Document Control for Bassetlaw District Council
|Organisation||Bassetlaw District Council|
|Title||CCTV Code of Practice|
|Author||David Armiger, Gerald Connor & Lesley Bianco|
|Review Date||November 16|
|Revision Date||Reviser||Previous Version||Description of Revision|
|Document Approvals: This document requires the following approvals|
|Sponsor of Approval||Name||Date|
|BDC Director of Corporate Services||Ros Theakstone|
|BDC SMT||All SMT|
This Framework Code of Practice is based upon a draft upon a draft code prepared by:
The Standards Committee of the CCTV User Group
PO Box 6023
- Introduction and Objectives
- Statement of Purpose and Principles
- Privacy and Data Protection
- Accountability and Public Information
- Assessment of the System and the Code of Practice
- Human Resources
- Control and Operation of the Cameras
- Access to and Security of, Control Room and/or Associated Equipment
- Management of Recorded Material
- Intrusive / Directed surveillance
- Redeployable CCTV
- Appendix A - Key Personnel and their Responsibilities
- Appendix B - Extracts from the Data Protection Act, 1998
- Appendix C - National Standard for the Release of Data to Third Parties
- Appendix D - Restricted Access Notice
In conjunction with this document please refer to the new ICO Code of Practice version 1.2 (external link to ICO)
A digital monitored camera system known commonly as Closed Circuit Television (CCTV), operates within the overall public spaces of the District of Bassetlaw. The system, which is known as the ‘Bassetlaw CCTV System’, comprises of a number of cameras installed at strategic locations, which includes cameras that are fully operational with pan, tilt and zoom facilities and some which are fixed cameras. There are recording or control facilities at the monitoring room. In addition the system has the capacity to operate a mobile/re-locatable system (see Section 11) as well as an I.P. (Broadband Internet) System.
The Bassetlaw CCTV System has evolved from the formation of an old partnership between Bassetlaw District Council and the Business Community. The new partnerships for the purpose of this document are now Bassetlaw District Council and Nottinghamshire police, also for the purposes of this document, the ‘owner and the manager’ of the system is Head of Regeneration at Bassetlaw District Council, or in the absence of the Head of Regeneration, the Council’s Community Safety Coordinator will act as the alternative point of contact. Details of key personnel, their responsibilities and contact points are shown at Appendix A to this Code.
Objectives of the System
The Objectives of the system are:
- To help reduce the fear of crime
- To help deter crime and detect crime
- To assist in the overall management of Worksop and Retford town centres
- To enhance community safety, boost the economy and encourage greater use of the town centre/shopping areas, etc
- To assist with traffic management
- To assist in supporting civil proceedings help detect crime, and
- To assist in the safety and wellbeing of the public
Within this broad outline, the Local Police Commander, in partnership with the Chief Executive will, where necessary, also draw up, and publish specific key objectives (which will be reviewed annually) based on the Bassetlaw, Newark & Sherwood Community Safety Partnership.
This Code of Practice (hereafter referred to as ‘the Code’) will be supplemented by a separate Procedural Manual/Assignment Instructions which offer instructions on all aspects of the operation of the system. To ensure the purpose and principles of the CCTV system are realised, the Manual is based upon the contents of this Code of Practice.
Notes: The data controller is the person or organisation who (either alone or jointly or in common with other persons) determines the purpose for which and the manner in which any personal data are, or are to be, processed. (In most cases the data controller is likely to be the scheme owner or manager).
The purpose of this document is to state the intention of both the owner and the manager, on behalf of the partnership as a whole and as far as is reasonably practicable, to support the objectives of the Bassetlaw CCTV System, (hereafter referred to as ‘The System’) and to outline how it is intended to do so.
- The System will be operated fairly, within the law, and only for the purposes for which it was established or which are subsequently agreed in accordance with this Code of Practice.
- The System will be operated with due regard to the principle that everyone has the right to respect for his or her private and family life and their home and with specific regard to the Data protection Act 1998 and the Human Rights Act 2000.
- The public interest in the operation of the System will be recognised by ensuring the security and integrity of operational procedures.
- Throughout this Code of Practice it is intended, as far as is reasonably practicable, to offer a balance between the objectives of the CCTV System and the need to safeguard the individual’s right to privacy. Throughout the Code every effort has been made to indicate that a formal structure has been put in place, (including a complaints procedure) by which it should be identified that the System is not only accountable, but is seen to be accountable.
- Participation in the System by any local organisation, individual or authority assumes an agreement by all such participants to comply fully with this Code and to be accountable under the Code of Practice.
Copyright and ownership of all material recorded by virtue of the Bassetlaw CCTV System will remain with the data controller.
Cameras and area coverage
The areas covered by CCTV to which this Code of Practice refers are the train stations at Worksop and Retford, the car parks within Worksop and Retford, the Town Centres at Worksop and Retford, also at Harworth, Tuxford, Carlton Forest depot and surrounding areas. From time to time transportable or mobile cameras may be temporarily or long term sited within the area. The use of such cameras, and the data produced by virtue of their use, will always accord with the objectives of the CCTV System.
The majority of the cameras, offer full colour, pan tilt and zoom (PTZ) capability, some of which may automatically switch to monochrome in low light conditions. None of the cameras forming part of the System will be installed in a covert manner.
The installation of a CCTV camera is considered to be overt unless it is installed in a manner whereby its presence is deliberately intended to be concealed from the view of any person likely to be within the field of view of that camera.
