CCTV Policy. Policy reviewed by Academy Transformation Trust on June This policy links to: T:Drive. Safeguarding Policy Data Protection Policy

Similar documents
CCTV Policy. Policy reviewed by Academy Transformation Trust on June This policy links to: Safeguarding Policy Data Protection Policy

PRIVACY IMPACT ASSESSMENT

PRIVACY IMPACT ASSESSMENT CONDUCTING A PRIVACY IMPACT ASSESSMENT ON SURVEILLANCE CAMERA SYSTEMS (CCTV)

2018 / Photography & Video Bell Lane Primary School & Children s Centre

Protection of Privacy Policy

Photography and Videos at School Policy

This policy sets out how Legacy Foresight and its Associates will seek to ensure compliance with the legislation.

Privacy Impact Assessment on use of CCTV

Images Policy September 2017

Use of Pupils Images Policy This policy applies to all pupils, including those in EYFS

Privacy Policy SOP-031

Striving for Excellence. Ark Oval Primary Academy

Use of Camera and Mobile Policy. Use of Camera and Mobile Phone Policy

Robert Bond Partner, Commercial/IP/IT

Policies for the Commissioning of Health and Healthcare

Mellor Community Primary School Policy for Photographs and Photography

Mansfield & Ashfield Clinical Commissioning Group Newark & Sherwood Clinical Commissioning Group DISCIPLINARY POLICY

IET Guidelines for Volunteers: Data Protection

EXIN Privacy and Data Protection Foundation. Preparation Guide. Edition

GDPR Awareness. Kevin Styles. Certified Information Privacy Professional - Europe Member of International Association of Privacy professionals

First Components Ltd, Savigny Oddie Ltd, & Datum Engineering Ltd. is pleased to provide the following

Privacy Policy. Catalyst.Net Limited. Version 1.0

Ocean Energy Europe Privacy Policy

Use of Photographs (Senior School) Policy

Data Protection and Information Security. Photography and Filming - Guidelines for the use of Personal Data

Newland House School DIGITAL IMAGE POLICY. This Policy applies to all sections of the school, including the Early Years Foundation Stage.

Biometric Data, Deidentification. E. Kindt Cost1206 Training school 2017

Should privacy impact assessments be mandatory? David Wright Trilateral Research & Consulting 17 Sept 2009

Information Governance Policy

Management of Unacceptable Behaviour On School Transport A COMMON APPROACH

Photography Policy: Taking, storing and using images

NHS SOUTH NORFOLK CLINICAL COMMISSIONING GROUP COMMUNICATIONS AND ENGAGEMENT STRATEGY

Continuing Healthcare Patient Choice and Resource Allocation Policy

2

Barnardo s Gender Pay Gap Report

IAB Europe Guidance THE DEFINITION OF PERSONAL DATA. IAB Europe GDPR Implementation Working Group WHITE PAPER

Gender Pay Gap Report - Overview

Diana Gordick, Ph.D. 150 E Ponce de Leon, Suite 350 Decatur, GA Health Insurance Portability and Accountability Act (HIPAA)

o membership details including when you signed up to be a member and any date you decide to leave us;

Corporate Services. Yes. Chief Executive Officer. Head of Legal and Compliance. Policy and Compliance Officer

The EU's new data protection regime Key implications for marketers and adtech service providers Nick Johnson and Stephen Groom 11 February 2016

I hope you will find these comments constructive and helpful.

British Triathlon Guidelines for the Use of Photographic & Video Images of Children/Young People under the age of 18

DEVON & CORNWALL C O N S T A B U L A R Y

Staffordshire Police

Paola Bailey, PsyD Licensed Clinical Psychologist PSY# 25263

Privacy Procedure SOP-031. Version: 04.01

NHS CONTINUING HEALTH CARE:

Personal Data Protection Competency Framework for School Students. Intended to help Educators

Dilworth Trust Board Submission- Taxation (Annual Rates, Employee Allowances and Remedial Matters) Bill

NHS Lanarkshire s Equal Pay Statement and Pay Information 2017

Notice of Privacy Practices

GSA SUMMARY REPORT OF EQUALITY CONSIDERATION AND ASSESSMENT OF EQUALITY IMPACT. PGT Ethics Policy. New: Existing/Reviewed: Revised/Updated:

Led by clinicians, accountable to local people. East Lancashire Clinical Commissioning Group: Equality & Inclusion Annual Report

Workforce and Governing Body Members Equality Information (incorporating the WRES progress report) For further information please contact:

Privacy Impact Assessments

Employees, contractors and other personnel of KKR should note that a separate privacy notice will be made available to them.

Guidelines for the Stage of Implementation - Self-Assessment Activity

DRAFT South Wales Police Privacy Impact Assessment

Taking the Pulse. How well are you supported?

