Privacy Impact Assessment: Additional ANPR deployment in Bristol.

Transcription

1 Privacy Impact Assessment: Additional ANPR deployment in Bristol. Executive Summary Bristol City Council, in partnership with Avon and Somerset Constabulary, is intending to install automatic number plate recognition (ANPR) cameras across the city of Bristol to capture vehicle movements on key routes through the identification of the vehicle registration mark (VRM) of individual vehicles. The Council will use these cameras to inform its traffic modelling activities and for real-time and historic journey time information through its existing UTMC system. ASP will separately use the ANPR data for crime prevention and investigation purposes. The purpose of this document is to consider the police use of this equipment and does not necessarily reference or interact with the work of the City council. This project is an excellent example of partnership working in order to maximise the benefits of technology and to share the costs from the public purse. The issues of access and use between the partner agencies will be described and managed through a memorandum of understanding or similar type of document; which will be agreed, signed and in place before the cameras go into operation.. In common with other police forces, the Constabulary is committed to operating this technology in an effective way in order to improve both proactive and reactive operations into the disruption, prevention and detection of serious acquisitive, volume and organised crime, public events and major incidents; at a local, cross border, regional and national level. However, it is recognised that a pressing social need still has to be present when considering the deployment of such cameras. The concept of a pressing social need has been used by the ECHR as a basis for assessing whether or not an interference with a qualified right is necessary in a democratic society. Significant consideration has been given to article 8 of the HRA. Article 8 is a qualified right, so in certain circumstances public authorities can interfere with the private life of an individuals if there is a pressing social need for doing so. The constabulary already has access to both fixed and mobile ANPR technology within the greater Bristol area and so initially this project simply replaces some of the existing fixed cameras and adds the equivalent of the same number again in Phase 1. (49 cameras over 14 sites) Over the following two phases, an additional 18 cameras (12 sites) will be added, bringing the total up to 75. The existing 24 capable cameras will no longer used for Police ANPR purposes and revert back to council CCTV monitoring only.. Although this is a significant increase in number the use of ANPR cameras in Bristol has been in place for several years and so it is considered that this additional deployment will only create moderate interference and will be proportionate in terms of the nature, size and geography of the city.

2 Selection of the sites: The sites for ANPR equipment were determined using analysis of a number of key factors, such as; the volume of traffic using the road, whether the road is an arterial route, whether it crosses policing districts, the proximity to crime and criminality hotspots and the levels and patterns of vehicle crime. It also recognised that Bristol is the regular home of several internationally famous events, for example the St Pauls Carnival, the Bristol Balloon Festival and the Bristol Harbour Festival. Such large scale events create their own unique challenges but will all involve large influxes of people and vehicles into, across and out of the city and therefore the availability of a wider spread of properly located ANPR cameras will be invaluable to maintain public safety and to prevent and/or detect potential offences. Some examples of the data which support the policing use of an extended ANPR infrastructure are: Over 2250 crimes committed during 2013/14 have a suspect vehicle linked. This is where the full registration of the vehicle is known and does not include all those offences where a vehicle has been described only (i.e. a large under-estimate). The largest proportions of offences that are linked to a vehicle are volume crimes and include: Making Off Without Payment (14%); Theft from Shops and Stalls (11%); Fraud and Forgery (8%); Possession of Cannabis (8%) and Theft (when not classified elsewhere) (7.7%). Almost without exception, organised criminals in the city use vehicles in the commissioning of their crimes (human trafficking, drugs supply, drug cultivation and extortion). Between 01/01/14 and 31/03/14, 36 IMPACT nominals were linked to the use of a vehicle. These were used to commit 66 crimes within Bristol and across the force. Over half of these (51%) offences involved Theft from Shops and Stalls. Last year, 173 Bristol IMPACT nominals were linked as suspects to 564 crimes committed outside Bristol, including theft from shops (247), TFMV (78), dwelling burglary (65), Theft (when not classified elsewhere) (33) and Burglary in a building other than in a dwelling (26). Where vehicles have been stolen, only around half are subsequently recovered (287 recovered of 554 stolen in Bristol in 2013/14). For phase 1 the analysis identified 14 locations across the central Bristol road network. Each location will have multiple ANPR cameras in use (49 in all). Phases 2 and 3 will see these sites expanded to further locations across the greater Bristol area. These are all overt camera sites and as such appropriate road signage will be in place and each site will be specifically referenced on both the Council and Constabulary web-sites, including the public contact details.

