 |
|
|
|
|
|
|
|
|
|
|
||||||||||||
 |
||||||||||||||||||||||
|
||||||||||||||||||||||
 |
||||||||||||||||||||||
 |
||||||||||||||||||||||
 |
||||||||||||||||||||||
 |
||||||||||||||||||||||
 |
||||||||||||||||||||||
 |
||||||||||||||||||||||
|
|
|
|
|
|
|
|
|
 |
||||||||
|
Data Protection Act 1998 Introduction Below are the standards that must be met if the requirements of the 1998 act are to be complied with. These are based on the Data protection principles, which say that data must be:
The information Commissioner has the power to issue Enforcement Notices where she considers that there has been a breach on one or more of the Data Protection Principles. CCTV Initial Assessment Before Installing and Using CCTV and similar surveillance equipment, users will need to establish the purpose or Purposes for which they intend to use the equipment. This equipment may be used for a number of different purposes – for example, prevention, investigation and detection or crime, apprehension and prosecution of offenders (including use of images as evidence in criminal proceedings), Public and employee safety, monitoring security of premises etc. CCTV Signage Once a CCTV system has been installed, signs should be placed so that the public is aware that they are entering a zone, which is covered by surveillance equipment (First data protection principle). These signs should be clearly visible and legible to members of the public (first data protection principle) These signs should contain the following information- a) Identity of the person or organization responsible for the scheme b) The purpose of the scheme c) Details of who to contact for information regarding the scheme (First data protection principle) For example- Where the image of a camera is not used on a sign- the following wording is recommended: "Images are being monitored for the purposes of crime prevention and public safety. This scheme is controlled by the Greentown safety partnership. For further information contact 01234-567-890" For example- Where an image of a camera is used on a sign- the following wording is recommended: "This scheme is controlled by the Greentown safety partnership. For further information contact 01234-567-890" In exceptional and limited cases, the use of signs may not be appropriate, for example, covert monitoring for specific criminal activity. Further guidance can be found at www.dataprotection.gov.uk Quality of CCTV images It is important that the images produced by the equipment are as clear as possible in order that they are effective for the purpose(s) for which they are intended. This is why it is essential that the purpose of the scheme be clearly identified. For example if a system has been installed to prevent and detect crime, then it is essential that the images are adequate for that purpose. The third fourth and fifth data protection principles are concerned with the quality of personal data. The standards to be met under this code are set out below. Standards 1. Upon installation an initial check should be undertaken to ensure that the equipment performs properly 2. If tapes are used, it should be ensured that they are good quality tapes (Third and fourth data protection principles) 3. The medium on which the images are captured should be cleaned so that images are not recorded on top of images recorded previously (Third and fourth data protection principles). 4. The medium on which the images have been recorded should not be used when it has become apparent that the quality of images has deteriorated (Third data protection principle) 5. If the system records features such as the location of the camera and/or date and time reference, these should be accurate (Third and fourth data protection principles) 6. Camera should be situated so that they will capture images relevant to the purpose for which the scheme was established (Third and Fourth data protection principles) 7. Cameras should be properly maintained and serviced to ensure that clear images are recorded (Third and fourth data protection principles) Processing of CCTV images Images, which are not required for the purpose(s) for which the equipment is being used, should not be retained for longer than is necessary. While images are retained, it is essential that their integrity be maintained, whether it is to ensure their evidential value or to protect the rights of people whose images may have been recorded. It is therefore important that access to and security of the images is controlled in accordance with the requirements of the 1998 act. The seventh data protection principle sets out the security requirements of the 1998 data protection act. However, the standards required by this code of practice are set out below. Standards 1. Images should not be retained longer than is necessary (Fifth data protection principle) 2. Once the retention period has expired, the images should be removed or erased (Fifth data protection principle) Standards cont. 3.If the images are retained for evidential purposes, they should be retained in a secure place to which access is controlled (Fifth and seventh data protection principle) 3. On removing the medium on which the images have been recorded for the use in legal proceedings, the operator should ensure that they have been documented: - a) The date on which the images were removed from the general system for the use in legal proceedings. b) The reason why they were removed from the system. c) Any crime incident number to which the images are relevant. d) The location of the images. For example, if the images were handed to a police officer for retention, the name and station of that police officer. e) The signature of the collecting officer, where appropriate (Third and seventh data protection principles) Principles of the data protection act in relation to CCTV surveillance The First data protection principle requires that: "Personal data shall be processed fairly and lawfully…" The first data protection principle requires that the data controller has a legitimate basis for processing. It is for the data controller to be clear about which grounds to rely on in this respect. The data controller must consider whether the information/images are processed lawfully and whether the information/images are processed fairly. The Second data protection principle requires that: "Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes". The Third data protection principle requires that: "Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed". This means that consideration must be given to the situation of the cameras so that they do not record more information than is necessary for the purpose of which they were installed. Furthermore, if the recorded images on the tapes are blurred or indistinct, it may well be that this will constitute inadequate data. For example, if the purpose of the system is to collect evidence of criminal activity, blurred or indistinct images from degraded tapes or poorly maintained equipment will not provide legally sound evidence, and may therefore be inadequate for its purpose The fourth data protection principle requires that: "Personal data shall be accurate and, where necessary, kept up to date…." This principle requires that the personal information that is recorded and stored must be accurate. This is particularly important if the personal information taken from the system is to be used as evidence in cases of criminal conduct or in disciplinary disputes with employees. The data protection commissioner recommends that efforts are made to ensure the clarity of the images, such as using only good quality tapes in recording information, cleaning the tapes prior to reuse and not simply recording over existing images, and replacing tapes on a regular basis to avoid degradation from over-use. The fifth data protection principle requires that: "Personal data processed for any purpose or purposes shall not be kept any longer than is necessary for that purpose or those purposes" This principle requires that the information shall not be held for longer than is necessary for the purpose it is being used, unless it is being used as evidence. The sixth data protection principle requires that: "Personal data shall be processed in accordance with the rights of data subjects under this act". The act provides individuals with a number of rights in relation to the processing of their personal data. Contravening these rights will amount to a contravention of the sixth data protection principle. The seventh data protection principle requires that: "Appropriate technical and organizational measures shall be taken against unauthorized or unlawful processing of personal data, and against accidental loss or destruction of, or damage to, personal data". The eighth data protection principle requires that: "Personal data shall not be transferred to a country or territory outside the European economic area, unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data". |
||||||||
 |
||||||||
|
Click Above to Return |
||||||||