Cameras which may be placed in domes or covered to reduce the likelihood of assessing their field of view, or to protect them from weather or damage, would not be regarded as covert provided that appropriate signs indicating the use of such cameras are displayed in the vicinity
Monitoring and recording facilities
- A staffed monitoring room is located at the Bassetlaw District Council Offices, Queens Buildings, Potter Street, Worksop. The CCTV equipment has the capability of recording all cameras simultaneously throughout every 24 hour period.
- All recorded footage is retained on the digital system for a period no longer than 28 days of the original date of recording. The footage is digitally erased after this period unless it is retained for evidential use in accordance with this code.
- All fixed cameras images are recorded in real time, mobile camera images may be recorded at less than full frame rate. CCTV operators can produce hard copies of recorded images, replay or copy any pre-recorded data in accordance with the Code of Practice.
Authorised persons will normally be present whenever the monitoring equipment is in use.
Processing and handling of recorded material
All recorded material, whether recorded digitally, or as a hard copy video print, will be processed and handled strictly in accordance with this Code of Practice and the Procedural Manual.
Technical instructions on the use of equipment housed within the monitoring room are contained in a separate manual provided by the equipment suppliers.
Changes to the Code or the Procedural Manual
- Any major changes to either the Code or the Procedural Manual, (i.e. such as will have a significant impact upon the Code of Practice or upon the operation of the system) will take place only after consultation with all relevant interested groups, and upon the agreement of all organisations with a participatory role in the operation of the system.
- A minor change, (i.e. such as may be required for clarification and will not have such a significant impact) may be agreed between the manager and the owner of the system.
Although the majority of the public at large may have become accustomed to 'being watched', those who do express concern do so mainly over matters pertaining to the processing of the information, (or data) i.e. what happens to the material that is obtained.
Data protection legislation
- Although most CCTV Systems were not specifically included under the terms of the 1984 Act, most, if not all Systems come within the terms of the Data Protection Act 1998. The implementation date of the new Act was 24 October 1998. Any processing which commences after that date needs to be fully compliant with the Act.
- The Bassetlaw CCTV System is registered with the office of the Data Protection Commissioner; with Bassetlaw District Council as being nominated as the ‘data controller’.
- All data however will be processed in accordance with the principles of the Data Protection Act, 1998 which, in summarised form, includes, but is not limited to;
- All personal data will be obtained and processed fairly and lawfully.
- Personal data will be held only for the purposes specified.
- Personal data will be used only for the purposes, and disclosed only to the people, shown within these Codes of Practice.
- Only personal data will be held which are adequate, relevant and not excessive in relation to the purpose for which the data are held.
- Steps will be taken to ensure that personal data are accurate and where necessary, kept up to date.
- Personal data will be held for no longer than is necessary.
- Individuals will be allowed, where appropriate, access to information held about them and, where appropriate, permitted to correct or erase it.
- Procedures will be implemented to put in place security measures to prevent unauthorised or accidental access to, alteration, disclosure, or loss and destruction of, information.
Request for information (subject access)
- Any request from an individual for the disclosure of personal data which he/she believes is recorded by virtue of the system will be directed to the Head of Regeneration or the Council’s Data Protection Manager.
- The principles of Sections 7 and 8 of the Data Protection Act 1998 (Rights of Data Subjects and Others) should be followed in respect of every request, these Sections are reproduced as Appendix B to these Codes.
- Access requests can only be made using the pro-forma as found in Appendix G.
Exemptions to the provision of information
In considering a request made under the provisions of Section 7 of the Data Protection Act 1998, reference may also be made to Section 29 of the Act which includes, but is not limited to, the following statement:
Personal data processed for any of the following purposes:
- The prevention or detection of crime.
- The apprehension or prosecution of offenders.
are exempt from the subject access provisions in any case ‘to the extent to which the application of those provisions to the data would be likely to prejudice any of the matters mentioned in this subsection’.
Note: Each and every application will be assessed on its own merits and general ‘blanket exemptions’ will not be applied.
Criminal procedures and investigations act, 1996
The Criminal Procedures and Investigations Act, 1996 came into effect in April, 1997 and introduced a statutory framework for the disclosure to defendants of material which the prosecution would not intend to use in the presentation of its own case, (known as unused material). An explanatory summary of the provisions of the Act is contained within the Procedural Manual, but disclosure of unused material under the provisions of this Act should not be confused with the obligations placed on the data controller by Section 7 of the Data Protection Act 1998, (known as subject access).
For reasons of security and confidentiality, access to the CCTV monitoring room is restricted in accordance with this Code of Practice. However, in the interest of openness and accountability, anyone wishing to arrange an official visit to the room may be permitted to do so, subject to the approval of, and after making prior arrangements with, the manager of the System, Head of Regeneration.
Cameras will not be used to look into private residential property. 'Privacy zones' are programmed into the system as required in order to ensure that the interior of any private residential property within range of the system is not surveyed by the cameras, unless where any operational reason is required.
A member of the public wishing to register a complaint with regard to any aspect of the Bassetlaw CCTV System may do so by contacting, the Head of Regeneration at Bassetlaw District Council telephone 01909 532037. Any such complaint will be dealt with in accordance with existing discipline rules and regulations to which all members of the partnership, including the CCTV operators, are subject. An individual, who suffers damage or distress by reason of any clear contravention of this Code of Practice, may be entitled to compensation from the System owner or operator.
Bassetlaw District Council, named at Appendix A, being the nominated representative/s of the system owners, will have unrestricted personal access to the CCTV monitoring room and will be responsible for receiving regular and frequent reports from the manager of the system.
Bassetlaw District Council may nominate a committee with a specific responsibility for receiving and considering those reports.