3 Basic Operation Each camera provides a close-up view (CUV) of the selected traffic lane to specifically target the VRM. Infrared illumination is also provided to enhance the VRM capture capability. The ANPR data will then effectively be split into 2 halves: Bristol City Council will use their data for journey time analysis and ultimately traffic control, Avon and Somerset Constabulary will switch directly into Police HQ ANPR back office facility to be used for the purposes of crime detection and prevention. The cameras themselves are fixed in one location and cannot be remotely moved. As well as information being available in real time to officers in any appropriately equipped police vehicles, all ANPR data is constantly monitored by the police via a dedicated consul within the Constabulary Command and Control operation thus providing officers with live time information and identification of hits from the police hotlist database. Why use ANPR? In broad terms the value of ANPR is to: Increase public confidence and reassurance Reduce Crime and Terrorism Increase the detection of offences Reduce Road traffic causalities Make more efficient use of police resources The technology has been proven to be effective over a number of years and provides the capability for proactive and reactive policing from its use. How will success be measured? The Home Office guidance includes a requirement to monitor the ongoing validity of ANPR sites and as such an annual review process will be put into place. Consultation: Is there a need for a Privacy Impact assessment? ANPR captures vehicle registration numbers and this represents a level of intrusion upon the privacy of road users. The Home Office Guidance (Procedure for the Development and Review of ANPR Infrastructure 2013) does not specifically mandate a requirement for a PIA in this case (because the force s network of ANPR camera is already in place). However, due to the significant rise in numbers it was felt that such a document would be appropriate. See attached screening and assessment material (Appendix A C ). Appendix A

4 Privacy Impact Assessment overview 1 Will the project involve the collection of new information about individuals? No The only difference is that Vehicle Registration Marks (VRM) will be obtained from more locations than previously monitored by ANPR. 2 Will individuals have a choice about whether their vehicle details are recorded on ANPR or not? No - The collection of VRM is automatic at the locations when an individual drives a vehicle at the new locations. The technology captures the movement of vehicles and not of the individual drivers or passengers. 3 Will information about individuals be disclosed to organisations or people who have not previously had routine access to the information? No - Whilst information from new locations may be disclosed it will only be for a policing purpose or where otherwise required for a lawful purpose e.g. to another prosecuting agency. Disclosures of data are managed through force and national policy/procedural guidance. 4 Are you using information about individuals for a purpose it is not currently used for, or in a way it is not currently used? No - The new ANPR infrastructure will provide ANPR data for the same purposes as for the data already obtained from ANPR systems. The increase in the number of the sites will not alter the way in which it is used. 5 Does the project involve you using new technology that might be perceived as being privacy intrusive? For example biometrics or facial recognition. No - ANPR is not new technology however the development of new locations increases the ability for monitoring of vehicle movements and therefore although not new technology the provision of increased capability could be perceived as being potentially privacy intrusive. 6 Will the project result in you making decisions or taking action against individuals in ways that can have a significant impact on them? Yes -The purpose of the proposed development of infrastructure is in order to detect, deter, and disrupt criminality and therefore impact significantly on those involved in such activity. It will not impact on other member of the community. 7 Will the project require you to contact individuals in ways that they may find intrusive? No - There is no specific requirement to contact individuals as a result of the collection of ANPR data, other than where appropriate for a policing purpose e.g. in order to support an investigation. Appendix B

