Upload
others
View
2
Download
0
Embed Size (px)
Citation preview
Issue 1.1 – Aug 16
CCTV Code of Practice
and Body Worn Video
Standard Operating Procedures
Issue 1.1 – August 2016
Issue 1.1 – Aug 16
Contents
Section Contents Paragraph Introduction 1 Definitions 2
Scope
3 Ownership and Operation
4
Principles
5 Purpose of the CCTV and BWV Systems.
6
System details
CCTV 7 Body worn video 7.1
Staff 8 Installation and Signage.
9
Access to Information
10 Primary request to view data
10.1
Third parties
10.2 Breaches of the Code and Complaints.
11
Public Information. 12 Major incidents 13
Privacy and Disclosure 13 APPENDIX A
Section Sub Section Paragraph(s) Introduction 1-3 Equipment
Booking in and out procedure 4-7 Carriage 8 Recording an incident 9-10 Verbal Statements 11-14 Written Records 15-16
Operational Procedure Audit Trail 17 Disciplinary Footage 18 Evidential Footage 19 Non Evidential Footage 20 Creation of Copies 21 Viewing of Footage 22 Fault Reporting 23
Conclusion 24
Issue 1.1 – Aug 16
Code of Practice 1. Introduction
This Code of Practice aims to ensure that all CCTV systems installed and operated by the University of South Wales comply with the law and that the scope, purpose and use of the systems are clearly defined. 2. Definitions For the purpose of the Code of Practice the following definitions will apply: • University
The University of South Wales • CCTV
Closed Circuit Television System
BWV Body Worn Video (See appendix A)
• Security University of South Wales Security Section as part of the Estates & Facilities Department
• Data Controller The University of South Wales
Systems Operator Security Manager or his Deputy
Systems Users Security Staff authorized & licensed to use the CCTV Systems owned by the University
3. Scope This code of practice is binding on all employees and students of the University of South Wales, all employees of contracted out services and applies to all other persons who may and for whatever reason be present on the University of South Wales property. 4. Ownership and Operation The CCTV and BWV systems are operated by the Security Services Department whose personnel are either employed directly by the University of South Wales or contracted in via an external security company. The CCTV and BWV systems, all recorded material and copyright is owned by the University of South Wales. Processing of University data for non-approved purposes is strictly forbidden and such a breach could lead to the individual being personally prosecuted. For digital recording systems, CCTV and recorded images held on the hard drive of a PC or server will be overwritten on a recycling basis once the drive is full, and in any event, will not be held for more than 31 days. Images stored on removable media such as memory cards and CDs will be erased or destroyed once the purpose of the recording is no longer relevant. Footage recorded on the BWV will be downloaded on to a securely encrypted device prior to the end of each shift and will not be held for more than 31 days unless a request is received to the contrary. Once downloaded the recording held on the BWV will be deleted.
Issue 1.1 – Aug 16
5. Principles The following principles will govern the operation of CCTV systems. • The CCTV and BWV systems will be operated fairly and lawfully and only for the purposes
authorised by the University of South Wales. • The CCTV and BWV systems will be operated with due regard for privacy of the individual. • Any changes to the purposes for which the CCTV and BWV systems are operated will require the
prior approval of the Director of Estates and Facilities and will be publicised in advance.
6. Purpose of the CCTV and BWV Systems.
The systems are intended to provide an increased level of security in the University environment for the benefit of those who study, work, live in or visit the campus. Systems will be used to respond to the following key objectives, which will be subject to annual assessment. • To detect, prevent or reduce the incidence of crime • To prevent and respond effectively to all forms of harassment and public disorder, • To improve communications and the operational response of security patrols in and around the
areas where CCTV operates, • To create a safer community, • To gather evidence by a fair and accountable method, • To provide emergency services assistance, • To assist with health & safety.
Where during its normal operation CCTV captures images of persons committing acts of an illegal nature or acts that are in breach of the University’s Regulations or Policies footage may be used for evidential purposes. 7. System details CCTV The static CCTV systems consist of overt colour cameras situated on University property, which continuously record activities in that area. The car parking barrier systems contain a covert camera system that are not recorded. The main control room is staffed 24-hours a day by qualified and Security Industry Authority (SIA) licensed staff working in shifts. BWV The Body Worn Video The University has use of Body Worn Videos, which would be available to members of the Security Team. In addition to capturing colour footage, the BWV also captures audio through the microphone. Following use, footage and audio can be downloaded from the equipment. 8. Maintenance CCTV systems will be maintained appropriately to ensure that the equipment is fit for purpose and in a good working order. The University will ensure that the system operates properly and that all images recorded are of the appropriate quality and that any other data collected such as date/time are correct.
