Net Technical Solutions – CCTV Policy October 2018|

1. Introduction

This CCTV policy explains how the Company will operate its CCTV equipment and comply with the current legislation.

Under the Protection of Freedoms Act 2012 the processing of personal data captured by CCTV systems (including images identifying individuals) is governed by the Data Protection Act and the Information Commissioner’s Office (ICO) has issued a code of practice on compliance with legal obligations under that Act. The use of CCTV by a Company is covered by the Act, regardless of the number of cameras or how sophisticated the equipment is.

2. Scope

This Policy applies to all Net Technical Solutions employees and affiliates.

3. Reasons for CCTV

The Company uses CCTV equipment to provide a safer, more secure environment for staff and to prevent bullying, vandalism and theft. Essentially it is used for:
• The prevention, investigation and detection of crime.
• The apprehension and prosecution of offenders (including use of images as evidence in criminal proceedings).
• Safeguarding public and staff safety.
• Monitoring the security of the site.

The Company does not use the CCTV system for covert monitoring.

4. CCTV Equipment

4.1 Camera Locations

Cameras are located in those areas where the Company has identified a need and where other solutions are ineffective. The Company’s CCTV system is used solely for purposes(s) identified above and is not used to routinely monitor staff conduct. Cameras will only be used in exceptional circumstances in areas where the subject has a heightened expectation, in these areas, the Company will use increased signage in order that those under surveillance are fully aware of its use.

For reference the camera locations are as follows:-
The underground carpark downstairs pointing towards the cage.
One upstairs in the build area that covers stock and the server cabinet entrance.
One for the main entrance to our Office upstairs that covers anyone entering \ leaving the office.

4.2 Maintenance

The CCTV system is maintained by the Tech Leads.

The Managing Director is responsible for:
• Ensuring the Company complies with its responsibilities in relation to guidance on the location of the camera.
• Ensuring the date and time reference are accurate.
• Ensuring that suitable maintenance and servicing is undertaken to ensure that clear images are recorded.
• Ensuring that cameras are protected from vandalism in order to ensure that they remain in working order.

4.3 Identification

In areas where CCTV is used the Company will ensure that there are prominent signs placed at both the entrance of the CCTV zone and within the controlled area.

The signs will:
• Be clearly visible and readable.
• Contain details of the organisation operating the scheme, the purpose for using CCTV and who to contact about the scheme.
• Be an appropriate size depending on context.

4.4 Type of equipment

The Company’s standard CCTV cameras record visual images only and do not record sound. Where two way audio feeds (eg call for help systems) are used, they will only be capable of activation by the person requiring help.
The CCTV system is setup to record motion detection.

5. Access to CCTV Recordings

5.1 Image Storage, Viewing and Retention

Recorded images will be stored in a way that ensures the integrity of the image and in a way that allows specific times and dates to be identified. Recorded images can only be viewed in a restricted area by a Director. The recorded images are viewed only when there is suspected criminal activity and not for routine monitoring of staff or visitors unless the camera(s) are installed to monitor the safe movement of persons through a designated area eg. corridors \ quiet carparks (these areas will be identifiable by clear signs). Requests for access should be sent to the DPO in writing, listing the reason(s) why you require access.

The Company reserves the right to use images captured on CCTV where there is activity that the Company cannot be expected to ignore such as criminal activity, potential gross misconduct, or behaviour which puts others at risk. Images retained for evidential purposes will be retained in a locked area accessible by the Directors only. Where images are retained, the Directors will ensure the reason for its retention is recorded, where it is kept, any use made of the image(s) and finally when it is destroyed.
The company will keep CCTV images for no more than 6 months before the data is removed or erased, but will be kept longer should there be any legal requirement or ongoing investigations.

5.2 Disclosure

Disclosure of the recorded images to third parties can only be authorised by the Data Protection Officer. Disclosure will only be granted:
• If its release is fair to the individuals concerned.
• If there is an overriding legal obligation (eg information access rights).
• If it is consistent with the purpose for which the system was established.

All requests for access or for disclosure are recorded. If access or disclosure is denied, the reason is documented.
NB: Disclosure may be authorised to law enforcement agencies, even if a system was not established to prevent or detect crime, if withholding it would prejudice the prevention or detection of crime.

5.3 Subject access requests

Individuals whose images are recorded have a right to view images of themselves and, unless they agree otherwise, to be provided with a copy of the images. If the Company receives a request under the GDPR it will comply with requests within 30 calendar days of receiving the request. If the Company receives a request under the Freedom of Information Act it will comply with requests within 20 working days of receiving the request. As a general rule, if the viewer can identify any person other than, or in addition to, the person requesting access, it will be deemed personal data and its disclosure is unlikely as a Freedom of Information request. Those requesting access must provide enough detail to allow the operator to identify that they are the subject of the images, and for the operator to locate the images on the system. Requests for access should be addressed to the Data Protection Officer.

Refusal to disclose images may be appropriate where its release is:
• Likely to cause substantial and unwarranted damage to that individual.
• To prevent automated decisions from being taken in relation to that individual.

5.4 Monitoring and Evaluation

The company undertakes regular audits to ensure the use of CCTV continues to be justified. The audit includes a review of:
• Its stated purpose
• The location
• The images recorded
• Storage length
• Deletion

6 Review of this Policy

This policy will be reviewed annually, unless the company decides to change the way in which it uses CCTV in which case it will be reviewed at that time.