GENDER PAY GAP REPORT 2017 SAFER, SMARTER, GREENER

NOTIFICATION FOR PRIOR CHECKING INFORMATION TO BE GIVEN(2)

Privacy Policy Framework

Anonymous registration: Supporting survivors of domestic abuse to register to vote

UK Research and Innovation. Counter Fraud and Bribery Policy

About the Office of the Australian Information Commissioner

This Privacy Policy describes the types of personal information SF Express Co., Ltd. and

Hong Kong Personal Data Protection Regulatory Framework From Compliance to Accountability

ISO/IEC INTERNATIONAL STANDARD. Information technology Security techniques Privacy framework

Registration as a Northern Ireland qualified pharmacist

ARTICLE 29 Data Protection Working Party

Christina Narensky, Psy.D.

GENDER PAY GAP REPORT

What does the revision of the OECD Privacy Guidelines mean for businesses?

Merton Clinical Commissioning Group Constitution. [29 May] 2012

Submission to the Governance and Administration Committee on the Births, Deaths, Marriages, and Relationships Bill

Vital Records Data Practices Manual

1 SERVICE DESCRIPTION

Danielle Vanderzanden

ONR Strategy 2015 to 2020

Australian Census 2016 and Privacy Impact Assessment (PIA)

GATEWAY TO LEVEL 2 EXCELLENCE IN SAFEGUARDING

Contact with the media

Honourable Guests, Ladies and Gentlemen, In April 1995, the Personal Data (Privacy) Bill was introduced into the Legislative Council.

Herts Valleys Clinical Commissioning Group. Review of NHS Herts Valleys CCG Constitution

THE UNIVERSITY OF AUCKLAND INTELLECTUAL PROPERTY CREATED BY STAFF AND STUDENTS POLICY Organisation & Governance

ARTS LAW CENTRE OF AUSTRALIA

Your information - but is it really yours?

Presentation Outline

Building DIGITAL TRUST People s Plan for Digital: A discussion paper

Dr Nicholas J. Gervassis University of Plymouth THE EMERGING UK DATA PROTECTION FRAMEWORK AND BEYOND

Managing Information Systems Seventh Canadian Edition. Laudon, Laudon and Brabston. CHAPTER 4 Social, Ethical, and Legal Issues in the Digital Firm

Gender pay gap reporting

Castan Centre for Human Rights Law Faculty of Law, Monash University. Submission to Senate Standing Committee on Economics

The GDPR and Upcoming mhealth Code of Conduct. Dr Etain Quigley Postdoctoral Research Fellow (ARCH, UCD)

2018 Census Independent Privacy Impact Assessment 7 July Trust An independent assessment. Privacy

CARAPELLI FOR ART COMPETITION RULES AND REGULATIONS

Interest Balancing Test Assessment on the processing of the copies of data subjects driving licences for the MOL Limo service

Re: Review of Market and Social Research Privacy Code

NHS South Kent Coast. Clinical Commissioning Group. Complaints, Comments and Compliments Policy

Transcription:

CCTV Policy Policy reviewed by Academy Transformation Trust on June 2018 This policy links to: Safeguarding Policy Data Protection Policy Located: T:Drive Review Date May 2019

Our Mission To provide the very best education for all pupils and the highest level of support for our staff to ensure every child leaves our academies with everything they need to reach their full potential. We promise to do everything we can to give children the very best education that gives them the best opportunity to succeed in life. All of our academies have it in them to be outstanding and achieving this comes down to our commitment to our pupils, staff and academies. Our commitment We are committed to taking positive action in the light of the Equality Act 2010 with regard to the needs of people with protected characteristics. These are age, disability, pregnancy and maternity, religion and belief, race, sex, sexual orientation, gender reassignment and marriage and civil partnership. We will continue to make reasonable adjustments to avoid anyone with a protected characteristic being placed at a disadvantage. We will measure the success of our commitment in this policy by analysing bullying logs and actions in our academies to reduce or eliminate incidents of bullying. 2

Contents 1 Policy statement 4 2 Purpose of CCTV 4 3 Description of system 4 4 Sitting of cameras 4 5 Privacy Impact Assessment 5 6 Management and access 5 7 Storage and retention of images 5 8 Disclosure of images to data subjects 6 9 Disclosure of images to third parties 7 10 Review of policy and CCTV system 7 11 Misuse of CCTV systems 8 12 Complaints relating to this policy 8 Appendix 1 CCTV Privacy Impact Assessment Template 9 3

