CCTV (and other related devices) Policy

Contents

Please use the links below to navigate to relevant sections of this policy

Introduction

We own and operate CCTV systems at various locations within its offices, facilities, and town centres. This also applies to any other systems and or devices that record including, but not limited to, mobile phones, iPads, dash cams, body worn cameras, drones, and biometrics. We recognise our legal obligations in operating such systems and the rights and freedoms of those individuals, including its staff, service users and visitors, whose images may be captured by the systems. We are always committed to operating CCTV systems fairly and lawfully in accordance with, in particular, data protection and human rights laws.

We consider that CCTV systems have a legitimate role to play in helping maintain a safe and secure environment for staff, service users, members of the public and visitors. Images captured by CCTV systems are personal data which must be handled and used by ourselves in accordance with data protection and human rights laws. This applies to any other party acting on our behalf to help us operate CCTV systems.

This Policy outlines why and how we use CCTV systems, how we will handle and use personal data recorded by its CCTV systems, how we will respond to requests for disclosure of captured images and for how long we will retain captured images.

Objectives

We will comply with the following principles prior to and when installing and operating CCTV systems within its offices, vehicles, facilities, and town centres:

  • CCTV systems will only be installed and operated where there is a clear identified and documented need and legal basis for their use.
  • Data protection will be the principal consideration when procuring new CCTV systems or if changes are to be introduced to existing systems by way of operation or the underlying technology. Dummy CCTV systems should be considered to determine if this will achieve the purpose without the need to capture individuals.
  • CCTV systems will only be installed and operated after a data protection impact assessment (DPIA) has been undertaken and approved. This assessment is subject to security assurance checks being undertaken through a Third-Party Assurance Form.
  • CCTV systems will be located to ensure that only necessary areas are captured by the systems and to minimise the capture of areas not relevant to the purposes for which the system has been installed.
  • CCTV systems will not capture sound. Bodycams however capture sound when activated.
  • CCTV systems will only capture images of a suitable quality for the purposes for which the systems have been installed.
  • Appropriate technical and organisational measures will be put in place to ensure the security of CCTV systems and captured images and to protect systems from vandalism. Controls will be implemented to govern access and use of such images by authorised personnel only throughout the lifecycle of the system.
  • Appropriate measures will be taken to provide clear signage and information to individuals whose images are captured by the CCTV systems.
  • Captured images will only be retained for as long as is necessary for the purposes for which the CCTV systems have been installed.

Reasons for use 

We use CCTV systems for its legitimate business purposes, including:

  • To prevent and detect (and act as a deterrent against) crime and anti-social behaviour, to protect buildings and assets from damage, disruption, vandalism, and other crime and to apprehend and prosecute offenders.
  • For the personal safety of staff, visitors, and other members of the public from unacceptable behaviour, including aggressive or abusive actions; and
  • To ensure general compliance with relevant legal obligations, including ensuring the health and safety of staff and others.

How we will operate CCTV

We will operate its CCTV systems, capture images, and use captured images in accordance with the requirements of data protection and human rights laws.

We will ensure that clear and prominent signs are displayed at the entrance of the area in which CCTV systems are in operation to alert individuals that their images may be captured. The signs will contain details of ourselves as the organisation operating the systems, the purpose for which we have installed and uses the systems and will provide contact details for further information.

The security and integrity of captured images will be ensured by live feeds from CCTV systems and captured images only being viewed, accessed, and stored by staff (and any other third party) who have authority to do so.

Staff responsible for operating the CCTV systems will exercise care when using the systems. This includes positioning CCTV cameras to not overlook areas that are not intended to be captured and operating the systems, professionally and lawfully, with respect for colleagues and the public and in accordance with this Policy

Request for disclosure of captured images by third parties

No images captured by our CCTV system will be disclosed to any third party, unless they are required for crime prevention and detection, the apprehension and prosecution of offenders, legal proceedings or by court order. All requests must be submitted on the third parties’ data protection request template. No captured images will be posted online or disclosed to the media.

Ourselves, in adherence with its Data Sharing Code of Practice, retain detailed records of the following when determining whether captured images should  or should not  be shared to third parties:

  • Date and time at which access was allowed.
  • Identification of any third party who was allowed access.
  • Reasons for allowing (or not allowing) access.
  • Legal basis for allowing access; and
  • Details of the captured images to which access was allowed.

Individual requests for access to or erasure of captured images

Data protection laws grant rights to individuals in relation to their personal data. This includes rights to request access to, and erasure of their images captured by our CCTV systems.

To allow ourselves to handle and respond to requests and locate relevant captured images, requests must include:

  • Date and time of the recording.
  • Location where the images were captured; and
  • Information to permit identification of the individual, if necessary.
  • In the case of access requests, individuals will be asked if they would like a copy or only, if appropriate, wish to view the captured images. Any copy of captured footage may be provided in the form of a media clip or stills. Any viewings of captured images will take place at our offices, where appropriate, and will be monitored.
  • We retain copyright in all images captured by its CCTV systems. Any further use or publication of images provided to an individual in response to an access request is prohibited unless the individual obtains authorisation from the Council.
  • We are entitled to refuse access to captured images in limited circumstances, such as where disclosure would prejudice the prevention or detection of crime or the prosecution of offenders. Where captured images have been passed to the Police or the Procurator Fiscal, an access request from an individual will be refused until such time as we have been notified that no proceedings will be taken, or proceedings have concluded. In some instances, it may be appropriate to neither confirm nor deny whether such captured footage exists or is held.
  • We will edit, disguise or blur images of third parties when disclosing or providing access to captured images in response to an access request to protect the interests of third parties (including staff) captured in the images.

Data Protection Impact Assessment (DPIA)

Prior to introducing (purchasing) a new CCTV system, placing a CCTV system in a new location, or implementing changes in how the CCTV system operates or the underlying technology, We will undertake a DPIA to assess compatibility with the requirement of data protection law. The DPIA will assist ourselves in deciding if the new system, new location or changes in operation or technology are necessary and proportionate to  the circumstances, whether they should be used or if limitations should be placed on their use in the light of associated risks.

Retention of captured images

Images captured by our CCTV system will be securely deleted (from all locations) unless retention is required for an ongoing issue, for example, the apprehension and prosecution of offenders or to respond to a request made by an individual under data protection law. In those situations, captured images will be retained for as long as necessary for those purposes.

Complaints

Complaints about the use of our CCTV systems, for example, inappropriate access or retention of captured images, should be forwarded to the Data Protection Officer via email on dataprotection@scotborders.gov.uk in the first instance. Data protection complaints may be shared and raised with the UK Information Commissioner’s Office (UK ICO).

Any other complaint should be forwarded to the service concerned to handle in accordance with our Complaints Policy. Other complaints may be raised by complainants with the Scottish Public Services Ombudsman (SPSO).

Consequences of failure to comply

We take compliance with this Policy very seriously. Whilst the Policy refers to use of CCTV systems throughout, this Policy also applies to any other systems and or devices that record including but not limited to mobile phones, iPads, dash cams, body worn cameras, drones, and biometrics. Failure to comply with the Policy puts at risk individuals whose images are captured by the CCTV systems and carries the risk of sanctions for ourselves and could result in significant reputational damage.

Other procedures and guidance

View our Data Protection Code of Practice

View the other CCTV supporting documents on our website

Further information

Any questions or concerns about this Policy should be directed to the Information Management Team: Information Manager, Council Headquarters, Newtown St Boswells, TD6 0SA or by email on dataprotection@scotborders.gov.uk.