Formal consultation will take place between the owners and the managers of the system with regard to all aspects, including this Code of Practice and the Procedural Manual.
(System manager) [or data controller]
The nominated manager named at Appendix A will have day-to-day responsibility for the system as a whole.
The system manager will ensure that every complaint is acknowledged in writing within seven working days which will include advice to the complainant of the enquiry procedure to be undertaken. A formal six monthly report will be forwarded to the nominee of the system owner named at Appendix A, giving details of all complaints and the outcome of relevant enquiries.
Statistical and other relevant information, including any complaints made, will be included in the Annual Report of the Bassetlaw CCTV Scheme which will be made publicly available and reported at the Council’s ICT Governance meetings by the Data Protection Manager.
- Code of Practice: A copy of this Code of Practice, will be made available to anyone requesting it. A copy is available online, and additional copies will be lodged at public libraries, Nottinghamshire Police station at Bassetlaw and Bassetlaw District Council, Queens Buildings, Potter Street, Worksop.
- Annual Report: A copy of the annual report will also be made available to anyone requesting it.
- Signs: Signs will be placed in the locality of the cameras and at main entrance points to the relevant areas, e.g. Railways, Bus stations etc. The signs will indicate:-
- The presence of CCTV monitoring and the purpose of the system
- The 'ownership' of the system, i.e. Bassetlaw District Council, and
- Contact telephone number of the 'data controller' of the system. Telephone number 01909 532037
The system manager will accept day to day responsibility for the monitoring, operation and evaluation of the system and the implementation of this Code of Practice.
- A body of individuals (lay inspectors) who have no direct contact with the system will be responsible for inspecting the operation of the system.
- Inspections should take place at least once per calendar year, including formal reviews by no more than two people at any one time. The Inspectors will be permitted access to the CCTV monitoring room, without prior notice and to the records held therein at any time, provided their presence does not disrupt the operational functioning of the room and they are accompanied by an authorised person. Their findings will be reported to the Head of Regeneration, the system manager and the Data Protection Manager the report will also be made available to the relevant committee of Bassetlaw District Council and their visit recorded in the CCTV monitoring room.
- Inspectors will be required to sign a declaration of confidentiality (see Appendix F).
Staffing of the Control Room
The CCTV Control Room will be staffed in accordance with the Procedural Manual. Equipment associated with the CCTV System will only be operated by authorised personnel who will have been properly trained in its use and all control room procedures. Each operator will be personally issued with a copy of both the Codes of Practice and the Procedural Manual/Assignment instructions. They will be fully conversant with the contents of such documents, which may be updated from time to time, and which he/she will be expected to comply with as far as is reasonably practicable at all times.
Each operator will be fully SIA licensed (CCTV Public Space Surveillance Operations) and whereby an operator is in training they will be monitored by a fully licensed operator.
Arrangement may be made for a police liaison officer to be present in the monitoring room at certain times, subject to locally agreed protocols. Any such person must also be conversant with these Codes of Practice and associated Procedural Manual/Assignment Instructions.
From time to time there will be Nottinghamshire Police, along with Nottinghamshire Police ‘volunteers’ in the Control Room. The volunteer must be conversant with these Codes of Practice and associated procedural manual/assignment instructions and will always be under the supervision of a duty CCTV operator, the supervision of the volunteer will be with the system manager.
Every individual with any responsibility under the terms of this Code of Practice and who has any involvement with the CCTV System to which they refer, will be subject to Bassetlaw CCTV Scheme discipline code. Any breach of this Code of Practice or of any aspect of confidentiality will be dealt with in accordance with those discipline rules and must be reported to the Head of Regeneration or the Council’s Data Protection Manager.
The system manager will accept primary responsibility for ensuring there is no breach of security and that the Code of Practice is complied with. He/she has day to day responsibility for the management of the room and for enforcing the discipline rules. Noncompliance with this Code of Practice by any person will be considered a severe breach of discipline and dealt with accordingly including, if appropriate, the instigation of criminal proceedings.
Declaration of confidentiality
Every individual with any responsibility under the terms of this Code of Practice and who has any involvement with the CCTV System to which they refer, will be required to sign a declaration of confidentiality. (See example at Appendix E, see also Section 8 concerning access to the monitoring room by others).
- Any person operating the cameras will act with utmost probity at all times and with regard to the requirements of the Data Protection Act 1998 and the Human Rights act of 2000.
- Every use of the cameras will accord with the purposes and key objectives of the system and shall be in compliance with this Code of Practice.
- Cameras will not be used to look into private residential property, unless there is an operational reason to do so. Where appropriate 'Privacy Zones' will be programmed into the system as required in order ensuring that the interior of any private residential property within range of the system is not surveyed by the cameras.
- Camera operators will be mindful of exercising prejudices which may lead to complaints of the system being used for purposes other than those for which it is intended. The operators may be required to justify their interest in, or recording of, any particular individual, group of individuals or property at any time by virtue of the audit of the system or by the system manager.
- The System Manager, where appropriate to do so, may invite residents from properties within the CCTV monitored area to the Control Room to enhance their confidence of privacy etc.
Only those authorised members of staff with responsibility for using the CCTV equipment will have access to the operating controls, those operators have primary control at all times.
Operation of the system by the police
- Under extreme circumstances the Police may make a request to assume control of the CCTV System to which this Code of Practice applies. Only requests made on the written authority of a police officer not below the rank of Inspector will be considered. Any such request will only be accommodated on the personal written authority of the most senior representative available of the System owners, (or designated deputy of equal standing). The written request may be submitted via the secure email account to the Council’s Control Room.
