ST. CLOUD STATE UNIVERSITY INSTALLATION AND USE OF VIDEO SURVEILLANCE EQUIPMENT PROCEDURE. Purpose

Transcription

1 ST. CLOUD STATE UNIVERSITY INSTALLATION AND USE OF VIDEO SURVEILLANCE TYPE OF PROCEDURE: ADMINISTRATIVE EQUIPMENT PROCEDURE Title: Installation and Use of Video Surveillance Equipment Procedures Related Policy: Installation and Use of Video Surveillance Equipment Policy Procedure content: Purpose St. Cloud State University is committed to providing a safe environment for students, employees, visitors and guests. To achieve this outcome the University integrates the best practices of policing with technology through the implementation and maintenance of a comprehensive security plan. A comprehensive security plan incorporates the use of video surveillance technology to deter crime and to assist the Department of Safety and Security in the protection of university property and, when necessary, to gather evidence. Scope These procedures provide guidelines for the implementation of the Installation and Use of Video Surveillance Equipment Policy. These procedures apply to all students, faculty, staff, Schools and Departments within the University community. The goal of these procedures is to enhance the safety and security of the campus community, to provide protection to buildings and property and to document and ensure authorized use of controlled access points or alarms, while respecting the reasonable expectation of privacy among members of the community. Nothing in this procedure reduces or is intended to reduce the requirements of Minnesota State Colleges and Universities (MnSCU) Procedure , Acceptable Use of Computers and Information Technology Resources. Use of Video Surveillance Equipment Video surveillance equipment may be used on campus for one or more of the following purposes; to enhance safety and security, to provide protection to buildings and property, and to document activity and ensure authorized use of controlled access 1 P a g e

2 points or alarms. The availability of and allocation of resources in combination with circumstances or specific situations will determine when and if video surveillance equipment is monitored in real time, continuously, or otherwise. 1. Public Safety and Security Video surveillance equipment is used to assist in the protection and safety of the university community, its visitors and guests. Viewing and/or recording of video data of public spaces allows for the detection, assessment, and deterrence of unlawful behavior and student code of conduct violations. 2. Building and Property Protection Video surveillance equipment is used to assist in the protection of, persons, buildings, and property; valuable, hazardous, or sensitive information/materials from interference, damage, demolition, or theft. 3. Access Point and Security Verification Video surveillance equipment is used to document activity and ensure authorized access at controlled access points or alarms. Video Cameras (or web cams) for Marketing, Training, or General Observation Video cameras (or web cams) may be used for viewing and/or recording video images of public spaces for university marketing, employee training, or general observation; e.g., to enhance customer service. Prior authorization will be requested in writing to the Associate Vice President of Safety and Security. Authorization will be determined by the Associate Vice President of Safety and Security in collaboration with the Vice President for Finance and Administration, the Assistant Vice President of Communications and the data privacy compliance officer. Off-Campus Use (access) of Video Surveillance Equipment Certain employees may have a business need to access surveillance equipment data from a non-campus location. Any St. Cloud State University employee who has a business need to access surveillance equipment data must submit a written request for authorization. Authorization will be approved by the Associate Vice President for Safety and Security in collaboration with the Vice President for Finance and Administration. A record of approved off campus authorizations will be maintained by the Department of Safety and Security. 2 P a g e

3 Responsibilities for Off Campus Use Employees will comply with all relevant laws and policies, including but not limited to MnSCU Procedure , Acceptable Use of Computers and Information Technology Resources Only St. Cloud State University approved VPN (Virtual Private Network) connections may be used to access video surveillance equipment data. It is the responsibility of employees with VPN privileges to ensure that unauthorized users are not allowed access to St. Cloud State University internal networks or data. Employees authorized to access video surveillance data are prohibited from recording or manipulating data in any way. Use of VPN technology with personal equipment represents a de facto extension of St. Cloud State University s network. As such users personal equipment are subject to the same rules and regulations that apply to the University-owned equipment, i.e., their machines must be configured to comply with appropriate Security Policies including but not limited to a current operating system and current anti-virus software. Employees will be solely responsible for any Internet provider, equipment, and other costs and charges incurred in the process of using or accessing the video surveillance equipment data. General Principles A. Video surveillance equipment and its associated monitoring are used to protect the safety of persons and property of the University community, to deter crime, and to retrieve data about specific events or incidents. Purposes include, but are not limited to: Protection of individuals, including students, employees, visitors, and guests; Protection of University owned and/or operated property, and buildings, including building perimeters, entrances and exits, lobbies, elevators and corridors, receiving docks, special storage areas, laboratories, cashier locations, and other areas where surveillance is determined necessary to achieve compliance with the scope of the Installation and Use of Video Surveillance Equipment Policy; 3 P a g e

