This policy governs the operation of surveillance camera technology (including closed circuit television (CCTV) systems and other overt surveillance technology) operated by Brighton & Hove City Council as a data controller to assist it in carrying out its enforcement, public safety, and other functions.
The policy sets out the principles to be observed by the Council, its members, employees, contractors, and any other parties or organisations involved in the operation, management, and administration of relevant surveillance camera systems, as well as the responsibilities which exist to ensure that these systems are operated in a compliant manner. It is also intended to inform members of the public of the purposes for which cameras are operated, and of the standards to be met in relation to them.
The policy is not binding on Local Authority schools, which are legally distinct from the Council and are separately responsible for any surveillance cameras they may use.
A list of key definitions and acronyms is set out at section 12 of this policy.
This policy does not govern the Council’s use of the surveillance powers available to it, which are conducted under the auspices of the Regulation of Investigatory Powers Act. Covert surveillance is governed by a separate document, the RIPA Policy (Corporate Policy and Procedures Document on the Regulation of Investigatory Powers Act 2000).
Compliance with this policy and with the detailed arrangements which sit under it ensures that the Council’s use of surveillance cameras reflects a proportionate response to identified problems, which is operated with due regard to the privacy rights of individuals.
This policy describes and addresses BHCC's obligations regarding the monitoring of public spaces and Council property and the associated use of surveillance camera technology.
This policy exists to:
The Policy is based on adherence to the twelve guiding principles detailed in the Surveillance Camera Code of Practice
Article 8 of the Human Rights Convention recognises the right to a private and family life. Where surveillance cameras capture images of people which comprise personal data, there is potential for this to infringe on the privacy of individuals. Accordingly, there is an obligation for surveillance camera installations and handling practices to comply with data protection legislation. Surveillance camera systems are operated by the Council and its partners only as a proportionate response to identified problems where there is a legal basis to do so.
The Information Commissioner’s Office (‘the ICO’) has enforcement powers which include the power to issue directives to remove or modify surveillance camera installations. The ICO is supported by the Biometrics and Surveillance Camera Commissioner that was established under the Protection of Freedoms Act 2012. The Biometrics and Surveillance Camera Commissioner has issued a Code of Practice for the use of surveillance camera technology, which has the status of statutory guidance and which this policy has taken into account.
This policy applies only to the deployment of surveillance camera technology where the Council is the Data Controller and determines the way the technology is to be deployed and use to be made of the footage to be captured. The Council is not responsible for any cameras deployed by other individuals or organisations in or around Council owned properties which are leased or otherwise made available to other people or bodies under some other arrangement (this includes any subcontractor who deploys the use of surveillance cameras where they are the data controller for footage captured). The Council normally refuses to authorise the installation of surveillance cameras by individuals on Council property, for example where it holds the freehold, street assets and so on.
The Council acts as data controller for the surveillance camera systems it operates for the purposes of preventing and detecting crime and for ensuring public and staff safety, including that of attendees at its public venues and residents of its social housing.
The council’s Environmental Services vehicles also have cameras for the purposes of providing evidence for insurance claims.
ANPR cameras are deployed in some bus lanes for enforcement purposes as part of a partnership arrangement with the Police.
Some staff or contractors with public enforcement roles wear body-mounted cameras to protect their safety and wellbeing whilst carrying out their duties. At the time of writing, the Council does not employ the use of drones, however their deployment would also be covered by this policy.
The Council’s use of surveillance camera technology accords with the requirements and the principles of the Human Rights Act 1998, the UK General Data Protection Regulation, the Data Protection Act 2018, and the Protection of Freedoms Act 2012.
Surveillance cameras shall be operated with due regard to the principle that everyone has the right to respect for his or her private and family life and home.
Public interest in the operation of surveillance cameras will be recognised by ensuring the security and integrity of operational procedures which sit underneath it, and which balance the objectives of the camera usage with the need to safeguard the individual’s rights.
The Council will operate all surveillance camera implementations in line with the principles set out in the Surveillance Camera Commissioner Code of Practice.
In order to ensure the Council upholds individuals’ rights in processing personal data and complies with relevant legislation, any deployment of the use of surveillance technology must be designed and risk assessed using the following process:
Deployment refers to a common instance of Surveillance Camera Technology. Using the same technology and processes for the same purpose and can therefore cover more than one camera.