- In the event of such a request being permitted, the control room will continue to be staffed, and equipment operated by, only those personnel who are authorised to do so and who fall within the terms of Sections Six and Seven of this Code.
- In very extreme circumstances a request may be made for the Police to take total control of the System in its entirety, including the staffing of the control room and personal control of all associated equipment; to the exclusion of all representatives of the System owners. Any such request will only be considered personally by the most senior officer of the System owners (or designated deputy of equal standing). A request for total exclusive control must be made in writing by a police officer not below the rank of Assistant Chief Constable.
Only authorised personnel will operate any of the equipment located within the CCTV control room or equipment associated with the CCTV System.
Public access to the monitoring and recording facility will be prohibited except for lawful, proper and sufficient reasons and only then with the personal authority of the system manager. Any such visits will be conducted and recorded in accordance with the Procedural Manual.
Visits by Inspectors or Auditors do not fall into the scope of the above paragraph and may take place at any time, without prior warning but with the presence of the manager or other authorised person. No more than two Inspectors or Auditors will visit at any one time. Inspectors or Auditors will not influence the operation of any part of the system during their visit. The visit will be suspended in the event of it being operationally inconvenient. Any such visit should be recorded in the same way as that described above.
Declaration of confidentiality
Regardless of their status, all visitors to the CCTV control room, including Inspectors and Auditors, will be required to sign the visitors log and a declaration of confidentiality.
Authorised personnel will normally be present at all times when the equipment is in use. If the monitoring facility is to be left unattended for any reason it will be secured. In the event of the control room having to be evacuated for safety or security reasons, the provisions of the Procedural Manual will be complied with. The control room, will at all times be secured by ‘Magnetic-Locks’ operated by the CCTV operator.
For the purposes of this Code 'recorded material' means any material recorded by, or as the result of, technical equipment which forms part of the Bassetlaw Closed Circuit Television System, but specifically includes images recorded digitally, or on videotape or by way of video copying, including video stills.
Every video recording used in conjunction with the Bassetlaw CCTV System has the potential of containing material that has to be admitted in evidence at some point during its life span.
Members of the community must have total confidence that information recorded about their ordinary every day activities by virtue of the system, will be treated with due regard to their individual right to respect for their private and family life.
It is therefore of the utmost importance that every means of video recording is treated strictly in accordance with this Code of Practice and the Procedural Manual from the moment it is delivered to the control room until its final destruction. Every movement and usage will be meticulously recorded.
Access to, and the use of, recorded material will be strictly for the purposes defined in this Code of Practice only.
Recorded material will not be copied, sold, otherwise released or used for commercial purposes or for the provision of entertainment, unless in the interest of crime prevention and authorised by Police Inspector and the ‘Data Controller’, and not for financial gain.
National standard for the release of data to a third party
Every request for the release of personal data generated by this CCTV System will be channelled through the Head of Regeneration. The System Manager will ensure the principles contained within Appendix C to this Code of Practice are followed at all times.
In complying with the national standard for the release of data to third parties, it is intended, as far as reasonably practicable, to safeguard the individual’s rights to privacy and to give effect to the following principles:
- Recorded material shall be processed lawfully and fairly, and used only for the purposes defined in this Code of Practice;
- Access to recorded material will only take place in accordance with the standards outlined in Appendix C and this Code of Practice;
- The release or disclosure of data for commercial or entertainment purposes is specifically prohibited.
Members of the police service or other agency having a statutory authority to investigate and/or prosecute offences may, subject to compliance with Appendix C, release details of recorded information to the media only in an effort to identify alleged offenders or potential witnesses. Under such circumstances, full details will be recorded in accordance with the Procedural Manual.
Note: Release to the media of recorded information, in whatever format, which may be part of a current investigation would be covered by the Police and Criminal Evidence Act, 1984. Any such disclosure should only be made after due consideration of the likely impact on a criminal trial. Full details of any media coverage must be recorded and brought to the attention of both the prosecutor and the defence.
If material is to be shown to witnesses, including police officers, for the purpose of obtaining identification evidence, it must be shown in accordance with Appendix C and the Procedural Manual.
Digital image recording
All Images are recorded digitally from camera source onto an Instek Digital Hybrid digital video recorder (hDVR) Raid 0 hard drive or standalone PC hard drive. The images are recorded at 25 Frames per second (full motion) and stored for a maximum 28 days before being deleted/reused.
Images will only be retained longer than 28 days if they are expected to be used or used as evidence in an investigation or its case history. No images will be kept after 28 days.
Evidence will normally be issued to the prosecuting authorities on two DVD’s both copies are considered to be primary evidence but one copy will be labelled as the ‘Master Copy’ and the other will be labelled as the ‘Working Copy’. Both copies will be issued to the Police on request and no further incident data will be held in CCTV after 28 days.
In circumstances where a large amount of data is required an encrypted USB hard drive or an encrypted USB stick may be utilised to hold large amounts of raw evidential data. Media player software is included in the process so that the data can be accessed by the Police using their own IT equipment. USB Hard Drives and or other mass storage devices must be supplied by the Police.
All production and movement of evidential material is recorded both on the Instek digital recording system management interface and on the CCTV control room paperless office management system, Video Technology Advisory Service (VTAS).
Major crime and requests for confiscation of system hard drives
- The Digital Recording system has been designed and built with the express intension of providing evidential material to the Police and prosecuting authorities. The system stores evidential data for 28 days, the stored data can be downloaded on request onto various forms of storage media for investigation and production in court as prime evidence.
- The digital recording mechanism is built into a complex server unit, housed within a secure server room. Instek recording platform is Raid 0 storage which means that any hard disk can be removed and played via a suitable PC with the Instek software installed.
