organisation, adaptation or alteration of the information or data;
ii) retrieval, consultation or use of the information or data;
iii) disclosure of the information or data by transmission, dissemination or otherwise making available, or
iv) alignment, combination, blocking, erasure or destruction of the information or data.
b) All personal data obtained by virtue of the Redcar & Cleveland Borough Council CCTV System, shall be processed fairly and lawfully and, in particular, shall only be processed in the exercise of achieving the stated objectives of the system. In processing personal data there will be total respect for everyone's right to respect for his or her private and family life and their home.
II Data Protection Legislation
a) The Redcar & Cleveland Borough Council CCTV System is registered with the Office of the Information Commissioner; Redcar & Cleveland is the data controller and Richard Frankland is currently the Council's nominated contact.
b) All data will be processed in accordance with the principles of the Data Protection Act, 1998 which, in summarised form, includes, but is not limited to;
i) All personal data will be obtained and processed fairly and lawfully.
ii) Personal data will be held only for the purposes specified.
iii) Personal data will be used only for the purposes, and disclosed only to the people, shown within these codes of practice.
iv) Only personal data will be held which are adequate, relevant and not excessive in relation to the purpose for which the data are held.
v) Steps will be taken to ensure that personal data are accurate and where necessary, kept up to date.
vi) Personal data will be held for no longer than is necessary.
vii) Individuals will be allowed access to information held about them and, where appropriate, permitted to correct or erase it.
viii) Procedures will be implemented to put in place security measures to prevent unauthorised or accidental access to alteration, disclosure, or loss and destruction of, information.
III Request for information (subject access)
a) Any request from an individual for the disclosure of personal data which he/she believes is recorded by virtue of the system will be directed to the Information Security Officer of Redcar & Cleveland Borough Council.
b) The principles of Sections 7 and 8 of the Data Protection Act 1998 (Rights of Data Subjects and Others) should be followed in respect of every request, those Sections are reproduced as Appendix B to these codes. Section 10 of the Data Protection Act 1998 provides individuals with the right to prevent processing likely to cause damage or distress.
IV Exemptions to the Provision of Information
In considering a request made under the previsions of Section 7 of the Data Protection Act 1998, reference may also be made to Section 29 of the Act which includes, but is not limited to, the following statement:
a) Personal data processed for any of the following purposes -
i) the prevention or detection of crime
ii) the apprehension or prosecution of offenders
are exempt from the subject access provisions in any case `to the extent to which the application of those provisions to the data would be likely to prejudice any of the matters mentioned in this subsection'.
NB Each and every application will be assessed on its own merits and general `blanket exemptions' will not be applied.
V Criminal Procedures and Investigations Act, 1996
The Criminal Procedures and Investigations Act, 1996 came into effect in April, 1997 and introduced a statutory framework for the disclosure to defendants of material which the prosecution would not intend to use in the presentation of its own case, (known as unused material). An explanatory summary of the provisions of the Act is contained within the procedural manual, but disclosure of unused material under the provisions of this Act should not be confused with the obligations placed on the data controller by Section 7 of the Data Protection Act 1998, (known as subject access).
Section 4
Accountability and Public Information
I The Public
a) For reasons of security and confidentiality, access to the CCTV monitoring room is restricted in accordance with this Code of Practice. However, in the interest of openness and accountability, anyone wishing to visit the room may be permitted to do so, subject to the approval of, and after making prior arrangements with, the manager of the System.
b) Cameras will not be used to look into private residential property. `Privacy zones' may be programmed into the system as required in order to ensure that the interior of any private residential property within range of the system is not surveyed by the cameras.
c) A member of the public wishing to register a complaint with regard to any aspect of the Redcar & Cleveland Borough Council CCTV System may do so by contacting Redcar & Cleveland Borough Council office. Any such complaint will be dealt with in accordance with existing discipline rules and regulations to which all members of Redcar & Cleveland Borough Council, including the CCTV operators, are subject. An individual who suffers damage or distress by reason of any contravention of this Code of Practice, may be entitled to compensation from the System owner or operator.
II (System owner)
a) The named at Appendix A (Ia), being the nominated representative of the system owners, will have unrestricted personal access to the CCTV monitoring room and will be responsible for receiving regular and frequent reports from the manager of the system.
b) The named at Appendix A (Ia), may nominate a committee with a specific responsibility for receiving and considering those reports.
c) Formal consultation will take place between the owners and the managers of the system with regard to all aspects, including this Code of Practice and the procedural manual.
III System manager
a) The nominated manager named at Appendix A (IIa) will have day-to-day responsibility for the system as a whole.
b) The system will be audited by Mark Driver , (or nominated deputy whose organisational level of responsibility is at least equal to that of the system manager, but not the system manager).
c) The system manager will ensure that every complaint is acknowledged in writing within seven working days which will include advice to the complainant of the enquiry procedure to be undertaken. A formal six monthly report will be forwarded to the nominee of the system owner named at Appendix A, giving details of all complaints and the outcome of relevant enquiries.
d) Statistical and other relevant information, including any complaints made, will be included in the Annual Report of the Redcar & Cleveland Borough Council and will be made publicly available.