The police, social services, environmental health and/or other authorised agencies or bodies may apply for access to data collected via surveillance cameras in order to carry out their statutory functions. All requests will be reviewed by the Council’s data protection team and determined according to a process which ensures compliance with the law.
The use of cameras and the positions they are placed in are reviewed annually by relevant services to ensure that they remain proportionate to their purpose. Where the purpose can no longer be justified against the intrusion on personal privacy, they will be removed or switched off.
Where equipment is in use it must be accompanied by clear signage in order or the public to be aware.
Most of the surveillance camera systems do not record audio. Where audio is recorded this is made clear to the public through signage, or where applicable, verbally.
All viewing and recording equipment shall only be operated by trained and authorised users.
All staff with operational access to surveillance camera equipment are responsible for following the specific operational procedures established for its use. This includes checking the equipment and reporting to management where it is found to deviate from the agreed specification or appears to have been interfered with.
Staff contractors and other relevant persons shall only be permitted access to images obtained via surveillance cameras on a ‘need to know’ basis.
Information Asset Owners are accountable for identifying a legitimate need for surveillance camera installations where this exists (and for reviewing the same), for ensuring that data protection impact assessments are conducted, and an action plan generated and progressed and for making sure that risk controls are established where needed to protect personal privacy.
The Senior Information Risk Owner (SIRO) is the responsible officer for surveillance camera installations for the council. Where any proposed installations are assessed as posing a high risk to personal privacy, these must be reviewed by the Senior Information Risk Owner.
The Data Protection Officer (DPO) is responsible for assessing proposed surveillance camera installations posing a high risk to privacy, rights, and freedoms and for making recommendations to the SIRO. In cases of a serious breach involving surveillance camera data, the DPO is responsible for reporting the matter to the ICO.
The Information Governance Team is responsible for assisting departments with Data Protection Impact Assessments and participating in the investigation of breaches.
Individuals whose personal data has been collected via the use of surveillance technology have a right to access and/or obtain a copy of this data and to exercise any other relevant right under Data Protection Law (unless an exemption applies).
To exercise data subject rights (for example, the right of access, erasure, and rectification) individuals can make requests via Information Rights Team. Examples of exercising some of these rights include:
A right to request through subject access, a copy of footage in which they are captured, subject to exemptions within the Data Protection Act 2018 and also balanced against the rights and freedoms of others who may appear in that footage.
A right to object to processing where they believe that the field of vision or the siting of the camera is disproportionate to the stated purpose of the camera. Where a resident objects to processing, the Council will consider the objection and decide whether a lawful basis for processing can still be justified. A written response will be provided outlining the outcome.
Council surveillance cameras are usually set to automatically overwrite footage between 28 and 31 days after it is captured. Where authorised bodies are granted access to data collected via surveillance cameras in order to carry out their statutory functions, then copies of the data may be made and provided securely for this purpose.
Closed Circuit Television
A statutory role set out under data protection legislation with responsibility for ensuring that organisations are compliant with personal privacy rights. Any resident can report a personal privacy concern about the Council to the Data Protection Officer.
Legislation that covers data protection principles and privacy rights.
A role held by senior managers at the Council, to ensure that information systems operated by their teams have appropriate data quality, auditability, and access controls.
The discipline of applying controls to how information or data is created, how it is stored and where it moves.
A role established under International Information Security Standard ISO27001 to ensure that appropriate processes for information risk and the treatment of that risk are established and maintained.
Senior manager who has strategic oversight for the integrity and efficacy of the processes in place within the local authority which ensure compliance with s.33 of PoFA in support of the Chief Executive, and in respect of all relevant surveillance camera systems operated by the local authority.
Has the meaning given by Section 29(6) of Protections of Freedoms Act 2012 and includes:
The Regulation of Investigatory Powers Act 2000. This act sets out the conditions under which investigations and covert surveillance can be lawfully conducted.
This policy will be reviewed annually under the oversight of the Senior Information Risk Owner.
| Policy Name | Surveillance camera policy |
|---|---|
| Document Type | Internal and External facing policy |
| Version | 2 |
| Introduction date | 3 April 2023 |
| Effective date | 3 April 2023 |
| Next review date | April 2024 |
| Reviewed by | Heidi Judd, Chris Mitchell |
| Approved by | Executive Leadership Team |
| Document author | Heidi Judd |
| Document Owner | Information Governance Team |