- The PSN units cannot be removed without the entire system being shut down, this can only be actioned by T.I.S engineers. Once removed the system cannot be operated until the PSN units are replaced or replacement PSN units are built to the exact same specifications.
There will be occasions when the Police need to, or plan to observe people, vehicles, premises or people entering and leaving premises as part of an investigation. The Human Rights Act 1998, aims to protect the individual’s right to privacy. The RIPA Act 2000 (Regulation of Investigatory Powers Act) has been introduced to enable the Police to incorporate legislation and to formalize surveillance procedures in line with provisions of the Human Rights Act.
When assisting the Police, there are two categories of surveillance:
- Directed surveillance - surveillance undertaken for a specific investigation or operation, in a manner likely to obtain private information.
- Intrusive surveillance - surveillance taking place in or into private premises or a private vehicle, in a manner intended to obtain private information.
It is very unlikely that as an overt CCTV system, we would be asked to assist with an intrusive surveillance.
An agreed protocol incorporating the use of RIPA where required is provided (agreed by the Police and Bassetlaw District Council) to cover the use of the camera system by the Police for targeted or specific investigations and operations, (The Protocol is maintained within the CCTV Control Room).
Directed surveillances must be authorized, and managed in accordance with the agreed protocol. The Head of Regenerations or his/her nominated Officer, will be informed of every authorised surveillance that is to be carried out which involves the use of cameras managed by Bassetlaw District Council. He/she will ensure that authorization and the following of agreed protocol has been made before permission is given for such surveillance to commence.
An intrusive surveillance must be authorised in writing, by a Chief Constable.
It is the responsibility of the authorising Officer to review the ongoing surveillance activities and cancel when appropriate. Such cancellation must be informed to the CCTV operator. The Police will maintain overall responsibility for the surveillance.
A Police Officer will normally be present in the Control Room throughout the duration of the directed/intrusive surveillance and may operate the camera or direct the CCTV Operator with the agreement of The Head of Regeneration or his/her deputy.
Upon commencement of any Police surveillance, details, including the attending Officer, authorising Officer, location, reasons for the surveillance, dates and times and the unique surveillance number, will be entered onto the CCTV Operators log sheet, prior to the commencement of the surveillance.
The uses of town Centre CCTV systems are not normally regulated by the Act (RIPA). This is because members of the public are aware that these systems are in existence and are there for their own protection and to assist in preventing and detecting crimes. However where specific targeted operations are undertaken RIPA will apply.
Directed and Intrusive surveillances will also be authorised by designated Officers within Bassetlaw District Council managed operations. Directed surveillance's can be authorised by a Head of Department and above. Intrusive surveillance will only be authorised by a Chief Executive Officer.
Elected Members are not authorised to instruct any surveillance procedures and they must refer their requests through to the designated Officers within the Council.
No surveillance's, whether directed or intrusive, Police or Bassetlaw Council led, will be carried out without first informing the Head of Regeneration in order to allow CCTV to assist them.
When a RIPA is authorized all the CCTV data gathered from the authorized Investigation must be kept by the requester for a minimum of 5 years including non evidential footage. The requesting authority will therefore need to supply a corresponding number of digital storage hard 18 drives at 1 TB per day of authorized use (whole system) or state the actual cameras to be used on the RIPA authority so that a lesser amount of storage is required.
The Nottinghamshire Police contact point for information and advice on RIPA is the Covert Authority Bureau (CAB) via the Police main switchboard. The CAB will authorize all Police RIPA activity via CCTV and confirm the validity of each by e-mail.
For the purposes of this Code ‘Re-deployable CCTV’ means any CCTV equipment, which is not permanently fixed in position, including moveable street mounted cameras and fly-tipping systems.
The purpose of this section is to ensure that emerging systems such as mobile CCTV vehicles or deployable static cameras (temporarily fixed in position) operate in a way that is compliant with all legal requirements. It is essential that evidence obtained using such equipment is acceptable and admissible by the courts. These systems being relatively new may initially provide the opportunity for legal challenge when used to gather evidence towards a possible conviction. The intention of this section is to ensure that wherever possible opportunities to challenge the use of mobile equipment in the courts are minimised.
Regardless of whether the cameras are positioned for a very short time (in a stationary vehicle) or whether they are fixed for longer periods, such as those temporarily attached to street furniture. Consideration must be given to the restrictions placed by the Data Protection Act and possible infringements of Human Rights, in particular Article 8 - the right to private life.
Initial sighting assessment procedures:
- The Data Protection Act requires that an Initial Assessment is carried out by the organisation legally responsible for the system before CCTV systems are deployed. In this case the person or organisation legally responsible for the system would be (jointly) the Local Authority and Nottinghamshire Police There will also be joint Data Controllers, with responsibilities as managers devolved to the appropriate Liaison Officer / CCTV manager from each organisation. The decision to deploy the cameras must be based on Crime Patterns and or Criminal Intelligence, both of which should have supporting data.
- The appropriateness for the sitting and deployment of mobile / transportable CCTV equipment must be supported by written crime patterns analysis and / or reference to criminal intelligence logs. Reference to this must be made in writing on the CCTV Deployment Log, together with the purpose of the installation / deployment which will be one of the following:
- Prevention, investigation and /or detection of crime
- Apprehension and /or prosecution of offenders
- Public and employee safety
- Staff discipline
- Traffic flow monitoring (only needed if processing personal data)
Covert operations will however be undertaken for fly-tipping in accordance with Human Rights and Data Protection Acts.