Issue 1.1 – Aug 16
9. Staff
All staff using CCTV in the main control room will be aware of the sensitivity of handling CCTV images and staff will have an understanding of the requirements of the Data Protection Act 1998.
The use of mobile phones or recording devices are prohibited within the CCTV Control Centre.
Staff operating the system will undertake biannual training in respect of monitoring and data protection.
All staff operating the system are to be SIA CCTV trained with a valid licence and be vetted to BS:7858
A copy of this policy will be available for staff in the control room at all times for reference.
10. Installation and Signage.
Fixed CCTV Cameras shall be installed in such a manner as not to overlook private domestic areas. Cameras shall not be hidden from view and signs will be prominently displayed in the locality of the cameras.
Where BWV is used, clear signage must be displayed on an individual’s uniform to show that recording is taking place and that it includes audio recording. Additionally, when the decision is taken to record, the operator will give a clear warning as the recording of images commences to inform those in the area that they are doing so. 11. Use of BWV
BWV by its very nature is likely to be more intrusive than CCTV owing to its mobility and its ability to record audio. In view of the perceived intrusion, there is a requirement to ensure that its use is proportionate and justifiable and must only be activated where security staff are in a situation where they are subject to, or feel that they are likely to be subject to, verbal or physical abuse.
12. Access to Information
The Freedom of Information Act 2000 and the Data Protection Act 1998 will be adhered to in respect of requests for CCTV footage. Any request for disclosure of information must be submitted in writing to the Information Compliance Manager. Requests for information by the Police and other authorities should be accompanied by the relevant Data Protection form duly signed by the appropriate authority. Non-urgent requests should be submitted to the Information Compliance Manager who will liaise with the third party and the Gatehouse for the information. Urgent requests outside of the regular office hours will be dealt with by security staff and copies of forms should be forwarded to the Information Compliance Manager for recording purposes. Access to the monitoring and recording facility will be prohibited except for lawful, proper and
Issue 1.1 – Aug 16
sufficient reasons (e.g. official visits from law enforcement or inspection agencies, security staff and senior management) and only then with the personal authority (verbal or written) of the Head of Security or deputy. Any such visits will be conducted and recorded in accordance with the procedural manual. Any other personnel admitted to the control room, such as engineers effecting repairs or cleaning staff must be authorised by the Head of Security or deputy (verbally or in writing) and must be supervised at all times whilst they are in the control room.
Regardless of their status, all visitors to the control room will be required to sign the visitor’s book and a declaration of confidentiality.
Primary requests (i.e. those from law enforcement agencies) to view data generated by the CCTV systems are likely to be made by third parties for any one or more of the following purposes:
Providing evidence in criminal proceedings (Police and Criminal Evidence Act 1984, Criminal Procedures & Investigations Act 1996),
Providing evidence for civil proceedings or tribunals,
The investigation and detection of crime,
Identification of witnesses.
Third parties which should be required to show adequate grounds for disclosure of data within the above criteria, may include, but are not limited to:
Police,
Statutory authorities with powers to prosecute,
Solicitors,
Plaintiffs in civil proceedings,
Accused persons or defendants in criminal proceedings
Upon receipt of a bona fide request to verify the existence of relevant data the Information Compliance Manager will contact the Head of Security or deputy who will ensure:
No undue obstruction of any third party investigation to verify existence of data,
The retention of data which may be relevant to a request,
That there is no connection with any existing data held by the police in connection with the same investigation.
The Data Protection Act 1998 provides data subjects (individuals who are subject of the personal data) with the right to access personal information about themselves, this would also include images captured on CCTV. Such requests will be handled in line with University guidance. Unlike data subjects, third parties would not necessarily have a right to receive copies of footage where they do not feature. In dealing with such requests consideration will be given to legal obligations to which the University is subject such as the Data Protection Act 1998 and Human Rights Act 1998.
13. Breaches of the Code and Complaints.
Any complaint concerning misuse of the system will be treated seriously and investigated by the Head of the Security Department or deputy with advice from the Information Compliance Manager as appropriate.
Issue 1.1 – Aug 16
The Head of Security Department or deputy will ensure that every complaint is acknowledged in writing within seven working days, which will include advice to the complainant of the enquiry procedure to be undertaken. Breaches of this Code of Practice shall be dealt with in accordance with the appropriate disciplinary policy. Serious breaches of the Code may result in criminal liability on behalf of the individual which may also be considered as gross misconduct. Where appropriate, the police will be asked to investigate any matter relating to the CCTV systems which is deemed to be of a criminal nature. 14. Public Information.