4 Verification of alarms and access control systems; Patrol of common areas and areas accessible to the public, including transit stops, parking lots, public streets, pedestrian walks; and fire exits; Investigation of alleged criminal activity, student code of conduct violations, disciplinary activity, such as, sabotage of research projects, vandalism, theft, and similar incidents. Any diversion of, or use of video surveillance equipment or security technologies for purposes other than those defined in the Installation and Use of Video Surveillance Equipment Policy or Procedures is prohibited. B. Information Technology Services will coordinate the purchase and support of all video surveillance equipment including; hardware, software data storage and outside vendor service contracts. C. The Department of Safety and Security will manage the placement, installation, function and operation of video surveillance equipment as part of a comprehensive campus safety and security plan. A comprehensive campus safety and security plan is developed in collaboration with the appropriate campus constituents. D. Video surveillance and monitoring will be conducted in a manner consistent with University policies and in compliance with relevant professional, ethical and legal standards, including Non-Discrimination, and Sexual Harassment. Selection of subjects for surveillance and monitoring activities based on the characteristics and classifications contained in the Non-Discrimination Policy (e.g., race, gender, sexual orientation, national origin, disability, etc.) are strictly prohibited. E. All personnel involved in monitoring or control of video surveillance equipment and data will be trained and supervised. Training will include review and confirmation of understanding of SCSU s Video Surveillance Protocol (see below) and appropriate policies, procedures, professional, ethical and legal standards. 4 P a g e

5 Violations of professional, ethical, and legal standards or SCSU s surveillance procedures protocol may result in disciplinary action consistent with the rules and regulations governing university employees. F. Use of video surveillance and monitoring will not violate the reasonable expectation of privacy. A reasonable expectation of privacy exists for students in their personal residential rooms/apartments. Surveillance and monitoring for safety and security purposes will not be routinely used in residential hallways and lounges. When a specific safety or security risk has been determined to exist by the Associate Vice President for Safety and Security, in consultation with the Director of Residential Life, surveillance equipment will be utilized in hallways and lounge areas. Surveillance and monitoring of residential rooms shared by more than one resident or apartment common areas is not permitted under the policy without authorization from all residents of the subject apartment or room. G. The existence of the Installation and Use of Video Surveillance Equipment Policy and Procedure does not imply or guarantee that video surveillance equipment will be constantly monitored in real time. H. All existing uses of video surveillance equipment will be brought in to compliance with the Installation and Use of Video Surveillance Equipment Policy and Procedures within twelve (12) months of the approval of the policy. All departments with existing equipment will work with Information Technology Services to integrate their CCTV systems with University standard. All departments with existing video surveillance equipment will provide a written plan to Information Technology Services and The Department of Safety and Security within six (6) months of policy approval. All departments with existing video surveillance equipment who are not in compliance twelve (12) months after policy approval will be required to discontinue video surveillance equipment use until compliance is achieved. 5 P a g e

6 I. One year following the adoption of the Installation and Use of Video Surveillance Equipment Policy and Procedure, the Associate Vice President for Safety and Security shall assemble a representative user group to review the implementation of the policy and procedure and develop recommendations for revision. If policy and procedure revision is needed a revised draft will be provided to the Vice President of Finance and Administration in accordance with the university policy revision process. General Responsibilities A. All University areas using or intending to use video surveillance equipment are responsible for compliance with the Installation and Use of Video Surveillance Equipment Policy and Procedures, including SCSU s Video Surveillance Protocol. B. SCSU s Video Surveillance Protocol is in addition to applicable Federal, State, Local and University Policies related to video surveillance. C. Information Technology Services and the Department of Safety and Security are responsible for reviewing video surveillance equipment operations, including recording, storage, monitoring, access, and retention. D. Decision by the Associate Vice President for Safety and Security regarding video surveillance equipment may be appealed to the Vice President of Finance and Administration. The Vice President of Finance and Administration will review available information and render a decision. Responsibility and Authority It is everyone s responsibility to share concerns and raise awareness of safety and security issues to contribute to the creation of a safe and secure community. It is the responsibility of all administrators and department heads, and SCSU Department of Safety and Security, to make recommendations about the level of security required on campus. Decisions to install video surveillance equipment as a component of a comprehensive safety and security plan may be reached through consultation and deliberation with certain individuals and groups. Department of Safety and Security 6 P a g e

7 The Department of Safety and Security, in consultation with the Vice President for Finance and Administration, has authority to oversee the use of video surveillance equipment and its monitoring as part of a comprehensive safety and security plan. The Associate Vice President for Safety and Security, or designee, is responsible for authorization of all video surveillance equipment use and monitoring. This includes any temporary installation deemed necessary in connection with criminal investigation, enhanced security for special events or as otherwise deemed necessary to protect the safety and security of the university. The Department of Safety and Security will work in consultation and collaboration with Information Technology Services to achieve video surveillance equipment goals. The Department of Safety and Security is actively involved in an advisory and advocacy role in all projects which either have or use video surveillance equipment. The Department of Safety and Security will assist the office/department/group in preparing a request for video surveillance equipment installation and use, or video surveillance equipment removal. The Department of Safety and Security will maintain a list of all video surveillance equipment deployed throughout campus and will, with the designated surveillance equipment contacts, monitor system operability for all video surveillance equipment on campus. The Department of Safety and Security will coordinate any necessary interfaces to the security system and local vendors with the support of Information Technology Services. Requesting Office/Department/Group An office/department/group requesting to install video surveillance equipment must prepare an application for video surveillance equipment installation and use. The requesting office/department/group is responsible for ensuring that all video surveillance equipment installed is assigned to a designated surveillance equipment contact. The requesting office/department/group is responsible for lifecycle funding for video surveillance equipment and for compliance with established standards. Surveillance Equipment Contact 7 P a g e