The sighting of cameras, especially where cameras could potentially intrude into domestic areas such as gardens will normally require consultation with those affected. If this is not possible, for instance, when doing so would prevent the purpose of the deployment becoming ineffectual, then this should be recorded. Where cameras invade private space, electronic restrictions should be applied if possible, and in any case operators must be made aware of their responsibilities under the Data Protection Act and Human Rights Act (see also training requirements).
The requirement for signage of CCTV schemes is covered under the Data Protection Act Codes of Practice. Clearly providing appropriate signs with such portable systems will have its difficulties. Vehicles must be sign written with the appropriate information as defined in the Data Protection Act Codes of Practice. In the case of transportable systems, temporary signs (worded appropriately) should be positioned / erected on the approach to the areas where the cameras have been temporarily installed. These must be removed at the same time as the cameras are removed. Signs erected for periods any length of time may require planning permission. Signage would not apply for covert operations.
The staffing of mobile units varies in differing parts of the Country. In the main these systems are operated either by Local Authority staff (contract or otherwise) or Police staff.
In all cases, selection of the staff used to operate such equipment should follow the same requirements for the selection, recruitment and training of CCTV Operators. They must also receive specific training in respect of Human Rights, Data Protection, Regulation of Investigatory Powers Act, Freedom of Information Act and Police & Criminal Evidence Act in the context of the use of CCTV equipment.
BASSETLAW DISTRICT COUNCIL
Telephone: 01909 532037
Bassetlaw District council is the ‘owner’ of the system. The nominee will be the single point of reference on behalf of the owners. Their role will include a responsibility to:
- Ensure the provision and maintenance of all equipment forming part of the Bassetlaw CCTV System in accordance with contractual arrangements which the owners may from time to time enter into.
- Maintain close liaison with the system manager.
- Ensure the interests of Bassetlaw District Council and other organisations are upheld in accordance with the terms of this Code of Practice.
- In partnership with the system manager, agree to any proposed alterations and additions to the system, this Code of Practice and/or the Procedural Manual.
Strategic Manager Risk & Resilience, Bassetlaw District Council
Telephone: 01909 532037
- Responsibilities - Bassetlaw District Council is the ‘manager and the data controller’ of the system. The nominee, The Head of Regeneration will be the single point of reference on behalf of the managers. In relation to day to day operational issues, or in the absence of the Head of Regeneration, the Council’s Community Safety Coordinator will act as the alternative point of contact His/her role will include a responsibility to:
- Maintain day to day management of the system and staff;
- Accept overall responsibility for the system and for ensuring that this Code of Practice is complied with;
- Maintain direct liaison with the owners of the system.
Subject to the following provisions of this section and to sections 8 and 9, an individual is entitled:
- To be informed by any data controller whether personal data of which that individual is the data subject are being processed by or on behalf of that data controller,
- If that is the case, to be given by the data controller a description of -
- The personal data of which that individual is the data subject;
- The purpose for which they are being or are to be processed;
- The recipients or classes of recipients to whom they are or may be disclosed,
- To have communicated to him/her in an intelligible form:
- The information constituting any personal data of which that individual is the data subject, and
- Any information available to the data controller as the source of those data, and
- Where the processing by automatic means of personal data of which that individual is the data subject for the purposes of evaluating matters relating to him/her such as, for example, his/her performance at work, his/her creditworthiness, his/her reliability or his/her conduct, has constituted or is likely to constitute the sole basis for any decision significantly affecting him/her, to be informed by the data controller of the logic involved in that decision-taking.
A data controller is not obliged to supply any information under subsection (1) unless he/she has received:
- A request in writing, and
- Except in prescribed cases, such fee (not exceeding the prescribed maximum) as he/she may require.
A data controller is not obliged to comply with a request under this section unless he/she is supplied with such information as he/she may reasonably require in order to satisfy him/herself as to the identity of the person making the request and to locate the information which that person seeks.
Where a data controller cannot comply with the request without disclosing information relating to another individual who can be identified from that information, he/she is not obliged to comply with the request unless: (a) the other individual has consented to the disclosure of the information to the person making the request, or (b) it is reasonable in all the circumstances to comply with the request without the consent of the other individual.
In subsection (4) the reference to information relating to another individual includes a reference to information identifying that individual as the source of the information sought by the request; and that subsection is not to be construed as excusing the data controller from communicating so much of the information sought by the request as can be communicated without disclosing the identity of the other individual concerned, whether by omission of names or other identifying particulars or otherwise.
In determining for the purposes of subsection (4)(b) whether it is reasonable in all the circumstances to comply with the request without the consent of the other individual concerned, regard shall be had, in particular, to:
- Any duty of confidentiality owed to the other individual,
- Any steps taken by the data controller with a view to seeking the consent of the other individual,
- Whether the other individual is capable of giving consent, and
- Any express refusal of consent by the other individual.
An individual making a request under this section may, in such cases as may be prescribed, specify that his/her request is limited to personal data of any prescribed description.
Subject to subsection (4), a data controller shall comply with a request under this section promptly and in any event before the end of the prescribed period beginning with the relevant day.
If a court is satisfied on the application of any person who has made a request under the foregoing provisions of this section that the data controller in question has failed to comply with the request in contravention of those provisions, the court may order him/her to comply with the request.
In this section:
- ‘prescribed’ means prescribed by the Secretary of State by regulations;
- ‘the prescribed maximum’ means such amount as may be prescribed;
- ‘the prescribed period’ means forty days or such other period as may be prescribed;
- ‘the relevant day’, in relation to a request under this section, means the day on which the data controller receives the request or, if later, the first day on which the data controller has both the required fee and the information referred to in subsection (3).
