3. Supply of CCTV Images to An Garda Síochana
5. Security Arrangements for CCTV
The following policy relates to surveillance camera equipment (CCTV), and the gathering, use, storage and disposal of CCTV system recorded data by Donegal County Council. This includes CCTV systems within Council premises, car parks, piers, plant, civic amenity and locations in the ownership/ leased/ or rented by Donegal County Council. This use may involve the recording of personal data of individuals including their recognisable images.
This policy sets out how Donegal County Council will manage its CCTV systems and the standards that will apply in respect of the data they capture. The policy complies with the EU General Data Protection Regulation (GDPR) and the Data Protection Acts 1988 to 2018.
The following Data Protection Principles apply to the use of CCTV. Personal data must be:
The purpose of this policy is to regulate the use of CCTV and its associated technologies and to ensure that CCTV systems are approved, installed and operated in a manner compatible with this policy. CCTV used by Donegal County Council could include some or all of the following:
The policy sets out the way by which a Member of An Garda Síochána; Council staff and members of the public can seek to access CCTV recordings and associated data.
An Garda Síochána are entitled to view personal data on individuals, if it is for the following purposes;
If An Garda Síochana makes a request to download footage this will only be acceded to where there is a formal written request to the Data Controller. This is differentiated from An Garda Síochana making a request to view footage on the premises and the written request would not be necessary as long as it is confirmed by the requesting Garda that viewing the footage is for the purposes of investigation or detection of a crime.
Data protection legislation requires that images are not retained for longer than is considered necessary. Normally data recorded on CCTV systems will not be retained by Donegal County Council beyond a maximum of 28 days. Data recorded on CCTV systems may however be retained by Donegal County Council beyond a maximum of 28 days in circumstances where the data is required for evidential purposes and/or legal proceedings.
To protect the security of the CCTV system, a number of technical and organisational measures have been implemented;
Access to each CCTV and its recordings shall be restricted to the Data Controller and Data Processor.
All systems where practically possible will be encrypted and password protected.
The storage medium used by the CCTV system will be kept in a secure location.
All access to images will be confined to authorised personnel and documented by a designated member of staff.
A log shall maintain a record of all requests made by the following to view/obtain copies of CCTV recordings and the outcome of such requests:
Under Data Protection legislation an individual has a right to access information held by the Council, including CCTV footage and images. All requests should be made, in writing, to the Council’s Data Protection Officer.
Before the Council installs or upgrades any new or existing CCTV systems, a documented privacy impact assessment (DPIA) is necessary where it is likely to result in a high risk to the rights and freedoms of natural persons. A single assessment may address a set of similar processing operations that present similar risks.
A DPIA is intended to assist in-
The DPO can refer the DPIA to the Data Protection Commission and if it is deemed that the system will result in a high risk to the rights and freedoms of an individual then the processing of data cannot proceed.
CCTV surveillance requires signage, that is clearly visible and legible, to be placed so that persons are aware that they are entering an area that is covered by a CCTV system. If the identity of the Data Controller (i.e. Donegal County Council) and the usual purpose for processing (i.e. security) is obvious the following is all that is required to be placed on the signage:
If the purpose for processing is not obvious the following is required to be placed on the signage:
Appropriate locations for signage include:
WARNING
CCTV CAMERAS IN OPERATION
Images are recorded for the purposes of securing public order and safety in public places by facilitating the deterrence, prevention, detection and prosecution of offences
This scheme is controlled by Donegal County Council.
For more information contact Data Protection Officer @ [email protected]
WARNING
CCTV CAMERAS IN OPERATION
Images are recorded for the purpose of ensuring the security of Donegal County Council property and safety and the safety and security of its staff and visitors; for crime prevention and to facilitate investigations relating to criminal matters and the investigation of offences.
This scheme is controlled by Donegal County Council.
For more information contact the Data Protection Officer at [email protected]
WARNING
CCTV CAMERAS IN OPERATION
Images are recorded to aid the prevention, detection and prosecution of criminal offences by Donegal County Council
This scheme is controlled by Donegal County Council.
For more information contact the Data Protection Officer at [email protected]
The use of CCTV to obtain data without an individual’s knowledge is generally unlawful. Covert CCTV surveillance will only be permitted by the Council on a case by case basis where the data is necessary for the purposes of preventing, detecting or investigating offences or apprehending or prosecuting offenders. The use of covert CCTV surveillance will normally require the involvement of a law enforcement authority. Covert CCTV surveillance will be focussed and of short duration. Only specific and relevant individuals/locations should be recorded. If no evidence is obtained that is relevant to the purpose of the covert CCTV surveillance within a reasonable period, the CCTV surveillance will cease. If the CCTV surveillance is intended to prevent crime, overt CCTV surveillance may be considered to be a more appropriate measure and less invasive of individual privacy.
Permission of the Director of Services and/ or Head of section must be obtained before considering covert surveillance. The DPO must also be consulted by the Director/Head of Section and the activity is likely to require that a Data Protection Impact Assessment is carried out. The decision to adopt covert recording will be fully documented and will set out how the decision to use covert recording was reached and by whom.
Employees in the workplace will not have their privacy intruded upon disproportionately.
Where practically possible cameras will be focused upon areas of particular risk, i.e. at cash points or areas where human observation is difficult.
CCTV recording will be avoided in areas where employees have an increased expectation of privacy such as break rooms, changing rooms and toilets. Employees will be given a clear notification that CCTV monitoring is taking place and informed as to where and why it is being carried out.
If the use of CCTV has been justified for a specific purpose such as security or health and safety, it will not be used for a further purpose such as monitoring staff attendance or performance. However, situations can arise where the Council needs to use CCTV footage for a purpose other than one identified at the outset such as to investigate an allegation of gross misconduct or other disciplinary matter. This will be carried out strictly on a case-by-case basis, and is justified based on necessity and proportionality to achieve the given purpose. The Council must be able to demonstrate why the use of CCTV is necessary to provide evidence in a disciplinary matter, and that their access of CCTV footage is proportionate and limited in scope to the investigation of a particular matter. In such cases, the rights of the employee and their expectation of privacy will not be seen as overriding the interests of the Council and the employee’s data protection rights should not be seen as presenting a barrier to the investigation of serious incidents.
This policy will be reviewed on an ongoing basis to take account of changing information or guidelines that may issue. The Council reserves the right to change this Policy at any time so it is recommended to check back regularly to obtain the latest copy of this Policy.
The Data Protection Officer is responsible for ensuring that this Policy is reviewed and updated. Further enquiries can be directed to:
Data Protection Officer
Donegal County Council
County House
Lifford
Co Donegal
F93 Y622
074 91 53900
[email protected]