IV Public Information
a) Code of Practice: A copy of this Code of Practice, will be made available to anyone requesting them. Additional copies will be lodged at public libraries, police stations and offices of Redcar & Cleveland Borough Council.
b) Annual Report: A copy of the annual report will also be made available to anyone requesting it. Additional copies will be lodged at public libraries, police stations and offices of Redcar & Cleveland Borough Council.
c) Signs: Signs will be placed in the locality of the cameras and at main entrance points to the relevant areas, e.g. Railway and Bus Stations. The signs will indicate:
i) The presence of CCTV monitoring,
ii) The `ownership' of the system, i.e. Redcar & Cleveland Borough Council, and
iii) Contact telephone number of the `data controller' and/or `data processor' of the system.
Section 5
Assessment of the System and Code of Practice
I) Evaluation
The Redcar & Cleveland Borough Council Closed Circuit Television System will periodically be independently evaluated to establish whether the purpose of the system are being complied with and whether objectives are being achieved. The evaluation will incorporate such things as (for example, but not limited to):
i) An assessment of the impact upon crime
ii) An assessment of the impact on town centre business
iii) An assessment of neighbouring areas without CCTV
iv) The views and opinions of the public
v) The operation of the Code of Practice
vi) Whether the purposes for which the system was established are still relevant
vii) Cost effectiveness
The results of the evaluation will be published and will have a bearing on the future functioning, management and operation of the system.
II) Monitoring
The system manager will accept day-to-day responsibility for the monitoring, operation and evaluation of the system and the implementation of this Code of Practice.
III) Audit
The CCTV Task Group or their nominated representative, who is not the system manager, will be responsible for regularly auditing the operation of the system and the compliance with this Code of Practice. Audits, (which may be in the form of irregular spot checks) ill include examination of the monitoring room records, videotape histories and the content of recorded material.
IV) Inspection
a) A body of individuals who have no direct contact with the system will be responsible for inspecting the operation of the system.
b) Inspections should take place at least six times per calendar year by no more than two people at any one time. The inspectors will be permitted access to the CCTV monitoring room, without prior notice and to the records held therein at any time, provided their presence does not disrupt the operational functioning of the room. Their findings will be reported to the Auditor and their visit recorded in the CCTV monitoring room.
c) Inspectors will be required to sign a declaration of confidentiality (see Appendix F).
Section 6
Human Resources
I Staffing of the Monitoring Room
a) The CCTV Monitoring Room will be staffed in accordance with the procedural manual. Authorised personnel who will have been properly trained in its use and all monitoring room procedures will only operate equipment associated with the CCTV System. Each operator will be personally issued with a copy of both the codes of practice and the procedural manual. They will be fully conversant with the contents of both documents, which may be updated from time to time, and which he/she will be expected to comply with as far as is reasonably practicable at all times.
b) Arrangement may be made for a police liaison officer to be present in the monitoring room at certain times, or indeed at times, subject to locally agreed protocols. Any such person must also be conversant with these Codes of Practice and associated Procedural Manual.
II Discipline
a) Every individual with any responsibility under the terms of this Code of Practice and who has any involvement with the CCTV System to which they refer, will be subject to Redcar & Cleveland Borough Council discipline code. Any breach of this Codes of Practice or of any aspect of confidentiality will be dealt with in accordance with those discipline rules.
b) The System Manager will accept primary responsibility for ensuring there is no breach of security and that the Code of Practice is complied with. He/She has day-to-day responsibility for the management of the room and for enforcing the discipline rules. Non-compliance with this Code of Practice by any person will be considered a severe breach of discipline and dealt with accordingly including, if appropriate, the investigation of criminal proceedings.
III Declaration of Confidentiality
Every individual with any responsibility under the terms of this Code of Practice and who has any involvement with the CCTV System to which they refer, will be required to sign a declaration of confidentiality. (See Appendix E, See also Section 8 concerning access to the monitoring room by others).
Section 7
Control and Operation of Cameras
I) Guiding Principles
a) Any person operating the cameras will act with utmost probity at all times.
b) Every use of the cameras will accord with the purposes and key objectives of the system and shall be in compliance with this Code of Practice.
c) Cameras will not be used to look into private residential property. `Privacy zones' may be programmed into the system as required in order to ensure that the interior of any private residential property within range of the system is not surveyed by the cameras.
d) Camera operators will be mindful of exercising prejudices that may lead to complaints of the system being used for purposes other than those for which it is intended. The operators may be required to justify their interest in, or recording of, any particular individual, group of individuals or property at any time by virtue of the system or by the System Manager.
II Primary Control
Only those authorised members of staff with responsibility for using the CCTV equipment will have access to the operating controls, those operators have primacy of control at all times.
III Secondary Control
a) Secondary, monitoring and control facilities are provided at Cleveland Police HQ.
b) Subject to permission being granted by the CCTV operator, secondary control desk/s may override the control of cameras. The use of secondary control and monitoring facilities will be administered and recorded in accordance with this Code and the Procedural Manual.
c) When a secondary control or monitoring of cameras is being undertaken from a location outside of the CCTV monitoring room, the manager of that secondary site is responsible for ensuring compliance with this Code of Practice in full and at all times - especially ensuring this section is fully understood and complied with.