Different amounts or periods may be prescribed under this section in relation to different cases.
The Secretary of State may by regulations provide that, in such cases as may be prescribed, a request for information under any provision of subsection (1) of section 7 is to be treated as extending also to information under other provisions of that subsection.
The obligation imposed by section 7(1)(c)(i) must be complied with by supplying the data subject with a copy of the information in permanent form unless:
- The supply of such a copy is not possible or would involve disproportionate effort, or
- The data subject agrees otherwise;
and where any of the information referred to in section 7(1)(c)(i) is expressed in terms which are not intelligible without explanation the copy must be accompanied by an explanation of those terms.
Where a data controller has previously complied with a request made under section 7 by an individual, the data controller is not obliged to comply with a subsequent identical or similar request under that section by that individual unless a reasonable interval has elapsed between compliance with the previous request and the making of the current request.
In determining for the purposes of subsection (3) whether requests under section 7 are made at reasonable intervals, regard shall be had to the nature of the data, the purpose for which the data are processed and the frequency with which the data are altered.
Section 7(1)(d) is not to be regarded as requiring the provision of information as to the logic involved in decision-taking if, and to the extent that, the information constitutes a trade secret.
The information to be supplied pursuant to request under section 7 must be supplied by reference to the data in question at the time when the request is received, except that it may take account of any amendment or deletion made between that time and the time when the information is supplied, being an amendment or deletion that would have been made regardless of the receipt of the request.
For the purposes of section 7(4) and (5) another individual can be identified from the information being disclosed if he/she can be identified from that information, or from that and any other information which, in the reasonable belief of the data controller, is likely to be in, or to come into, the possession of the data subject making the request.
Note: These extracts are for guidance only. To ensure compliance with the legislation, the relevant Data Protection legislation should be referred to in its entirety.
It is strongly recommended that local procedures should be put in place to ensure a standard approach to all requests for the release of data. It is recommended that every request is channelled through the data controller
Notes: The data controller is the person who (either alone or jointly or in common with other persons) determines the purpose for which and the manner in which any personal data are, or are to be, processed. (In most cases the data controller is likely to be the scheme owner or manager).
Primary request to view data
Primary requests to view data generated by a CCTV System are likely to be made by third parties for any one or more of the following purposes:
- Providing evidence in criminal proceedings (e.g. Police and Criminal Evidence Act 1984, Criminal Procedures & Investigations Act 1996, etc.);
- Providing evidence in civil proceedings or tribunals
- The prevention of crime
- The investigation and detection of crime (may include identification of offenders)
- Identification of witnesses
Third parties, which should be required to show adequate grounds for disclosure of data within the above criteria, may include, but are not limited to:
- Statutory authorities with powers to prosecute, (e.g. Customs and Excise; Trading Standards, etc.)
- Plaintiffs in civil proceedings
- Accused persons or defendants in criminal proceedings
- Other agencies, (which should be specified in the Code of Practice) according to purpose and legal status
Upon receipt from a third party of a bona fide request for the release of data, the scheme owner (or representative) should:
- Not unduly obstruct a third party investigation to verify the existence of relevant data.
- Ensure the retention of data which may be relevant to a request, but which may be pending application for, or the issue of, a court order or subpoena, (it may be appropriate to impose a time limit on such retention which should be notified at the time of the request).
In circumstances outlined at note (3) below, (requests by plaintiffs, accused persons or defendants) the owner, (or nominated representative) should:
- Be satisfied that there is no connection with any existing data held by the police in connection with the same investigation.
- Treat all such enquiries with strict confidentiality.
- The release of data to the police may not be restricted to the civil police but could include, (for example) British Transport Police, Ministry of Defence Police, Military Police, etc. (It may be appropriate to put in place special arrangements in response to local requirements).
- Aside from criminal investigations, data may be of evidential value in respect of civil proceedings or tribunals. In such cases a solicitor, or authorised representative of the tribunal, should be required to give relevant information in writing prior to a search being granted. In the event of a search resulting in a requirement being made for the release of data, such release will only be facilitated on the instructions of a court order or subpoena. (It may be considered appropriate to make a charge for this service. In all circumstances data will only be released for lawful and proper purposes).
- There may be occasions when an enquiry by a plaintiff, an accused person, a defendant or a defence solicitor falls outside the terms of disclosure or subject access legislation. An example could be the investigation of an alibi. Such an enquiry may not form part of a prosecution investigation. Defence enquiries could also arise in a case where there appeared to be no recorded evidence in a prosecution investigation.
- The scheme owner should decide which (if any) "other agencies" might be permitted access to data. Having identified those ‘other agencies’, such access to data will only be permitted in compliance with this Standard.
Secondary request to view data
A ‘secondary’ request for access to data may be defined as any request being made which does not fall into the category of a primary request. Before complying with a secondary request, the scheme owner should ensure that:
- The request does not contravene, and that compliance with the request would not breach, current relevant legislation, (e.g. Data Protection, Human Rights Act, section 163 Criminal Justice and Public Order Act 1994, etc.);
- Any legislative requirements have been complied with, (e.g. the requirements of the Data Protection Act);
- Due regard has been taken of any known case law (current or past) which may be relevant, (e.g. R v Brentwood BC ex p. Peck see page 28) and
- The request would pass a test of ‘disclosure in the public interest
If, in compliance with a secondary request to view data, a decision is taken to release material to a third party, the following safeguards should be put in place before surrendering the material:
- In respect of material to be released under the auspices of ‘crime prevention’, written agreement to the release of the material should be obtained from a police officer, not below the rank of Inspector. The officer should have personal knowledge of the circumstances of the crime/s to be prevented and an understanding of the CCTV System Code of Practice
- If the material is to be released under the auspices of ‘public well being, health or safety’, written agreement to the release of material should be obtained from a senior officer within the Local Authority. The officer should have personal knowledge of the potential benefit to be derived from releasing the material and an understanding of the CCTV System Code of Practice.