8 The surveillance equipment contact is an individual designated by the head of the requesting department who has duties within the department related to surveillance equipment management. The surveillance equipment contact is the custodian of the assigned video surveillance equipment. The surveillance equipment contact is specifically responsible for proper operation of video surveillance equipment and ensuring lawful and sound use as standards and policies are revised and changed. The surveillance equipment contact will be a departmental liaison with the Department of Safety and Security and Information Technology Services and a representative on the video surveillance user group. Role of the Vice President The vice president of the requesting unit has the authority to approve or deny installation and use of video surveillance equipment. The vice president will be included in the development of a proposal for installation of video surveillance equipment Role of Information Technology Services Information Technology Services will support the development of system design, operating standards, replacement cycles, system maintenance, and procurement of equipment. Information Technology Services will determine and allocate the necessary data storage required for video surveillance equipment and compliance with storage and retention schedules. Information Technology Services will identify necessary back up criteria and disposal schedules. Information Technology Services are responsible for developing and maintaining standards for the operation of video surveillance equipment open to public web browsers for both on and off campus use. Video surveillance feeds including data and images that are available via public web browser will be neither monitored nor archived under normal operations. Release of Data Data obtained through use of video surveillance equipment will only be released when approved by the Associate Vice President for Safety and Security in collaboration with the Vice President of Finance and Administration and the data privacy compliance officer. 8 P a g e

9 Requests for release of data obtained through use of video surveillance equipment Must be received in writing. Must identify the entity/person/campus office/department/outside agency making the request. Must specify the purpose of the request and the manner in which the data is intended to be used. Must provide justification for release of data and support (as needed). The Department of Safety and Security will log and keep a record of data release requests and outcomes. Prior to release of data the Department of Safety and Security may be required to obscure the images of incidental or non-subject persons captured in surveillance video in compliance with data privacy. All warrants received for video surveillance data from outside law enforcement agencies will be referred to the Associate Vice President for Safety and Security. The Associate Vice President for Safety and Security, or designee in consultation with the Special Advisor to the President will comply with warrants received from outside law enforcement agencies. A copy of the warrant will be retained and forwarded to legal counsel. Subpoenas received for release of information will be referred to legal counsel. When legal counsel approves release of subpoenaed information the Associate Vice President of Safety and Security, in consultation with the Special Advisor to the President, will be responsible for providing the require information. St. Cloud State University is committed to the protection of data and compliance with government data privacy act regulations. SCSU s Video Surveillance Protocol 1. All operators and supervisors working with video surveillance equipment will perform their duties in accordance with the Installation and Use of Video Surveillance Equipment Policy and Procedures. 2. The Department of Safety and Security will limit video surveillance equipment positions and views of residential housing in compliance with the Installation and Use of Video Surveillance Equipment Policy and the reasonable expectation of privacy. 9 P a g e

10 3. Surveillance monitoring centers will be configured to prevent video surveillance equipment operators tampering with or duplicating recorded information. 4. Recordings will be retained in a secure location with access by authorized personnel only. 5. Recordings may be retained for a period not to exceed 30 days and will then be erased, unless retained as part of a criminal investigation or court proceedings (criminal or civil), or other bona fide use as approved by the Associate Vice President for Safety and 6. Video surveillance equipment operators who view recordings must do so in the presence of a supervisor to maintain the integrity of the recording. 7. Video surveillance equipment operators will be trained in the technical, legal and ethical parameters of appropriate use. Video surveillance equipment operators will receive a copy of the Installation and Use of Video Surveillance Equipment Policy and Procedures, including the SCSU surveillance procedures Code of Conduct and provide written acknowledgement that they have read and understood its contents. 8. Video surveillance equipment operators will not select subjects to monitor based on characteristics of race, gender, ethnicity, sexual orientation, disability, or other classifications protected by Non-Discrimination Policy. Video surveillance equipment operators will monitor based on suspicious behavior, not individual characteristics. 9. Video surveillance equipment operators will not view private rooms or areas through windows. 10. Video surveillance equipment operators will operate equipment in a manner consistent with the intent of the Installation and Use of Video Surveillance Equipment Policy. Video surveillance equipment will be used: to enhance security; to detect, asses and deter unlawful behavior and student code of conduct violations; to protect person, buildings and property; and to monitor and ensure authorized access at controlled access points and alarms. Any operation or use that falls outside of these parameters is expressly prohibited. 11. Portable hidden cameras, with or without recording equipment, will only be used for law enforcement purposes and with the knowledge and approval of the Associate Vice President of Safety and Security. Procedure Owner: Vice President of Finance and Administration Procedure Contact: Associate Vice President of Safety and Security 10 P a g e

11 Other Documents: Minnesota State Colleges and Universities (MnSCU) Procedure , Acceptable Use of Computers and Information Technology Resources. Effective Date: Enter effective date here. 11 P a g e