1. Introduction Purpose The purpose of this policy is to:



Similar documents
University of Birmingham. Closed Circuit Television (CCTV) Code of Practice

UNIVERSITY COLLEGE LONDON CCTV POLICY. Endorsed by the Security Working Group - 17 October 2012

University of Essex Automatic Number Plate Recognition (ANPR) Policy

Policy on Public and School Bus Closed Circuit Television Systems (CCTV)

Data Protection Policy

Self assessment tool. Using this tool

Corporate Policy and Procedure

Data Protection Policy

Buckinghamshire County Council Transport for Buckinghamshire ANPR Code of Practice

Corporate ICT & Data Management. Data Protection Policy

Protection. Code of Practice. of Personal Data RPC001147_EN_D_19

POLICY FOR USE OF CCTV SYSTEM AT BOW SCHOOL OF MATHS AND COMPUTING SCHOOL

Council Policy. Records & Information Management

Parliamentary Security Camera Policy

CCTV Cameras Policy. Policy Guidelines

SECURITY ENCRYPTION DATA PROTECTION. The Complete Guide to Body Worn Camera Data Protection BODY WORN CAMERA STORAGE

Contra Costa Community College District Business Procedure SECURITY CAMERA OPERATING PROCEDURE

Template for Automatic Number Plate Recognition (ANPR) Infrastructure Development Privacy Impact Assessment

MONMOUTHSHIRE COUNTY COUNCIL DATA PROTECTION POLICY

ROEHAMPTON UNIVERSITY DATA PROTECTION POLICY

Video surveillance policy (PUBLIC)

Protection. Code of Practice. of Personal Data RPC001147_EN_WB_L_1

SURVEILLANCE AND PRIVACY

University of London CCTV Policy UNIVERSITY OF LONDON CCTV POLICY. Academic Buildings, Libraries and Residences. Page 1 of 10

CCTV PROCEDURES To support Information Security Policy Framework

HERTSMERE BOROUGH COUNCIL

LONDON DOWNTOWN CLOSED CIRCUIT TELEVISION (CCTV) PROGRAM CODE OF PRACTICE CITY OF LONDON, ONTARIO

Closed Circuit Television (CCTV) code of practice. Based on the publication A Code of Practice for CCTV

Policy for Management of CCTV on Waste Operation Vehicles

DATA PROTECTION ACT 1998 COUNCIL POLICY

Dublin City University

Information Governance Framework. June 2015

University of Limerick Data Protection Compliance Regulations June 2015

CCTV CODE OF PRACTICE

Data Protection Policy

INFORMATION GOVERNANCE POLICY

Caedmon College Whitby

How To Protect Your Privacy In The Workplace

Data Protection Policy

Data Protection Breach Management Policy

Automatic Number Plate Recognition (ANPR) Systems

STFC Monitoring and Interception policy for Information & Communications Technology Systems and Services

DATA PROTECTION POLICY

Data Protection Policy

Data Protection Policy June 2014

Information Management and Security Policy

Human Resources and Data Protection

Data Protection Policy. Information Security Review Group. Version Date Author Notes on Revisions

Data Protection Policy

RECORDS MANAGEMENT POLICY

Surveillance Camera Code of Practice. June 2013

DATA PROTECTION AND DATA STORAGE POLICY

Data Protection Policy

Online Research and Investigation

2. Scope 2.1 This policy covers all the activities and processes of the University that uses personal information in whatever format.

DATA PROTECTION POLICY. Examples of personal data which TWM may require from clients include the following and for the reasons ascribed to each;

COUNCIL POLICY R180 RECORDS MANAGEMENT

Somerset County Council - Data Protection Policy - Final

Data Protection Procedures

INFORMATION GOVERNANCE STRATEGIC VISION, POLICY AND FRAMEWORK

Little Marlow Parish Council Registration Number for ICO Z

Data Protection Policy

SOUTHERN SLOPES COUNTY COUNCIL COMPUTER & INFORMATION TECHNOLOGY USE POLICY

COBAR SHIRE COUNCIL FILE:P5-90

The CPS incorporates RCPO. CPS Data Protection Policy

The Manitowoc Company, Inc.

How To Use A Surveillance Camera Safely

VEHICLE LOCATION SYSTEM POLICY. Version 0.2. Paul Robinson, Strategic Director, Richard Kniveton, Fleet and Depot Manager

Records Management Plan. April 2015

maintenance of CCTV surveillance systems code of practice

Scotland s Commissioner for Children and Young People Records Management Policy

EMMANUEL COLLEGE THE APPLICATION OF THE DATA PROTECTION ACT Contents

Falkirk Council Data Protection Guidelines

Islington ICT Physical Security of Information Policy A council-wide information technology policy. Version 0.7 June 2014

DATA PROTECTION POLICY

CCG: IG06: Records Management Policy and Strategy

VIDEO SURVEILLANCE GUIDELINES

A Mobile Phone and Camera Toolkit for Early Years Settings. Early Years Services April 2013 Version 1.0