IV Operation of the System by the Police
a) Under extreme circumstances the Police may make a request to assume control of the CCTV System to which this Code of Practice applies. Only requests made on the written authority of a Police Officer not below the rank of Superintendent will be considered. Any such request will only be accommodated on the personal written authority of the most Senior Representative of the System owners, (or designated deputy of equal standing).
b) In the event of such a request being permitted, the Monitoring Room will continue to be staffed, and equipment operated by, only those personnel who are authorised to do so and who fall within the terms of Sections six and seven of this Code.
c) In very extreme circumstances a request may be made for the Police to take total control of the System in its entirety, including the staffing of the monitoring room and personal control of all associated equipment; to the exclusion of all representatives of the System owners. Any request will only be considered personally by the most Senior Officer of the System owners (or designated deputy of equal standing). A request for total exclusive control must be made in writing by a Police Officer not below the rank of Assistant Chief Constable.
Section 8
Access to, and Security of, Monitoring Room
And Associated Equipment
I Authorised Access
Only authorised personnel will operate any of the equipment located within the CCTV monitoring room, (or equipment associated with the CCTV system).
II Public Access
Public access to the monitoring and recording facility will be prohibited except for lawful, proper and sufficient reasons and only then with the personal authority of the System Manager. Any such visits will be conducted and recorded in accordance with the Procedural Manual.
III Authorised Visits
Visits by inspectors or auditors do not fall into the scope of the above paragraph and may take place at any time, without prior warning. No more than (two) inspectors or auditors will visit at any one time. Inspectors or Auditors will not influence the operation of any part of the system during their visit. The visit will be suspended in the event of it being operationally inconvenient. Any such visit should be recorded in the same way as that described above.
IV Declaration of Confidentiality
Regardless of their status, all visitors to the CCTV monitoring room, including inspectors and auditors, will be required to sign the visitors book and a declaration of confidentiality.
IV Security
Authorised personnel will normally be present at all times when the equipment is in use. If the monitoring facility is to be left unattended for any reason it will be secured. In the event of the monitoring room having to be evacuated for safety or security reasons, the provisions of the Procedural Manual will be complied with.
Section 9
Management of Recorded Material
I Guiding Principles
a) For the purposes of this Code `recorded material' means any material recorded by, or as the result of, technical equipment which forms part of the Redcar & Cleveland Borough Council Closed Circuit Television System, but specifically includes images recorded digitally, or on videotape or by way of video copying, including video prints.
b) Every video recording used in conjunction with the Redcar & Cleveland Borough Council CCTV System has the potential of containing material that has to be admitted in evidence at some point during its life span.
c) Members of the community must have total confidence that information recorded about their ordinary every day activities by virtue of the system, will be treated with due regard to their individual right to respect for their private and family life.
d) It is therefore of the utmost importance that every means (e.g. video tape) of video recording is treated strictly in accordance with this Code of Practice and the Procedural Manual from the moment it is delivered to the monitoring room until its final destruction. Every movement and usage will be meticulously recorded.
e) Access to, and the use of, recorded material will be strictly for the purposes defined in this Code of Practice only.
f) Recorded material will not be copied, sold, otherwise released or used for commercial purposes or for the provision of entertainment.
II National standard for the release of data to a third party
a) Every request for the release of personal data generated by this CCTV System will be channelled through the System Manager. The System Manager will ensure the principles contained within Appendix C to this Code of Practice are followed at all times.
b) In complying with the national standard for the release of data to a third party, it is intended, as far as reasonably practicable, to safeguard the individual's rights to privacy and to give effect to the following principles:
i) Recorded material shall be processed lawfully and fairly, and used only for the purposes defined in this Code of Practice;
ii) Access to recorded material will only take place in accordance with the standards outlined in Appendix C and this Code of Practice;
iii) The release or disclosure of data for commercial or entertainment purposes is specifically prohibited.
c) Members of the police service or other agency having a Statutory Authority to investigate and/or prosecute offences may, subject to compliance with Appendix C, release details of recorded information to the media only in an effort to identify alleged offenders or potential witnesses. Under such circumstances, full details will be recorded in accordance with the Procedural Manual.
d) If material is to be shown to witnesses, including police officers, for the purpose of obtaining identification evidence, it must be shown in accordance with Appendix C and the Procedural Manual.
e) It may be beneficial to make use of `real' video footage for the training and education of those involved in the operation and management of CCTV systems, and for those involved in the investigation, prevention and detection of crime. Any material recorded by virtue of this CCTV system will only be used for such bona fide training and education purposes. Recorded material will not be released for commercial or entertainment purposes.
IV Video Tapes - Provision & Quality
To ensure the quality of the tapes, and that recorded information will meet the criteria outlined by current Home Office guidelines, the only videotapes to be used with the system are those that have been specifically provided in accordance with the Procedural Manual.
