“The purpose of this policy is to regulate the use of Closed Circuit Television and its associated technology in the monitoring of both the internal and external environs of the premises under the remit of CDIC / ALL ON 4 MALVERN / FACELAB MALVERN
CCTV systems are installed (both internally and externally) in premises for the purpose of enhancing security of the building and its associated equipment as well as creating a mindfulness among the occupants, at any one time, that a surveillance security system is in operation within and/or in the external environment of the premises during both the daylight and night hours each day. CCTV surveillance at CDIC / ALL ON 4 MALVERN / FACELAB MALVERN is intended for the purposes of:
This policy relates directly to the location and use of CCTV and the monitoring, recording and subsequent use of such recorded material.
CDIC / ALL ON 4-MALVERN / FACELAB-MALVERN has a responsibility for the protection of its property, and equipment as well providing a sense of security to its employees, patients and others who enter its premises. CDIC / ALL ON 4-MALVERN / FACELAB-MALVERN owes a duty of care and utilises CCTV systems and their associated monitoring and recording equipment as an added mode of security and surveillance.
The use of the CCTV system will be conducted in a professional, ethical and legal manner and any diversion of the use of CCTV security technologies for other purposes is prohibited by this policy e.g. CCTV will not be used for monitoring employee performance.
Information obtained through the CCTV system may only be released when authorised by the Practice Principal. Any requests for CCTV recordings/images will be fully recorded and legal advice will be sought if any such request is made. If a law enforcement authority is seeking a recording for a specific investigation any such request will need to be made in writing and the CDIC / ALL ON 4-MALVERN / FACELAB-MALVERN will immediately seek legal advice.
CDIC / ALL ON 4-MALVERN / FACELAB-MALVERN justifies the obtaining and use of personal data by means of a CCTV system in order to control the buildings for security purposes and this has been deemed to be justified. The system is intended to capture images of intruders or of individuals damaging property or removing goods without authorisation.
CCTV systems are not intended be used to monitor clinician – patient activities.
LOCATION OF CAMERAS
Cameras are placed to record external areas and are positioned in such a way as to prevent or minimise recording of passers-by or of another person’s private property.
CDIC / ALL ON 4-MALVERN / FACELAB-MALVERN will not engage in covert surveillance.
CDIC / ALL ON 4-MALVERN / FACELAB-MALVERN will provide a copy of this CCTV Policy on request to staff, patients and visitors to the practice. This policy describes the purpose and location of CCTV monitoring, a contact number for those wishing to discuss CCTV monitoring and guidelines for its use. Adequate signage will be placed at each location in which a CCTV camera(s) is sited to indicate that CCTV is in operation. Adequate signage will also be prominently displayed at the entrance to CDIC / ALL ON 4-MALVERN / FACELAB-MALVERN.
Appropriate locations for signage will include:
For a normal CCTV security system, it would be difficult to justify retention beyond a 2 month period (60 days), except where the images identify an issue – such as a break-in or theft and those particular images/recordings are retained specifically in the context of an investigation/prosecution of that issue.
Accordingly, the images captured by the CCTV system will be retained for a maximum of 60 days, except where the image identifies an issue and is retained specifically in the context of an investigation/prosecution of that issue.
The images/recordings will be stored in a secure environment with a log of access kept. Access will be restricted to authorised personnel. Supervising the access and maintenance of the CCTV System is the responsibility of the Practice Principal. The Principal may delegate the administration of the CCTV System to another staff member. In certain circumstances, the recordings may also be viewed by other individuals in order to achieve the objectives set out above. When CCTV recordings are being viewed, access will be limited to authorised individuals on a need-to-know basis.
Tapes/DVDs storing the recorded footage and the monitoring equipment will be securely stored in a restricted area. Unauthorised access to that area will not be permitted at any time.
Access to the CCTV system and stored images will be restricted to authorised personnel only i.e. Practice Principal
In relevant circumstances, CCTV footage may be accessed:
The Practice Principal will:
The policy will be reviewed and evaluated from time to time. On-going review and evaluation will take cognisance of changing information or guidelines, legislation and feedback from staff and others.
APPENDIX 1 – DEFINITIONS
Definitions of words/phrases used in relation to the protection of personal data and referred to in the text of the policy;
CCTV – Closed-circuit television is the use of video cameras to transmit a signal to a specific place on a limited set of monitors. The images may then be recorded on video tape or DVD or other digital recording mechanism.
Data – information in a form that can be processed. It includes automated or electronic data (any information on computer or information recorded with the intention of putting it on computer) and manual data (information that is recorded as part of a relevant filing system or with the intention that it should form part of a relevant filing system).
Personal Data – Data relating to a living individual who is or can be identified either from the data or from the data in conjunction with other information that is in, or is likely to come into, the possession of the data controller.
Access Request – this is where a person makes a request to the organisation for the disclosure of their personal data.
Data Processing – performing any operation or set of operations on data, including:
Data Subject – an individual who is the subject of personal data.
Data Controller – a person who (either alone or with others) controls the contents and use of personal data.
Data Processor – a person who processes personal information on behalf of a data controller, but does not include an employee of a data controller who processes such data in the course of their employment, for example, this might mean an employee of an organisation to which the data controller out-sources work