A copy of this code of practice will be made available to anyone requesting it.
15. Major incidents
In the event of a major incident arising, such as serious public disorder, bomb threats/explosions or serious fires the police will be given authority to supervise the CCTV control room. The Head of Security or deputy will give such authority verbally or in writing. 16. Privacy and Disclosure Principle 2 - The use of a surveillance camera system The use of a surveillance camera system must take into account its effect on individuals and their privacy, with regular reviews to ensure its use remains justified. The right to respect for private and family life set out in Article 8 of the ECHR enshrines in law a long held freedom enjoyed in England and Wales. People do, however, have varying and subjective expectations of privacy with one of the variables being situational. Deploying surveillance camera systems in public places where there is a particularly high expectation of privacy, such as toilets or changing rooms, should only be done to address a particularly serious problem that cannot be addressed by less intrusive means. Such deployment should be subject to regular review, at least annually, to ensure it remains necessary. Any proposed deployment that includes audio recording in a public place is likely to require a strong justification of necessity to establish its proportionality. There is a strong presumption that a surveillance camera system must not be used to record conversations as this is highly intrusive and unlikely to be justified. Any use of facial recognition or other biometric characteristic recognition systems needs to be clearly justified and proportionate in meeting the stated purpose, and be suitably validated4. It should always involve human intervention before decisions are taken that affect an individual adversely. This principle points to the need for a privacy impact assessment process to be undertaken whenever the development or review of a surveillance camera system is being considered to ensure that the purpose of the system is and remains justifiable, there is consultation with those most likely to be affected, and the impact on their privacy is assessed and any appropriate safeguards can be put in place. Where such an assessment follows a formal and documented process, such processes help to ensure that sound decisions are reached on implementation and on any necessary measures to safeguard against disproportionate interference with privacy. In the case of a public authority, this also demonstrates that both the necessity and extent of any interference with Article 8 rights has been considered.
Issue 1.1 – Aug 16
A privacy impact assessment also helps assure compliance with obligations under the 1998 Act. Comprehensive guidance on undertaking a privacy impact assessment is available from the Information Commissioner’s Office. This encourages organisations to devise and implement an assessment process that is appropriate and proportionate to their circumstances. The Data Protection Act 1998 The Data Protection Act 1998 gives the data subject increased rights of access to personal data held on them. The Act also provides strict time limits in which data controllers must respond to access requests from individuals. Principal 6 requires data controllers to comply with these rights. Subject to some exceptions, subject access requests must be dealt with within 40 days of the access request being received in the University. As each request is liable to be different, staff and students may, in all cases, obtain advice on how to proceed and whether information can be disclosed and can be obtained from the University's Assistant Data Protection Officer.
Issue 1.1 – Aug 16
APPENDIX A
Body Worn Video
10
Issue 1.1 – Aug 16
Introduction
1. Body Worn Video (BWV) has been used successfully by a variety of organisations
whose personnel regularly come into contact with members of the public; particularly those
dealing with incidents which have the potential to become confrontational. BWV has the
ability to capture both video and audio evidence of incidents and acts as a silent witness as
an incident unfolds. Research by Grampian Police into the effectiveness of BWV showed a
26% decrease in overall crime in areas in which BWV was deployed during a 3-month trial
period. This is compared to a 1% drop in overall crime in comparable areas in which BWV
was not utilised.1
2. The use of BWV is not limited to policing. A growing number of universities in the
UK have adopted BWV for their Security Officers. BWV is proven to reduce anti-social
behaviour, lessen malicious complaints against staff and lower the chances of an incident
becoming violent in nature. Examples of the effectiveness of BWV are illustrated by the
below testimonials:
‘The accommodation management are very impressed with the cameras and the impact it
has had on subsequent disciplinary issues. There is a visible change of attitude by those
persons when they are made aware they are being video/voice recorded.’ David McMahon
(Newcastle University)
‘They [BWV] are definitely having a positive impact on anti-social behaviour and I’ve been to
several disciplinary hearings with students where their faces on viewing playback are a
picture. There is no more doubting the word of a Security Officer, as the University
Authorities can judge for themselves from the video.’ Leigh Stevenson (University of Kent)
3. In order to comply with current legislation, it is important that the use of BWV is
properly audited and controlled. The remainder of this Standard Operating Procedure (SOP)
deals with these requirements to ensure that the use of BWV is both operationally effective
and legally compliant.