This policy may be used by any Academy in relation to any CCTV system operated by them. A key element in the assessment of lawful use of CCTV systems is the privacy impact assessment (PIA) conducted in relation to those systems setting out the justification for the system and its compliance with data protection legislation. If the Academy has not conducted such an assessment then this must be conducted now, and this template policy amended to take account of the outcome of that assessment. The Academy should do this with an open mind, including considering whether any existing cameras should be removed or the system modified in any way. 1 Policy statement 1.1 The Hathaway Academy uses Close Circuit Television (CCTV) within the premises of the Academy. The purpose of this policy is to set out the position of the Academy as to the management, operation and use of the CCTV at the Academy. 1.2 This policy applies to all members of our Workforce, visitors to the Academy premises and all other persons whose images may be captured by the CCTV system. 1.3 This policy takes account of all applicable legislation and guidance, including: General Data Protection Regulation (GDPR) Data Protection Act 2018 (together with the Data Protection Legislation) CCTV Code of Practice produced by the Information Commissioner Human Rights Act 1998. 1.4 This policy sets out the position of the Academy in relation to its use of CCTV. 2 Purpose of CCTV 2.1 The academy uses CCTV for the following purposes: To provide a safe and secure environment for pupils, staff and visitors To prevent the loss of or damage to the academy buildings and/or assets To assist in the prevention of crime and assist law enforcement agencies in apprehending offenders 3 Description of system 3.1 90 cameras, 6 NVR s installed within a fibre IP network that is separate to the academy s and accessed by a main security server and client software installed on selected staff PC s 4 Sitting of cameras 4

4.1 All CCTV cameras will be sited in such a way as to meet the purpose for which the CCTV is operated. Cameras will be sited in prominent positions where they are clearly visible to staff, pupils and visitors. 4.2 Cameras will not be sited, so far as possible, in such a way as to record areas that are not intended to be the subject of surveillance. The Academy will make all reasonable efforts to ensure that areas outside of the Academy premises are not recorded. 4.3 Signs will be erected to inform individuals that they are in an area within which CCTV is in operation. 4.4 Cameras will not be sited in areas where individual have a heightened expectation of privacy, such as changing rooms or toilets. 5 Privacy Impact Assessment 5.1 Prior to the installation of any CCTV camera, or system, a privacy impact assessment will be conducted by the Academy to ensure that the proposed installation is compliant with legislation and ICO guidance. 5.2 The Academy will adopt a privacy by design approach when installing new cameras and systems, taking into account the purpose of each camera so as to avoid recording and storing excessive amounts of personal data. 6 Management and access 6.1 The CCTV system will be managed by the Estates Team, ICT Support and Principal. 6.2 On a day-to-day basis, the CCTV system will be operated by the Estates team and selected delegated senior staff. 6.3 The viewing of live CCTV images will be restricted to delegated staff as nominated by the Principal. 6.4 Recorded images which are stored by the CCTV system will be restricted to access by delegated staff as nominated by the Principal. 6.5 No other individual will have the right to view or access any CCTV images unless in accordance with the terms of this policy as to disclosure of images. 6.6 The CCTV system is checked daily by the Estates team to ensure that it is operating effectively. 7 Storage and retention of images 5

7.1 Any images recorded by the CCTV system will be retained only for as long as necessary for the purpose for which they were originally recorded. 7.2 Recorded images are stored only for a period of 14 days, unless there is a specific purpose for which they are retained for a longer period. 7.3 The Academy will ensure that appropriate security measures are in place to prevent the unlawful or inadvertent disclosure of any recorded images. The measures in place include: CCTV recording system being located in restricted assess areas The CCTV system being encrypted/password protected Restriction of the ability to make copies to specified members of staff 7.4 Any log of any access to the CCTV images, including time and dates of access and a record of the individual accessing the images, will be maintained by the Academy. 8 Disclosure of images to data subjects 8.1 Any individual recorded in any CCTV image is a data subject for the purposes of the Data Protection Legislation and has a right to request access to those images. 8.2 Any individual who requests access to images of themselves will be considered to have made a subject access request pursuant to the Data Protection Legislation. Such a request should be considered in the context of Academy Transformation Trust s Subject Access Request Policy. 8.3 When such a request is made the Estates Team, ICT Support and Principal will review the CCTV footage, in respect of relevant time periods where appropriate, in accordance with the request. 8.4 If the footage contains only the individual making the request, then the individual may be permitted to view the footage. This must be strictly limited to that footage which contains only images of the individual making the request. The Estates Team, ICT Support and Principal must take appropriate measures to ensure that the footage is restricted in this way. 8.5 If the footage contains images of other individuals, then the Academy must consider whether: The request requires the disclosure of the images of individuals other than the requester (e.g. whether the images can be distorted so as not to identify other individuals) The other individuals in the footage have consented to the disclosure of the images, or their consent should be obtained If not, then whether it is otherwise reasonable in the circumstances to disclose those images to the individual making the request. 8.6 A record must be kept, and held securely, of all disclosures which sets out: 6