Information Governance Policy

Data Security and Extranet

DATA PROTECTION POLICY

Final Version 1.0 December 2015

DATA PROTECTION AUDIT GUIDANCE

QUEENSLAND COUNTRY HEALTH FUND. privacy policy. Queensland Country Health Fund Ltd ABN better health cover shouldn t hurt

AlixPartners, LLP. General Data Protection Statement

West Midlands Police and Crime Commissioner Records Management Policy 1 Contents

Records Management. 1. Introduction. 2. Strategic Plan Desired Outcomes

UNIVERSITY OF SOUTHAMPTON DATA PROTECTION POLICY

PS 172 Protective Monitoring Policy

NETWORK SECURITY POLICY

INITIAL APPROVAL DATE INITIAL EFFECTIVE DATE

Access Control Policy

Privacy Policy Draft

INFORMATION SECURITY MANAGEMENT POLICY

Information Security Policy September 2009 Newman University IT Services. Information Security Policy

Human Resources Policy documents. Data Protection Policy

Security Systems Surveillance Policy

Corporate Information Security Policy

Policy and Procedure for approving, monitoring and reviewing personal data processing agreements

University of St Andrews Out of Hours Protocol Appendices: A- CCTV Code of Practice B- Service Level Statement

Transcription:

1. Introduction 1.1. Overview The use of Closed Circuit Television or Surveillance Cameras (collectively known as CCTV) that capture and process images of individuals, who can be identified from those images, must be operated in accordance with the Data Protection Act 1998 (DPA). Network Rail (NR) makes extensive use of CCTV throughout its railway network and infrastructure, office buildings, ROCs, depots and facilities and managed stations to safeguard staff, visitors, contractors and its premises. At times its use can be considered intrusive and impact on the privacy of individuals. With this being the case, we must ensure that the personal information we process via CCTV is obtained lawfully, used fairly, only retained when necessary, stored securely and not disclosed to unauthorised persons. 1.2. Purpose The purpose of this policy is to: 1.3. Scope ensure the processing of images via CCTV complies with the principles set out in the DPA, other relevant legislation and NR s Privacy and Data Protection Policy; regulate how NR operates, administers and uses CCTV; provide employees with an understanding of the purpose, management and operation of the CCTV by NR and their role in supporting this. This policy applies to all: all employees working for or on behalf of NR who operate CCTV on behalf of NR; third party service providers that process and operate CCTV on behalf of NR; This policy is for the benefit of: employees, contractors, visitors, members of the public and all other individuals whose image(s) may be captured by CCTV owned and/or operated by or on behalf of NR. This policy only covers the overt use of CCTV. NR does not undertake covert surveillance. 1.4. Legislative context Data Protection Act 1998 Freedom of Information Act 2000 Human Rights Act 1998 Health and Safety at Work Act 1974 Protection of Freedoms Act 2012 Air Navigation - The Orders 2009, CAP722 CCTV and Surveillance Camera Policy - Final v1.0 2

1.5. Definitions The following terms are used in this policy: Personal information (PI) in the context of CCTV is an image or other information/data from which a living individual can be identified where: the individual is the focus of the image; the image contains or shows significant information about that individual; the processing of the image affects the individual s privacy. Individual or data subject means a person who is the subject of the personal information; process or processing in the context of CCTV means actions carried out with the images such as collecting, streaming, monitoring, recording, storing, retrieving, viewing, holding, downloading, copying, disclosing, deleting, erasing or destroying images; CCTV and Surveillance Cameras encompasses but is not limited to traditional CCTV, Automatic Number Plate Recognition (ANPR), Body Worn Video Cameras (BWV),Unmanned Aerial Systems(UAS), Automatic Recognition Technologies (ART); Personal Information Owner means an individual or business area who initially collects or creates the personal information or is the primary user of the personal information; third party service provider means an independent external organisation that provides a service that processes CCTV images on behalf of NR; security means to protect the confidentiality, integrity and availability of personal information; 2. Policy statement privacy impact or privacy risk assessment means to identify, assess and manage the risks that may arise from the use of CCTV. NR is committed to complying with the DPA and other relevant privacy legislation. To support the above statement we will adhere to the following principles when operating CCTV in the course of running our business operations. We will: comply with the requirements of the DPA, the Information Commissioner's Code of Practice for Surveillance Camera and Personal Information and the Surveillance Camera Commissioner Surveillance Camera Code of Practice; ensure the use of CCTV is always for a specified purpose which is in pursuit of a legitimate aim and necessary to meet an identified pressing need; register the purposes and objectives of our use of CCTV with the Information Commissioner and only operate CCTV in the manner registered. NR has registered the following purposes: prevention and detection of crime; CCTV and Surveillance Camera Policy - Final v1.0 3