V Tapes - Retention
a) Recorded tapes will be retained for a period of 31 days. Before reuse or destruction, each tape will be magnetically erased.
b) Videotapes will be used in accordance with the Procedural Manual. At the conclusion of their life within the CCTV System they will be destroyed.
VI Tape Register
Each tape will have a unique tracking record, which will be retained for at least three years, after the tape has been destroyed.
VII Recording Policy
Subject to the equipment functioning correctly, images from every camera will be recorded throughout every 24-hour period in real time onto three-hour S-VHS video tapes.
VIII Evidential Tapes
In the event of a tape being required for evidential purposes the procedures outlined in the Procedural Manual will be strictly complied with.
Section 10
Video Prints
Guiding Principles
a) A video print is a copy of an image or images which already exist on video tape/computer disc. Video prints will not be taken as a matter of routine. Each time a print is made it must be capable of justification by the originator who will be responsible for recording the full circumstances under which the print is taken in accordance with the Procedural Manual.
b) Video prints contain data and will therefore only be released under the terms of Appendix C to this Code of Practice, `Release of data to third parties'. If prints are released to the media, (in compliance with Appendix C), in an effort to identify alleged offenders or potential witnesses, full details will be recorded in accordance with the Procedural Manual.
c) A record will be maintained of all video print productions in accordance with the Procedural Manual. The recorded details will include; a sequential number; the date, time and location of the incident, date and time of the production of the print and the identity of the person requesting the print, (if relevant).
Appendix A
Key Personnel and Responsibilities
(I) Ownership
Redcar & Cleveland Borough Council
Redcar & Cleveland House
Kirkleatham Street
Redcar
TS10 1RT
a) Responsibilities:
Redcar & Cleveland is the `owner' of the system. The nominee Gary Flynn will be the single point of reference on behalf of the owners. His role will include a responsibility to:
i) Ensure the provision and maintenance of all equipment forming part of the Redcar & Cleveland CCTV System in accordance with contractual arrangements which the owners may from time to time enter into.
ii) Maintain close liaison with the monitoring centre and Cleveland Police.
iii) Ensure the interest of Redcar & Cleveland Borough Council and other organisations are upheld in accordance with the terms of this Code of Practice.
iv) In partnership with Cleveland Police, agree to any proposed alterations and additions to the system, this Code of Practice and / or the procedural manual.
II Management
Jarvis Accommodation Services
Innovations Centre
Vienna Court
Kirkleatham Business Park
Redcar
TS10 5SH
a) Responsibilities:
Kevan Taylor is the `Manager' of the system and `data processor'. His role will include a responsibility to:
i) Maintain day-to-day management of the system and staff;
ii) Accept overall responsibility for the system and for ensuring that this Code of Practice is complied with;
iii) Maintain direct liaison with the owners of the system.
Appendix B
Extracts from the Data Protection Act, 1998
Section 7
(1) Subject to the following provisions of this Section and to Sections 8 and 9, an individual is entitled:
(a) to be informed by any data controller whether personal data of which that individual is the data subject are being processed by or on behalf of that data controller,
(b) if that is the case, to be given by the data controller a description of -
(i) the personal data of which that individual is the data subject;
(ii) the purpose for which they are being or are to be processed;
(iii) the recipients or classes of recipients to whom they are or may be disclosed,
(c) to have communicated to him/her in an intelligible form:
(i) the information constituting any personal data of which that individual is the data subject, and
(ii) any information available to the data controller as the source of those data, and
(d) where the processing by automatic means of personal data of which that individual is the data subject for the purposes of evaluating matters relating to him/her such as, for example, his/her performance at work, his/her creditworthiness, his/her reliability or his/her conduct, has constituted or is likely to constitute the sole basis for any decision significantly affecting him/her, to be informed by the data controller of the logic involved in that decision-taking.
(2) A data controller is not obliged to supply any information under subsection (1) unless he/she has received:
(a) a request in writing, and
(b) except in prescribed cases, such fee (not exceeding the prescribed maximum) as he/she may require.
(3) A data controller is not obliged to comply with a request under this section unless he/she is supplied with such information as he/she may reasonably require in order to satisfy him/herself as to the identity of the person making the request and to locate the information which that person seeks.
(4) Where a data controller cannot comply with the request without disclosing information relating to another individual who can be identified from that information, he/she is not obliged to comply with the request unless: (a) the other individual has consented to the disclosure of the information to the person making the request, or ( b) it is reasonable in all the circumstances to comply with the request without the consent of the other individual.
(5) In subsection (4) the reference to information relating to another individual includes a reference to information identifying that individual as the source of the information sought by the request; and that subsection is not to be construed as excusing the data controller from communicating so much of the information sought by the request as can be communicated without disclosing the identity of the other individual concerned, whether by omission of names or other identifying particulars or otherwise.
(6) In determining for the purpose of subsection (4)(b) whether it is reasonable in all the circumstances to comply with the request without the consent of the other individual concerned, regard shall be had, in particular, to:
a) any duty of confidentiality owed to the other individual,
b) any steps taken by the data controller with a view to seeking the consent of the other individual,
c) whether the other individual is capable of giving consent, and
d) any express refusal of consent by the other individual.