11
Issue 1.1 – Aug 16
Operational Procedure 4. Booking in and out procedure. In order to maintain a concise and simple audit trail
of the use of BWV it is important that the cameras are booked in and out to individuals and
that a record exists of who is in possession of a camera at any given time. Security Officers
need to complete the BWV Log upon commencement of their duty detailing the serial
number of the camera in use. Also included in the log are user details and booking out/in
timings. If the camera has been used, then the fact that footage has been recorded needs to
be annotated to ensure that it can be downloaded on to a secure system and if deemed
applicable saved for future use. In addition to completing the BWV Log Security Officers
should also:
Ensure that the unit is in good repair and in full working order.
Ensure that the battery is charged. 5. If a BWV becomes damaged during the course of a duty, then it should be recorded
in the BWV Log and highlighted in the nightly security report to ensure that repairs and/or
replacements may be organised.
6. The device should be set on standby mode so that the camera is ready for use when
required.
7. On completion of a shift the camera should be booked back into the BWV Log and
secured in the following locations, dependent upon campus:
Cardiff Campus. Security office
Treforest Campus. Main Gatehouse
Glyntaff Campus. Security Office
Newport City Campus. CCTV Control Room
8. Carriage. Security Officers should be wearing issued uniform when using BWV.
The cameras are an overt surveillance tool and should not be worn or used covertly at any
time. To comply with the fair processing requirements of the Data Protection Act clear
signage must be displayed on an individual’s uniform to show that recording is taking
place and that it includes audio
9. Recording an incident. Security Officers should use BWV to record an incident where they
are subject to, or feel that they are likely to be subject to, verbal or physical abuse. Recordings
should be incident specific. Once recordings have commenced the recording should, where
practical, continue uninterrupted until the incident is concluded. Should any recording be
discontinued for any reason prior to the conclusion of the incident (e.g. Officer safety) the
reason must be annotated in brief in the BWV Log and in detail in the nightly security report.
10. There are specific situations when the use of BWV is not appropriate. In particular
care should be taken to avoid filming is the subject(s) of the recording are in a state of
undress. Additionally, the use of BWV may be counter-productive when dealing with
vulnerable students so care needs to be taken to avoid inflaming any situation through the
12
Issue 1.1 – Aug 16
deployment of BWV. The use of BWV is a judgement call made by the officer dealing with an
incident; through its regular use experience will develop in officers.
11. Verbal statements. When BWV is activated a brief verbal statement should be
announced to explain the incident which is being attended. This announcement should be
made, where practical, prior to attending the incident. The following are suggested scripts
which will aid in the future recording and use of the footage:
‘I am XXXXX and the time is 2230hrs on Wednesday 2nd
of April 2014. I am attending a
report of student disorder at the bus stop on Treforest Campus.’
12. Members of the public who are being recorded on BWV should, as soon as is
practicable, be informed that their actions and speech is being recorded, such as:
‘You are being recorded on video.’
Or
‘Everything you do and say is being recorded.’
13. Prior to terminating the recording Security Officers should give a similar explanation
indicating the reason for halting the recording. Suggested scripts are:
‘It is 2240hrs on Wednesday 2nd
April 2014 and I am now returning to the front desk of the
Security Gatehouse following the departure of the student bus to Treforest.’
14. The above suggested scripts are not prescriptive and are offered as suggestions. As
long as, where practicable, announcements are made within the spirit of the above then it is
deemed that SOPs are being followed.
15. Written records. When a recording has been made it should be annotated in the
BWV Log to indicate that a download of the footage is required. Footage should be
annotated as:
‘D’ – for potential disciplinary procedures by Halls of Residence staff.
‘E’ – for potential evidential data which may be required by the police to aid in an
investigation.
‘NE’ – for non-evidential/disciplinary footage which will be held securely for 31 days
before being deleted from the University database.
16. Once annotated in the BWV Log a more detailed description should be recorded in
the nightly security report for subsequent action.
Operational Procedure 17. Audit trail. It is vital that a full audit trail is maintained from the point of issue of the
camera to its subsequent image capture, download and storage. The audit trail must clearly
13
Issue 1.1 – Aug 16
document the working processes to ensure that the use of the BWV is legally
compliant. Should a Security Officer be involved in an incident which later
proceeds to civil court then the integrity of the BWV footage will be examined with
great detail by any defence counsel to probe for weaknesses in the audit trail.