maintain the safety and security of NR properties and assets and for those individuals who make use of those properties and assets(i.e. employees, members of the public, tenants); gathering census data Level Crossing misuse undertake Privacy Impact Assessments prior to making use of CCTV in order to identify and manage any privacy risks associated with its use; plan, design and install CCTV that takes into consideration any approved operational, technical and competency standards relevant to the system and its purpose; only make use of CCTV in an overt manner. Cameras will be noticeably visible with clear information notices and signs placed at all entry routes to the areas covered to make staff, contractors, visitors and members of the public aware they are entering an area covered by CCTV; position cameras so that they only cover up to the boundaries of NR premises; no cameras will focus on any lineside neighbour s property, residential accommodation or areas within the NR buildings or facilities where there is an expectation of privacy; maintain and service CCTV to ensure that recorded images remain clear and accurately reflect the date and time of day so that footage can used evidentially; only retain images for legitimate business purposes, securely storing any images that are retained for evidential purposes, securely deleting them once their purpose(s) have been discharged; comply with all subject access requests made for CCTV footage and ensure that disclosures to third parties are only be made in accordance with the purpose(s) for which the CCTV is operating; ensure access to, transmission, viewing and storage of live or recorded images are appropriately secured and restricted with clearly defined rules on who can be gain access. document all requests for disclosures of footage and log the movement of all footage downloaded or removed for viewing purposes; provide appropriate training for all staff involved in the operation of CCTV; undertake regular reviews to ensure the use of CCTV remains justified; 3. Roles and responsibilities The Executive Committee are ultimately accountable for ensuring that NR meets its legal obligation under Data Protection legislation. The following roles have overall responsibility for CCTV operated within the NR estate: Route Managing Directors Managing Director, Property Director, Maintenance and Operations Services CCTV and Surveillance Camera Policy - Final v1.0 4

It is their responsibility, as the Personal Information Owners, to: designate a Responsible Officer/Appointed Person and delegate responsibility for the day-to-day operation of CCTV within their area of the business; maintain an up-to-date directory of those designated Responsible Officers/Appointed Person; maintain an up-to-date inventory of all CCTV installations within their area of the business; It is the responsibility of the Responsible Officer/Appointed Person to: manage the day-to-day operation of the CCTV along with their designated staff who actually operate the CCTV equipment and handle the data within their charge (including those services outsourced); maintain the security of and accountability for all data/images, equipment and media used by the system; maintain the operational integrity of the CCTV system with regular maintenance plan; maintain an access control list of the individuals authorised to view or download live, recorded or still images; process information requests from data subjects and third parties; provide training for staff designated to operate CCTV; It is the responsibility of Designated Staff who operate CCTV to: operate the system in accordance with requirements set out in this policy document, the CCTV Protocol and specific operational procedures; work to meet and maintain those standards to ensure that the system will give maximum effectiveness and efficiency for the purpose proposed ensure that their training is up to date; bring any faults or misuse of the CCTV system or equipment to the Responsible Officer s/appointed person s attention immediately; It is responsibility of the Data Protection Officer to: monitor adherence to the NR CCTV Policy and CCTV Protocol; Maintain this policy and the supporting CCTV Protocol Third party suppliers who process personal information on behalf of NR must comply with this policy. 4. Policy breach 4.1. Any action that is found to have breached this policy or any of its supporting procedures where the breach results in non-compliance with the law will be CCTV and Surveillance Camera Policy - Final v1.0 5

dealt with in accordance with NR s disciplinary procedures. This could lead to termination of employment for employees; termination of a contract in the case of service providers, consultants or temporary staff and expulsion in the case of a voluntary placement. 4.2. If a criminal offence is considered to have been committed further action may be taken to assist in the prosecution of the offender(s). 5. Policy compliance 5.1. Planned reviews will be undertaken as appropriate, by the Data Protection Officer to assess compliance to the policy. 5.2. In the event of not understanding the implications of this policy or how it may apply seek advice from your line manager or the Data Protection Officer. 6. Policy review and revision 6.1. This policy was approved by the Group General Counsel on 2 September 2015 and supersedes the previous CCTV Policy which was last updated on 7 January 2013. This policy will be reviewed on an annual basis. It will be amended in response to changes in managerial, operational or legal requirements. Every effort will be made to ensure that relevant individuals are made aware of those changes when they occur. 7. Supporting procedures and guidance 7.1. This policy is intended to act as a framework to support standards and promote compliance with the data protection. This policy should also be read in conjunction with the NR s Privacy and Data Protection Policy and the ICO s Surveillance Camera Code (2014). 7.2. Key policies, procedures and guidance relevant to this policy are listed below and can be found on Connect: CCTV Standard and Guidance (to be drafted) Directory of Responsible Officers Inventory of CCTV Installations Privacy and Data Protection Policy Code of practice for Surveillance Camera and Personal Information Information Security Policy Classification Standard Cyber Security Guide Retention Schedules CCTV and Surveillance Camera Policy - Final v1.0 6

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information