(7) An individual making a request under this section may, in such cases as may be prescribed, specify that his/her request is limited to personal data of any prescribed description.
(8) Subject to subsection (4), a data controller shall comply with a request under this section promptly and in any event before the end of the prescribed period beginning with the relevant day.
(9) If a court is satisfied on the application of any person who has made a request under the forgoing provisions of this section that the data controller in question has failed to comply with the request in contravention of those provisions, the court may order him/her to comply with the request.
(10) In this section:
`prescribed' means prescribed by the Secretary of State by regulations;
`the prescribed maximum' means such amount as may be prescribed;
`the prescribed period' means forty days or such other period as may be prescribed;
`the relevant day', in relation to a request under this section, means the day on which the data controller receives the request or, if later, the first day on which the data controller has both the required fee and the information referred to in subsection (3).
(11) Different amounts or periods may be prescribed under this section in relation to different cases.
Section 8
(1) The Secretary of State may by regulations provide that, in such cases as may be prescribed, a request for information under any provision of subsection (1) of Section 7 is to be treated as extending also to information under other provisions of that subsection.
(2) The obligation imposed by Section 7(1)(c)(i) must be complied with by supplying the data subject with a copy of the information in permanent form unless:
(a) the supply of such a copy is not possible or would involve disproportionate effort, or
(b) the data subject agrees otherwise;
and where any of the information referred to in section 7(1)(c)(i) is expressed in terms which are not intelligible without explanation the copy must be accompanied by an explanation of those terms.
(3) Where a data controller has previously complied with a request made under Section 7 by an individual, the data controller is not obliged to comply with a subsequent identical or similar request under that section by that individual unless a reasonable interval has elapsed between compliance with the previous request and the making of the current request.
(4) In determining for the purposes of subsection (3) whether requests under Section 7 are made at reasonable intervals, regard shall be had to the nature of the data, the purpose for which the data are processed and the frequency with which the data are altered.
(5) Section 7(1) (d) is not to be regarded as requiring the provision of information as to the logic involved in decision-taking if, and to the extent that, the information constitutes a trade secret.
(6) The information to be supplied pursuant to request under Section 7 must be supplied by reference to the data in question at the time when the request is received, except that it may take account of any amendment or deletion made between that time and the time when the information is supplied, being an amendment or deletion that would have been regardless of the receipt of the request.
(7) For the purposes of Section 7 (4) and (5) another individual can be identified from the information being disclosed if he/she can be identified from that information, or from that and any other information which, in the reasonable belief of the data controller, is likely to be in, or to come into, the possession of the data subject making the request.
Appendix C
National Standard for the release of data to third parties
(I) Introduction
Arguably CCTV is one of the most powerful tools to be developed during recent years to assist with efforts to combat crime and disorder whilst enhancing community safety. Equally, it may be regarded by some as the most potent infringement of people's liberty. If users, owners and managers of such systems are to command the respect and support of the general public, the systems must not only be used with the utmost probity at all times, they must be used in a manner which stands up to scrutiny and is accountable to the very people they are aiming to protect.
The Standards Committee of The CCTV User Group is committed to the belief that everyone has the right to respect for his or her private and family life and their home. Although the use of CCTV cameras has become widely accepted in the UK as an effective security tool, those people who do express concern tend to do so over the handling of the information (data) which the System gathers.
After considerable research and consultation, the following guidance has been adopted as a nationally recommended standard by the Standards Committee of the CCTV User Group and the Local Government Information Unit in consultation with CMG Consultancy.
II General Policy
a) It is strongly recommended that local procedures should be put in place to ensure a standard approach to all requests for the release of data. It is recommended that every request is channelled through the data controller.
Notes
(1) The data controller is the person who (either alone or jointly or in common with other persons) determines the purpose for which and the manner in which any personal data are, or are to be, processed. (In most cases the data controller is likely to be the scheme owner or manager.
III Primary Request To View Data
a) Primary requests to view data generated by a CCTV System are likely to be made by third parties for any one or more of the following purposes:
i) Providing evidence in criminal proceedings (e.g. Police and Criminal Evidence Act 1984, Criminal Procedures & Investigations Act 1996, etc;
ii) Providing evidence in civil proceedings or tribunals
iii) The prevention of crime
iv) The investigation and detection of crime (may include identification of offenders)
v) Identification of witnesses
b) Third parties, which should be required to show adequate grounds for disclosure of data within the above criteria, may include, but are not limited:
i) Police
ii) Statutory authorities with powers to prosecute, (e.g. Customs and Excise; Trading Standards, etc.)
iii) Solicitors
iv) Plaintiffs in civil proceedings
v) Accused persons or defendants in criminal proceedings
vi) Other agencies, (which should be specified in the Code of Practice) according to purpose and legal status(4)
c) Upon receipt from a third party of a bona fide request for the release of data, the scheme owner (or representative) should:
i) Not unduly obstruct a third party investigation to verify the existence of relevant data.
ii) Ensure the retention of data which may be relevant to a request, but which may be pending application for, or the issue of, a court order or subpoena, (it may be appropriate to impose a time limit on such retention which should be notified at the time of the request).
d) In circumstances outlined at Note (3) below, (requests by plaintiffs, accused persons or defendants) the owner, (or nominated representative) should:
i) Be satisfied that there is no connection with any existing data held by the police in connection with the same investigation.
ii) Treat all such enquiries with strict confidentiality.