18. Disciplinary footage. If a Security Officer believes that a breach of the
Student Code of Conduct has taken place, then the footage recorded needs to be
annotated in the BWV Log and highlighted in the nightly security report. The
Security Manager will download the footage to a standalone laptop and make
copies as required.
19. Evidential footage. If a Security Officer records footage that may of use
to the police then they should, as soon as is practicable, inform the Security
Manager that evidential footage may be recorded on the device. The BWV Log
should be completed to annotate that evidential footage has been recorded and
the BWV must be securely stored until it can be handed to the Security Manager
for download and recording as an evidential file. South Wales Police will be
informed of the potential for evidential footage and a master copy will be burnt to
disc, clearly labelled and securely stored until a police officer is able to view it. If
the police require the disc then a working copy will be made which will be handed
over upon receipt of a ‘Personal Data Request Form.’
20. Non-evidential/disciplinary footage. Upon completion of duty the
Security Officer should annotate in the BWV Log that a BWV was deployed and
that no evidential footage has been recorded. When the device is downloaded to
the secure laptop the footage will be retained for 31 days before being deleted. It
is likely that this may be commonplace as the presence of an operational BWV
camera often moderates behaviour and encourages compliance. Therefore, it is
possible that a Security Officer, upon announcing recording by BWV to a
subject(s), may find that the situation calms and that no further action is needed.
Holding a copy of this footage will act as protection for the Security Officer should
a mendacious complaint be raised by a subject. This is in accordance with the
University of South Wales CCTV Code of Practice.
21. Creation of copies.
The Freedom of Information Act 2000 and the Data Protection Act 1998 will be
adhered to in respect of requests for CCTV footage. Any request for disclosure of
information must be submitted in writing to the Information Compliance Manager.
Requests for information by the Police and other authorities should be accompanied by
the relevant Data Protection form duly signed by the appropriate authority. Non-urgent
requests should be submitted to the Information Compliance Manager who will liaise
with the third party and the Gatehouse for the information. Urgent requests outside of
the regular office hours will be dealt with by security staff and copies of forms should be
forwarded to the Information Compliance Manager for recording purposes.
14
Issue 1.1 – Aug 16
Access to the monitoring and recording facility will be prohibited except for lawful,
proper and sufficient reasons (e.g. official visits from law enforcement or inspection
agencies, security staff and senior management) and only then with the personal
authority (verbal or written) of the Head of Security or deputy. Any such visits will be
conducted and recorded in accordance with the procedural manual.
Any other personnel admitted to the control room, such as engineers effecting repairs or
cleaning staff must be authorised by the Head of Security or deputy (verbally or in
writing) and must be supervised at all times whilst they are in the control room.
Regardless of their status, all visitors to the control room will be required to sign the
visitor’s book and a declaration of confidentiality.
Primary requests (i.e. those from law enforcement agencies) to view data generated
by the CCTV systems are likely to be made by third parties for any one or more of the
following purposes:
Providing evidence in criminal proceedings (Police and Criminal Evidence Act
1984, Criminal Procedures & Investigations Act 1996),
Providing evidence for civil proceedings or tribunals,
The investigation and detection of crime,
Identification of witnesses.
Third parties which should be required to show adequate grounds for disclosure of
data within the above criteria, may include, but are not limited to:
Police,
Statutory authorities with powers to prosecute,
Solicitors,
Plaintiffs in civil proceedings,
Accused persons or defendants in criminal proceedings
Upon receipt of a bona fide request to verify the existence of relevant data the
Information Compliance Manager will contact the Head of Security or deputy who will
ensure:
No undue obstruction of any third party investigation to verify existence of data,
The retention of data which may be relevant to a request,
That there is no connection with any existing data held by the police in
connection with the same investigation.
The Data Protection Act 1998 provides data subjects (individuals who are subject of the
personal data) with the right to access personal information about themselves, this
would also include images captured on CCTV. Such requests will be handled in line
with University guidance.
Unlike data subjects, third parties would not necessarily have a right to receive copies
of footage where they do not feature. In dealing with such requests consideration will
be given to legal obligations to which the University is subject such as the Data
Protection Act 1998 and Human Rights Act 1998.
15
Issue 1.1 – Aug 16
22. Fault reporting. Any faults or concerns reference BWV should be
reported to the Security Manager as soon as is practicable.
23. It is stressed that the main aim of deploying BWV to an incident is to
provide protection for security officers and to moderate anti-social/illegal behavior.
Therefor the use of BWV should not be seen as a system of monitoring the
performance of security officers.
Andrew Moore ASyI Security Manager Estates and Facilities