When the request was made The process followed by [insert individual with access to CCTV] in determining whether the images contained their parties The considerations as to whether to allow access to those images The individuals that were permitted to view the images and when Whether a copy of the images was provided, and if so, to whom, when and in what format. [Please note that when a subject access request is made then, unless an exemption applies (such as in relation to third party data that it would be unreasonable to disclose) then the requester is entitled to a copy in a permanent form. We have referred only to access as opposed to a permanent copy as the Academy may consider it preferable in certain circumstances to seek to allow access to images by viewing in the first instance without providing copies of images. If an individual agrees to viewing the images only then a permanent copy does not need to be provided. However, if a permanent copy is requested then this should be provided unless to do so is not possible or would involve disproportionate effort]. 9 Disclosure of images to third parties 9.1 The Academy will only disclose recorded CCTV images to third parties where it is permitted to do so in accordance with the Data Protection Legislation. 9.2 CCTV images will only be disclosed to law enforcement agencies in line with the purposes for which the CCTV system is in place. 9.3 If a request is received form a law enforcement agency for disclosure of CCTV images, then the Estates Team, ICT Support and Principal must follow the same process as above in relation to subject access requests. Detail should be obtained from the law enforcement agency as to exactly what they want the CCTV images for, and any particular individuals of concern. This will then enable proper consideration to be given to what should be disclosed, and the potential disclosure of any third-party images. 9.4 The information above must be recorded in relation to any disclosure. 9.5 If an order is granted by a Court for disclosure of CCTV images, then this should be complied with. However very careful consideration must be given to exactly what the Court order requires. If there are any concerns as to disclosure, then the Data Protection Officer should be contacted in the first instance and appropriate legal advice may be required. 10 Review of policy and CCTV system 10.1 This policy will be reviewed annually. 10.2 The CCTV system and the privacy impact assessment relating to it will be reviewed annually. 7

[The privacy impact assessment (PIA) relating to the system should be reviewed regularly to ensure that the use of any CCTV system continues to be justified and is compliant with legal requirements. The Academy should ensure that it has procedures in place to ensure that the CCTV system is regularly reviewed]. 11 Misuse of CCTV systems 11.1 The misuse of CCTV systems could constitute a criminal offence. 11.2 Any member of staff who breaches this policy may be subject to disciplinary action. 12 Complaints relating to this policy 12.1 Any complaints relating to this policy or the CCTV system operated by the Academy should be made in accordance with the Academy s Complaints Policy. 8

Appendix 1 CCTV Privacy Impact Assessment Template 1 Who will be captured on CCTV? [Pupils, staff, parents / carers, volunteers, Governors and other visitors including members of the public etc] 2 What personal data will be processed? [Facial Images, behaviour, sound, etc] 3 What are the purposes for operating the CCTV system? Set out the problem that the Academy is seeking to address and why the CCTV is the best solution and the matter cannot be addressed by way of less intrusive means. [Prevention or detection of crime etc] 4 What is the lawful basis for operating the CCTV system? [Legal Obligation, legitimate interests of the organisation to maintain health and safety and to prevent and investigate crime] 5 Who is/are the named person(s) responsible for the operation of the system? 6 Describe the CCTV system, including: a. how this has been chosen to ensure that clear images are produced so that the images can be used for the purpose for which they are obtained; b. siting of the cameras and why such locations were chosen; 9 c. how cameras have been sited to avoid capturing images which are not necessary for the purposes of the CCTV system;

d. where signs notifying individuals that CCTV is in operation are located and why those locations were chosen; and e. whether the system enables third party data to be redacted, for example via blurring of details of third party individuals. 7 Set out the details of any sharing with third parties, including processors [Police, subject access, etc. Careful consideration should be given to whether any provider is used in relation to the CCTV system and the access they might have to images. Will those processors send this data outside of the EEA, for example for storage in a cloud based system?] 8 Set out the retention period of any recordings, including why those periods have been chosen 9 Set out the security measures in place to ensure that recordings are captured and stored securely 10 What are the risks to the rights and freedoms of individuals who may be captured on the CCTV recordings? For example: Is it fair to record them in the way proposed? How is the amount of data processed to be minimised? What are the risks of the system being accessed unlawfully? What are the potential data breach risks? What are the risks during any transfer of recordings, or when disclosed to third parties such as the police? 10

11 What measures are in place to address the risks identified? 12 Have parents and pupils where appropriate been consulted as to the use of the CCTV system? If so, what views were expressed and how have these been accounted for? 13 When will this privacy impact assessment be reviewed? Approval: This assessment was approved by the Data Protection Lead: DPL: Date: 11

2024 © hobbydocbox.com Privacy Policy | Terms of Service | Feedback