Notes
(1) The release of data to the police may not be restricted to the civil police but could include, (for example) British Transport Police, Ministry of Defence Police, Military Police, etc. (It may be appropriate to put in place special arrangements in response to local requirements).
(2) Aside from criminal investigations, data may be of evidential value in respect of civil proceedings or tribunals. In such cases a solicitor, or authorised representative of the tribunal, should be required to give relevant information in writing prior to a search being granted. In the event of a search resulting in a requirement being made for the release of data, such release will only be facilitated on the instructions of a court order or subpoena. (It may be considered appropriate to make a charge for this service. In all circumstances data will only be released for lawful and proper purposes).
(3) There may be occasions when an enquiry by a plaintiff, an accused person, a defendant or a defence solicitor falls outside the terms of disclosure or subject access legislation. An example could be the investigation of an alibi. Such an enquiry may not form part of a prosecution investigation. Defence enquiries could also arise in a case where there appeared to be no recorded evidence in a prosecution investigation.
(4) The scheme owner should decide which (if any) “other agencies” might be permitted access to data. Having identified those “other agencies”, such access to data will only be permitted in compliance with this Standard.
IV Secondary Request To View Data
a) A `secondary' request for access to data may be defined as any request being made which does not fall into the category of a primary request. Before complying with a secondary request, the scheme owner should ensure that:
i) The request does not contravene, and that compliance with the request would not breach, current relevant legislation, (e.g. Data Protection, section 163 Criminal Justice and Public Order Act 1994, etc);
ii) Any legislative requirements have been complied with, (e.g. the requirements of the Data Protection Act);
iii) Due regard has been taken of any known case law (current or past) which may be relevant, (e.g. R v Brentwood BC ex p. Peck)
and
iv) The request would pass a test of `disclosure in the public interest'(1)
b) If, in compliance with a secondary request to view data, a decision is taken to release material to a third party, the following safeguard's should be put in place before surrendering the material:
i) In respect of material to be released under the auspices of `crime' prevention', written agreement to the release of the material should be obtained from a police officer, not below the rank of Inspector. The officer should have personal knowledge of the circumstances of the crime/s to be prevented and an understanding of the CCTV System Code of Practice.
ii) If the material is to be released under the auspices of `public well being, health or safety', written agreement to the release of material should be obtained from a senior officer within the Local Authority. The officer should have personal knowledge of the potential to be derived from releasing the material and an understanding of the CCTV System Code of Practice.
c) Recorded material may be used for bona fide training purposes such as police or staff training. Under no circumstances will recorded material be released for commercial sale of material for training or entertainment purposes.
Notes
(1) `Disclosure in the public interest' could include the disclosure of personal data that:
i) provides specific information which would be of value or of interest to the public well being
ii) identifies a public health or safety issue
iii) leads to the prevention of crime
(2) The disclosure of personal data which is the subject of a `live' criminal investigation would always come under the terms of a primary request, (see III above).
V Individual Subject Access under Data Protection Legislation
a) Under the terms of Data Protection legislation, individual access to personal data, of which that individual is the data subject, must be permitted providing:
i) The request is made in writing;
ii) A specified fee is paid for each individual search;
iii) The Data Controller is supplied with sufficient information to satisfy him or herself as to the identity of the person making the request;
iv) The person making the request provides sufficient and accurate information about the time, date and place to enable the data controller to locate the information which that person seeks, (it is recognised that a person making a request is unlikely to know the precise time. Under those circumstances it is suggested that within one hour of accuracy would be a reasonable requirement);
v) The person making the request is only shown information relevant to that particular search and which contains personal data of her or himself only, unless all other individuals who may be identified from the same information have consented to the disclosure;
b) In the event of the scheme owner complying with a request to supply a copy of the data to the subject, only data pertaining to the individual should be copied, (all other personnel data which may facilitate the identification of any other person should be concealed or erased). Under these circumstances an additional fee may be payable.
c) The owner is entitled to refuse an individual request to view data under these provisions if insufficient or inaccurate information is provided, (However every effort should be made to comply with subject access procedures and each request should be treated on its own merit).
d) In addition to the principles contained within the Data Protection legislation, the data controller should be satisfied that the data is:
i) Not currently and, as far as can be reasonably ascertained, not likely to become, part of a `live' criminal investigation;
ii) Not currently and, as far as can by reasonably ascertained, not likely to become, relevant to civil proceedings;
iii) Not the subject of a complaint or dispute which has not been actioned;
iv) The original data and that the audit trail has been maintained;
v) Not removed or copied without proper authority;
vi) For individual disclosure only (i.e. to be disclosed to a named subject)
VI Process of Disclosure:
a) Verify the accuracy of the request;
b) Replay the data to the requestee only, (or responsible person acting on behalf of the person making the request);
c) The viewing should take place in a separate room and not in the control or monitoring area. Only data which is specific to the search request should be shown
d) It must not be possible to identify any other individual from the information being shown, (any such information should be blanked-out, either by means of electronic screening or manual editing on the monitor screen.
e) If a copy of the material is requested and there is no on-site means of editing out other personal data, then the material should be sent to an editing house for processing prior to being sent to the requestee.