5 Screening assessment Part 1 Assessment of Strategic Privacy risks RISK DESCRIPTION Have the project s privacy impacts been identified? Is there an appreciation of those impacts from the perspectives of all stakeholders? CONSIDERATIONS & MITIGATION Yes. It is fully acknowledged that ANPR has expanded significantly in recent years and that some groups / citizens encourage greater public debate and knowledge about its use. The general privacy related impacts of ANPR deployment include issues such as the numbers of cameras, their position, whether they are temporary / permanent fixtures, how they capture data and finally, what happens to that data. The extension of ANPR in the greater Bristol area will only be used in accordance with the law and the specific privacy related impacts have been identified but are mitigated as set out below. Although data is available to other police forces via the National ANPR Data Centre (NADC), compliance with data protection law and national guidelines (NADC rules) are important factors which underpin the use of ANPR. Strict rules, both locally and nationally are already in operation to manage this. It is recognised that for some, the deployment of ANPR impacts on their privacy and their trust & confidence in the police & the wider state. The public has a right to challenge whether collection of data in this way is really necessary / proportionate. However ANPR already operates in Bristol through fixed and mobile cameras and therefore this is not a new concept. This project is to enhance its capacity and capability in order to maximise the policing benefits for the communities that we serve. Has there been identification and assessment of less privacy-invasive alternatives? The analysis undertaken to identify the sites did so to meet particular needs and as such the same or even similar results can not realistically be expected by the use of other types of systems. The unique nature of ANPR technology and the links between vehicles and crime make it an ideal tool for the required purpose.

6 Has there been an identification of ways in which negative impacts on privacy can be lessened / avoided? Where negative impacts on privacy are unavoidable, is there clarity as to the business need that justifies them? That Personal Data is held on Police Databases and reassurance is required that data is properly managed to limit collateral intrusions to innocent persons privacy. The locations have been identified following specific analysis and therefore broader impact has been reduced i.e. they are being sited because they meet a number of criteria. Data collected from ANPR cameras is not accessible to any other parties other than other authorised law enforcement agencies where the information is required for a lawful purpose. The Back Office Facility (BOF) automatically manages data retention and material is removed from the server at key weed points. Most users can only access 90 days-worth of data. Whilst the BOF holds records for 2 years, only specially authorised staff can access that data and it must be for authorised purposes. The material is subject of controlled access and is not available to all personnel and requests are subject to an audit trail. The Constabulary security vets staff who are employed as police officers and police staff and the Professional Standards Department can audit use of the system to minimise changes of abuse of access to the system. It is the case that a large amount of data is collected and stored. The data is not paired with other information at that point beyond the vehicle number plate and vehicle overview. Personal information is only paired with information that becomes personally identifiable at the point of authorised staff instigating an interest. This requires an approval processes with an audit trail. The data is not the subject of automated scanning or reading and the vast majority of the data will not be viewed and therefore does not routinely intrude on an individual s privacy. The data collected can enable post event investigative evidence gathering and creates the ability to live-react to data at hotspot locations. The gain from having a dataset to view and pick out solely crime related data is significant in delivering an effective policing response which is in accordance with law and necessary to contribute to protecting national security, public safety; preventing crime and to protect the rights and freedoms of others.

7 The Vehicles of Interest List Data. Are the requests for vehicles to be on the hotlist up to date and relevant? Strict rules mean only relevant officers and staff may identify a particular vehicle which is suspected or known as being linked to crime and enter that vehicle and the driver details on to the Vehicles of Interest List. Vehicles on the List will trigger an activation when passing an ANPR camera and in theory cause Police Officers to look for / stop that vehicle. The force has a robust system which limits who and how a vehicle can be placed on the Vehicles of Interest List. Vehicles can only remain on the List by default for 90 days to ensure that in the absence of a response or hit, the vehicle cannot stagnate on a list. Access to the data is robustly controlled. Staff Misusing or Over Accessing the Data Misuse of Police Information constitutes serious misconduct and is robustly dealt with should it ever happen. Auditing systems are in place to deter any such wrong doing and to identify it, should it happen. The force has a proactive capability to review staff s use of systems and flag inappropriate or incorrect use. Wider examples of proactivity and swift action against corruption and inappropriate behaviour exist in the Constabulary.