Recorded material may be used for bona fide training purposes such as police or staff training. Under no circumstances will recorded material be released for commercial sale of material for training or entertainment purposes.
‘Disclosure in the public interest’ could include the disclosure of personal data that:
- Provides specific information which would be of value or of interest to the public well being
- Identifies a public health or safety issue
- Leads to the prevention of crime
The disclosure of personal data which is the subject of a ‘live’ criminal investigation would always come under the terms of a primary request.
Individual Subject Access under Data Protection legislation
Under the terms of Data Protection legislation, individual access to personal data, of which that individual is the data subject, must be permitted providing:
- The request is made in writing;
- A specified fee is paid for each individual search;
- The Data Controller is supplied with sufficient information to satisfy themselves as to the identity of the person making the request;
- The person making the request provides sufficient and accurate information about the time, date and place to enable the data controller to locate the information which that person seeks, (it is recognised that a person making a request is unlikely to know the precise time. Under those circumstances it is suggested that within one hour of accuracy would be a reasonable requirement);
- The person making the request is only shown information relevant to that particular search and which contains personal data of themselves only,
- unless all other individuals who may be identified from the same information have consented to the disclosure;
In the event of the scheme owner complying with a request to supply a copy of the data to the subject, only data pertaining to the individual should be copied, (all other personal data which may facilitate the identification of any other person should be concealed or erased). Under these circumstances an additional fee may be payable.
The owner is entitled to refuse an individual request to view data under these provisions if insufficient or inaccurate information is provided, (however every effort should be made to comply with subject access procedures and each request should be treated on its own merit).
In addition to the principles contained within the Data Protection legislation, the data controller should be satisfied that the data is:
- Not currently and, as far as can be reasonably ascertained, not likely to become, part of a ‘live’ criminal investigation;
- Not currently and, as far as can be reasonably ascertained, not likely to become, relevant to civil proceedings;
- Not the subject of a complaint or dispute which has not been actioned;
- The original data and that the audit trail has been maintained;
- Not removed or copied without proper authority;
- For individual disclosure only (i.e. to be disclosed to a named subject)
Process of Disclosure:
- Verify the accuracy of the request;
- Replay the data to the requester only, (or responsible person acting on behalf of the person making the request);
- The viewing should take place in a separate room and not in the control or monitoring area. Only data which is specific to the search request should be shown
- It must not be possible to identify any other individual from the information being shown, (any such information must be blanked-out, either by means of electronic screening or manual editing on the monitor screen
- If a copy of the material is requested and there is no on-site means of editing out other personal data, then the material should be sent to an editing house for processing prior to being sent to the requester.
- The scheme owner is likely to breach Data Protection legislation if a person making a subject access request is able to identify any other individual from the information being disclosed. However a television image is two dimensional and the majority of CCTV schemes do not have immediate access to the necessary technology to blank out or remove ‘other data’. It is recommended that the advice of the Data Protection Registrar’s office is sought in respect of any method which it is proposed should be adopted.
In the event of a request from the media for access to recorded material, the procedures outlined under ‘secondary request to view data’ should be followed. If material is to be released the following procedures should be adopted:
- The release of the material must be accompanied by a signed release document that clearly states what the data will be used for and sets out the limits on its use.
- The release form should state that the receiver must process the data in a manner prescribed by the data controller, e.g. specify identities/data that must not be revealed.
- It may also require that proof of editing must be passed back to the data controller, either for approval or final consent, prior to its intended use by the media (protecting the position of the data controller who would be responsible for any infringement of Data Protection legislation and the System’s Code of Practice);
- The release form should be considered a contract and signed by both parties
- In the well publicised case of R v Brentwood Borough Council, ex parte Geoffrey Dennis Peck, (QBD November 1997), the judge concluded that by releasing the video footage, the Council had not acted unlawfully. A verbal assurance that the broadcasters would mask the identity of the individual had been obtained. Despite further attempts by the Council to ensure the identity would not be revealed, the television company did in fact broadcast footage during which the identity of Peck was not concealed. The judge concluded that tighter guidelines should be considered to avoid accidental broadcast in the future.
In developing this national standard for the release of data to third parties, it is intended, as far as reasonably practicable, to safeguard the individual’s rights to privacy and to give effect to the following principles:
- Recorded material should be processed lawfully and fairly and used only for the purposes defined in the Code of Practice for the CCTV scheme;
- Access to recorded material should only take place in accordance with this Standard and the Code of Practice;
- The release or disclosure of data for commercial or entertainment purposes should be specifically prohibited.
WARNING ACCESS TO THIS AREA IS RESTRICTED
Everyone, regardless of status, entering this area is required to complete an entry in the visitors log.
Visitors are advised to note the following confidentiality clause and entry is conditional on acceptance of that clause.
In signing this document all visitors to the Bassetlaw Town Centre CCTV Control Room acknowledge that the precise location of this CCTV Centre and personal details of those operating the system, is, and should remain, confidential. Authorised visitors, other than Police Officers, further agree not to divulge any information obtained, overheard or overseen during their visit.
An entry accompanied by your signature in the visitors log is your acceptance of these terms.
Last Updated on Tuesday, September 22, 2020