Note
(1) The scheme owner is likely to breach Data Protection legislation if a person making a subject access request is able to identify any other individual from the information being disclosed. However a television image is two dimensional and the majority of CCTV schemes do not have immediate access to the necessary technology to blank out or remove `other data'. It is recommended that the advice of the Data Protection Registrar's office is sought in respect of any method which it is proposed should be adopted.
VII Media disclosure
a) In the event of a request from the media for access to recorded material, the procedures outlined under `secondary request to view data' should be followed. If material is to be released the following procedures should be adopted:
i) The release of the material must be accompanied by a signed release document that clearly states what the data will be used for and sets out the limits on its use.
ii) The release form should state that the receiver must process the data in a manner prescribed by the data controller, e.g. specify identities/data that must not be revealed.
iii) It may also require that proof of editing must be passed back to the data controller, either for approval or final consent, prior to its intended use by the media (protecting the position of the data controller who would be responsible for any infringement of Data Protection legislation and the System's Code of Practice);
iv) The release form should be considered a contract and signed by both parties.
Notes
(1) In the well publicised case of R V Brentwood Borough Council, ex parte Geoffrey Dennis Peck, (QBD November 1997), the judge concluded that by releasing the video footage, the Council had not acted unlawfully. A verbal assurance that the broadcasters would mask the identity of the individual had been obtained. Despite further attempts by the Council to ensure the identity would not be revealed, the television company did in fact broadcast footage during which the identity of Peck was not concealed. The judge concluded that tighter guidelines should be considered to void accidental broadcast in the future.
VIII Principles
In developing this national standard for the release of data to third parties, it is intended, as far as reasonably practicable, to safeguard the individual's rights to privacy and to give effect to the following principles:
a) Recorded material should be processed lawfully and fairly and used only for the purposes defined in the Code of Practice for the CCTV Scheme;
b) Access to recorded material should only take place in accordance with this Standard and the Code of Practice;
c) The release or disclosure of data for commercial or entertainment purposes should be specifically prohibited.
Appendix C
National Standard for the release of data to third parties
(I) Introduction
Arguably CCTV is one of the most powerful tools to be developed during recent years to assist with efforts to combat crime and disorder whilst enhancing community safety. Equally, it may be regarded by some as the most potent infringement of people's liberty. If users, owners and managers of such systems are to command the respect and support of the general public, the systems must not only be used with the utmost probity at all times, they must be used in a manner which stands up to scrutiny and is accountable to the very people they are aiming to protect.
The Standards Committee of The CCTV User Group is committed to the belief that everyone has the right to respect for his or her private and family life and their home. Although the use of CCTV cameras has become widely accepted in the UK as an effective security tool, those people who do express concern tend to do so over the handling of the information (data) which the System gathers.
After considerable research and consultation, the following guidance has been adopted as a nationally recommended standard by the Standards Committee of The CCTV User Group and the Local Government Information Unit in consultation with CMG Consultancy.
II General Policy
a) It is strongly recommended that local procedures should be put in place to ensure a standard approach to all requests for the release of data. It is recommended that every request be channelled through the data controller.
III Primary Request to View Data
a) Primary requests to view data generated by a CCTV System are likely to be made by third parties for anyone or more of the following purposes:
i) Providing evidence in criminal proceedings (e.g. Police and Criminal Evidence Act 1984, Criminal Procedures & Investigations Act 1996, etc.);
ii) Providing evidence in civil proceedings or tribunals
iii) The prevention of crime
iv) The investigation and detection of crime (may include identification of offenders)
v) Identification of witnesses
b) Third parties, which should be required to show adequate grounds for disclosure of data within the above criteria, may include, but are not limited to:
i) Police
ii) Statutory authorities with powers to prosecute, (e.g. Customs and Excise; Trading Standards, etc.)
iii) Solicitors
iv) Plaintiffs in civil proceedings
v) Accused persons or defendants in criminal proceedings
vi) Other agencies, (which should be specified in the Code of Practice) according to purpose and legal status.
c) Upon receipt from a third party of a bona fide request for the release of data, the scheme owner (or representative) should:
i) Not unduly obstruct a third party investigation to verify the existence of relevant data.
ii) Ensure the retention of data which may be relevant to a request, but which may be pending application for, or the issue of, a court order or subpoena, (it may be appropriate to impose a time limit on such retention which should be notified at the time of the request).
d) In circumstances outlined at Note (3) below, (requests by plaintiffs, accused persons or defendants) the owner, (or nominated representative) should:
i) Be satisfied that there is no connection with any existing data held by the police in connection with the same investigation.
ii) Treat all such enquiries with strict confidentiality.
