CCTV Privacy Policy
Privacy Impact
Purpose of CCTV monitoring
CCTV is deployed as a deterrent to vandalism, crime and antisocial behaviour taking place within public areas of the recreation ground, and to provide evidence of any criminal activity should it occur. A decision was taken by CIO trustees to deploy CCTV following a persistent history of such incidents within the grounds for which it is responsible. The site is remote from village residential areas and does not benefit from regular visits by police. Consequently, users of the recreation ground have at times felt isolated and vulnerable when encountering situations perceived to be threatening in nature to themselves or to property.
Level of monitoring
Outside cameras are positioned on and adjacent to the pavilion such as to have a wide-area vista of the grounds, plus closer monitoring of specific zones judged to be vulnerable to adverse incidents, such as the car park, pavilion building and public toilet block. CCTV monitoring is not undertaken inside the pavilion building. Camera data is stored on-site in a looped format on hard drive, where older data is constantly over-written by current recording. All camera data is therefore temporarily held and overwritten; no camera data is permanently retained.
Alternatives to CCTV
In response to overnight incidents having taken place in the car park area, some years ago a rota was introduced for nightly locking up of the car park and toilets at dusk. An additional benefit was that someone would be checking all was in order at dawn and dusk. However, this was found not to deter incidents of vandalism and antisocial behaviour, which continued. Police had been unable to provide regular – or even occasional checks – so reluctantly, after liaison with police, trustees agreed to introduce CCTV for the above stated purposes.
Potential adverse impacts
It is appreciated that employment of CCTV will to a degree entail loss of privacy for users of public areas of the recreation ground. It is noted, however, that feedback from village residents has been positive. It is also noted that camera(s) monitoring the car park area will also ‘have sight’ of a small section of Water Lane at the entrance to the car park and may thereby capture images of passers-by not within the CIO’s grounds. This incidental image capture is limited in extent by camera positioning, and by the boundary with Water Lane either side of the car park entrance being concealed by hedging and trees: therefore, only the lane at the car park entrance is observable.
Obligations of the operator
The CIO is obligated to ensure clear signage in the grounds that CCTV is in operation, and that CCTV derived electronic data is managed in accordance with the CIO’s data policy and in conformance with Data Protection Act (DPA) guidance. The CIO also notes its duty to provide access to this policy and to provide a point of contact for CCTV related enquiries, complaints and rights of access requests (Subject Access Requests, SARs – see below).
CCTV Policy
Data controller and processor
The data controller and the responsible data processing organisation is the Bamford with Thornhill Recreation Ground CIO.
Justification of CCTV and it is positioning
The justification for CCTV deployment is set out in section 1 above. CCTV will be positioned only to monitor open outdoor public areas of the recreation ground, where privacy expectations will be limited. Camera positions will be clearly visible, and clear signage will be provided. No covert or indoor surveillance will be employed, and camera positioning should not allow the observation of indoor areas from outside.
Nature of CCTV monitoring
In having a monitor screen connected to the data recorder, the system setup does enable live monitoring, but this is not its intended normal mode of use. The system is set up to record images directly to hard drive; the connected monitor is for the purpose of reviewing recorded images retrospectively. Therefore, any monitoring undertaken by authorised personnel must solely be retrospective in nature. No remote live monitoring (e.g. via broadband) will be permitted.
Image data storage
CCTV image data will be stored on an on-site hard drive, held securely in a non-public area of the recreation ground. Data will not be stored on removable media and must not be taken off site, with the exception of image data excerpts limited in extent for the express purpose of investigating reported untoward incidents (e.g. for sharing with police).
Data access
Only CIO trustees will have authorised access to CCTV data records. Other personnel may only access CCTV data records with the formal written permission of the CIO (e.g. for system maintenance or repair), and any such permitted access should be documented and supervised by a trustee.
All CCTV Data Access will be recorded in the access log stating when, who and why access was required.
Security
In addition to the above permitted access controls, the storage hard drive must be kept secure in a purpose designed locked cabinet in a non-public building area, and access must be password protected.
Sensitive data
All CCTV images are classified as personal data and should be afforded protection as such. However, it is noted that the monitored ground is frequented by young children, and indeed the playground area is included in the area of surveillance. This merits especial attention to data security and the potential for misuse.
Data security breaches
Any breach of data security must be investigated and responded to. As a minimum a breach or potential breach incident should be documented, reviewed by trustees and the outcome of the review recorded. Trustees should be aware of their data protection obligations and any serious breaches of data security or data misuse should be reported to the Information Commissioner’s Office (ICO).
Data retention
Retrospective recorded data is automatically overwritten by current recording; no CCTV data is permanently retained on the hard drive. However, where CCTV data is taken offsite it must be destroyed as soon as it is finished with. Any agency with which CCTV data is shared – such as police – must be instructed in writing to destroy the data as soon as the associated task or investigation is completed.
Data sharing
CCTV data may only be shared outside the CIO with police or other government crime agency. This should only be done with a quorate agreement of trustees, either by a meeting of trustees or by email, and should be documented. A data destruction instruction, as set out above, should be issued to the recipient of the data.
Subject Access Requests
By law, any individual has the right to request access to their CCTV recorded images, and the CIO must have procedures for receiving and handling such access requests, and complaints relating to CCTV. The CIO should therefore provide a point of contact on the web page for access requests and complaints. Any such communication should be reviewed by trustees and a timely response provided. It is expected that a subject access request will be supported by a stated date and time to enable the relevant data to be located. Any request by an individual for another person’s CCTV record will be refused.
Subject Access Requests can be made by emailing the Secretary using bamford.rec@gmail.com.
Duty of trustees
All CIO trustees are required to be familiar with and act in accordance with this policy.