8 Appendix C Screening Assessment Part 2 Record of Privacy Impact Assessment (PIA) Process PIA SCREENING QUESTIONS Technology Does the project involve new or inherently privacy-invasive technologies? Justification Is the justification for the new datahandling unclear or unpublished? Identity Does the project involve an additional use of an existing identifier? COMMENTS While there is some limited level of intrusion, ANPR technology has been used by Police forces and indeed, the private sector, for many years. The cameras capture number plates ensuring a relatively low level of intrusion of individual privacy providing the location of cameras is proportionate. ANPR already operate within the greater Bristol area but by the Police and by others e.g. large retail outlets. Analysis has been completed to identify and support the justification of this technology. Although the numbers of cameras are increasing the use of ANPR within the city is already established and therefore at a strategic level this is not new processing. As previously mentioned the details will be available on both the City Council and Police websites. The locations are supported by analysis; the type and scope of the camera (unable to be remotely moved and so on) also mitigate any negative impact. The project is comparable with many similar sized cities throughout the UK. Does the project involve use of a new identifier for multiple purposes? No - The cameras are for ANPR use only and capture only vehicle number plates and vehicle overviews albeit each organisation will use the raw data feed for differing purposes.

9 Data Does the project involve new or significantly changed handling of personal data that is of particular concern to individuals? Does the project involve new or significantly changed handling of a considerable amount of personal data about each individual in the database? Does the project involve new or significantly changed handling of personal data about a large number of individuals? Does the project involve new or significantly changed consolidation, interlinking, cross-referencing or matching of personal data from multiple sources? Will the project result in the handling of a significant amount of new data about each person, or significant change in existing data-holdings? Will the project result in the handling of new data about a significant number of people or a significant change in the population coverage? Does the project involve new linkage of personal data with data in other collections, or significant change in data linkages? Only data required for a legitimate policing purpose is used. It takes into account the effect on individuals and their privacy which is aligned with current working practices for the management of ANPR data, including access to data, weeding and retention periods. No. The only data obtained is the vehicle number plate. This is cross matched with number plates on the police vehicle of interest databases with action only being taken when there is a match. No changes to handling of data. No. Only those of police interest are managed further. All sit within current national guidance for the handling and management of ANPR data and the DPA. Back office ANPR functions remain unchanged with clear policies and procedures in place to manage ANPR data. It is anticipated that if there are increased vehicle number plates being read there will be an increase in vehicles of interest being managed. No. The only new data handled will be that of vehicle number plates as they pass through. Further policing checks will only be carried out with those vehicles identified as of policing interest through recognition against a police hotlist or marker. There increased data held will be managed within the strict data retention policy in place locally and nationally. Vehicle number plates will be captured within coverage of the camera. The general population will have their vehicle plates read but only those of police interest will have any further action taken. Data collection and handling fits in with current guidelines and working practices managed by clear and transparent policies and procedure. The data remains in the format it is collected unless police personnel make an enquiry about it for a specific purpose. with access to data strictly controlled by the data owner and supported by force policy and procedure. Other police forces can make a request for data held but only if authorised and demonstrated to be necessary. Such requests are auditable

10 and governed by strict National ANPR Database (NADC) rule Data Handling Does the project involve new or changed data quality assurance processes and standards that may be unclear or unsatisfactory? All data retention, access and weeding is covered by clear and regularly reviewed policy and procedure. These policies are available to all staff involved in the process. Policies and procedures are drafted in line with national protocols, which are public documents. Does the project involve new or changed data security arrangements that may be unclear or unsatisfactory? No. There is no variation to data security arrangements. Data security is managed by policy and procedures are reference above, with are drafted in line with national protocol Does the project involve new or changed data access or disclosure arrangements that may be unclear or permissive? Does the project involve new or changed data retention arrangements that may be unclear or extensive? Exemptions and Exceptions Will the project give rise to new or changed data-handling that is in any way exempt from legislative privacy protections? Does the project relate to data processing which is in any way exempt from legislative privacy protections? This project is in-line with current processes that are regularly reviewed. There is full compliance with national guidance. The retention periods were put in place by the Association of Chief Police Officers (ACPO) following discussions with the ICO. No change to current legislation, policy and procedure. Due consideration is given to the ECHR. All data processing complies with the Managing of Police Information (MOPI) principles and the Data protection Act, with national / force policies and procedures in place to manage risk around use of personal data. Does the project's justification include significant contributions to public security measures? The project contributes to the policing purpose of protecting the public, preventing and detecting crime and public reassurance / confidence. The use of ANPR provides support to the resolution of local, regional and national issues.

11 Does the project involve systematic disclosure of personal data to, or access by third parties that are not subject to comparable privacy regulation? Data is only used for a legitimate policing purpose by employees of the Constabulary,