IV Secondary Request to View Data
a) A `secondary' request for access to data may be defined as any request being made which does not fall into the category of a primary request. Before complying with a secondary request, the scheme owner should ensure that:
(i) The request does not contravene, and that compliance with the request would not breach, current relevant legislation, (e.g. Data Protection, Section 163 Criminal Justice and Public Order Act 1994, etc);
(ii) Any legislative requirements have been complied with, (e.g. the requirements of the Data Protection Act);
iii) Due regard has been taken of any known case law (current or past) which may be relevant, (e.g. R V Brentwood BC ex p. Peck)
and
iv) The request would pass a test of `disclosure in the public interest'
b) If, in compliance with a secondary request to view data, a decision is taken to release material to a third party, the following safeguards should be put in place before surrendering the material:
i) In respect of material to be released under the auspices of `crime prevention', written agreement to the release of the material should be obtained from a Police Officer, not below the rank of Inspector. The Officer should have personal knowledge of the circumstances of the crime/s to be prevented and an understanding of the CCTV System Code of Practice.
ii) If the material is to be released under the auspices of `public well being, health or safety', written agreement to the release of material should be obtained from a senior officer within the Local Authority. The officer should have personal knowledge of the potential benefit to be derived from releasing the material and an understanding of the CCTV System Code of Practice.
c) Recorded material may be used for bona fide training purposes such as police or staff training. Under no circumstances will recorded material be released for commercial sale of material for training or entertainment purposes.
v) Individual Subject Access under Data Protection legislation
a) Under the terms of Data Protection legislation, individual access to personal data, of which that individual is the data subject, must be permitted providing:
i) The request is made in writing;
ii) A specified fee is paid for each individual search;
iii) The Data Controller is supplied with sufficient information to satisfy him or herself as to the identity of the person making the request;
iv) The person making the request provides sufficient and accurate information about the time, date and place to enable the data controller to locate the information which that person seeks, (it is recognised that a person making a request is unlikely to know the precise time. Under those circumstances it is suggested that within one hour of accuracy would be a reasonable requirement);
b) In the event of the scheme owner complying with a request to supply a copy of the data to the subject, only data pertaining to the individual should be copied, (all other personal data which may facilitate the identification of any other person should be concealed or erased). Under these circumstances an additional fee may be payable.
c) The owner is entitled to refuse an individual request to view data under these provisions if insufficient or inaccurate information is provided, (However every effort should be made to comply with subject access procedures and each request should be treated on its own merit).
d) In addition to the principles contained within the Data Protection legislation, the data controller should be satisfied that the data is:
i) Not currently and, as far as can be reasonably ascertained, not likely to become, part of a `live' criminal investigation;
ii) Not currently and, as far as can be reasonably ascertained, not likely to become, relevant to civil proceedings;
iii) Not the subject of a complaint or dispute which has not been actioned;
iv) The original data and that the audit trail has been maintained;
v) Not removed or copied without proper authority;
vi) For individual disclosure only (i.e. to be disclosed to a named subject)
VI Process of Disclosure:
a) Verify the accuracy of the request;
b) Replay the data to the requestee only, (or responsible person acting on behalf of the person making the request);
c) The viewing should take place in a separate room and not in the control or monitoring area. Only data that is specific to the search request should be shown
d) It must not be possible to identify any other individual from the information being shown, (any such information should be blanked-out, either by means of electronic screening or manual editing on the monitor screen.
e) If a copy of the material is requested and there is no on-site means of editing out other personal data, then the material should be sent to an editing house for processing prior to being sent to the requestee.
VII Media disclosure
a) In the event of a request from the media for access to recorded material, the procedures outlined under `secondary request to view data' should be followed. If material is to be released the following procedures should be adopted:
i) The release of the material must be accompanied by a signed release document that clearly states what the data will be used for and sets out the limits on its use.
ii) The release form should state that the receiver must process the data in a manner prescribed by the data controller, e.g. specify identities/data that must not be revealed
iii) It may also require that proof of editing must be passed back to the data controller, either for approval or final consent, prior to its intended use by the media (protecting the position of the data controller who would be responsible for any infringement of Data Protection legislation and the System's Code of Practice);
iv) The release form should be considered a contract and signed by both parties
VIII Principles
In developing this national standard for the release of data to third parties, it is intended, as far as reasonably practicable, to safeguard the individual's rights to privacy and to give effect to the following principles:
a) Recorded material should be processed lawfully and fairly and used only for the purposes defined in the Code of Practice for the CCTV scheme;'
b) Access to recorded material should only take place in accordance with this Standard and the Code of Practice;
c) The release or disclosure of data for commercial or entertainment purposes should be specifically prohibited.
Appendix D
Restricted Access Notice
WARNING
ACCESS TO THIS AREA IS
RESTRICTED
Everyone, regardless of status, entering this area is required to complete an entry in the Visitors Book
Visitors are advised to note the following confidentiality clause and entry is conditional on acceptance of that clause
Confidentiality clause:
`In being permitted entry to this area you are acknowledging that the precise location of the CCTV monitoring room is, and should remain, confidential. You agree not to divulge any information obtained, overheard or overseen during your visit'
An entry accompanied by your signature in the visitors book is your acceptance of these terms'
2
Redcar and Cleveland Borough Council - CCTV Code of Practice