Closed Circuit TV Policy

Transcription

1 Western Isles Health Board Procedure Document Closed Circuit TV Policy Version 1 Author Gordon Jamieson, Chief Executive Date of issue QIPB approval Next review due date Reviewers/review team

2 Document Control Version Date Latest changes made by Status Reason for change and reviewers Version Gordon Jamieson Approved Document Approval Name(s) of the Individual(s) representing the Approving Committee(s)/Group(s) Reviewers Name Reviewers Role Review Date Security Group Area Partnership Forum Distributed to the Following for Information Name Job title Role and responsibility Eddie Yates Calum Russell Information Governance Manager Equalities

3 1.0 Statement & Introduction 2.0 Objectives 3.0 Scope of the Policy 4.0 Definition of Terms 5.0 Legal Context 6.0 Responsibilities 7.0 Purposes of CCTV 8.0 Operation and Control 9.0 Administration 10.0 Informing 11.0 Covert/Directed Surveillance 12.0 Complaints 13.0 Supporting Operating Procedures 14.0 Related Policies and Documents 15.0 General Policy Content Appendix 1 Equality & Diversity Impact Assessment

4 1.0 Statement & Introduction 1.1 The purpose of this policy is to ensure that NHS Western Isles complies with relevant legislation (listed at bullet 2.1), while also protecting and providing security to individuals, property and/or land which the organisation owns and controls. In order to assist in fulfilling its duty of care to provide protection and security for employees and others who use these properties the organisation has a Closed Circuit Television (CCTV) surveillance system in place at many of these locations. 1.2 Surveillance of any sort can be intrusive and impact on peoples privacy. No CCTV will be initiated, installed, moved or replaced until a full impact risk Assessment has been undertaken. Installation, positioning, movement or replacement of CCTV will take account of the balance of risks to safety and/or security as well as the outcome of the impact assessment. 1.3 Any changes to this Policy will require the approval of the Security Group and/or the Chief Executive. Changes which affect the terms and conditions of our staff will require the approval of the Area Partnership Forum. 1.4 This Policy will be reviewed annually to tie in with the annual registration process with the ICO. When new legislation is enacted or guidance is issued by the Information Commissioner to ensure that it continues to be effective and comply with existing legal requirements. 1.5 There will be operational procedures to underpin this Policy.

5 2.0 Objectives 2.1 The objectives of this policy are to ensure that NHS Western Isles: Complies with the Data Protection Act 1998, Human Rights Act 1998, Freedom of Information (Scotland) Act 2002, Regulation of Investigatory Powers (Scotland) Act 2000, Health and Safety at Work Act 1974 and other relevant legislation at all times. of Complies with the Information Commissioner s Office, current CCTV Code Practice at all times. Operates its CCTV system safely and efficiently. Provides employees with an understanding of the purpose, management and operation of the system and their role in supporting this. 3.0 Scope of the Policy 3.1 This Policy covers all employees, persons providing a service, patients and visitors whose image(s) may be captured by CCTV owned and operated by NHS Western Isles. 4.0 Definition of Terms 4.1 Personal Data as defined by the Data Protection Act 1998, as applicable to CCTV, is an image or other information from which a living individual can be identified, where: The individual is the focus of the image The image contains significant information about that individual The processing of the image affects the individual s privacy. 4.2 Processing Operations carried out on the images such as; obtaining, recording, holding of images, downloading, copying and disclosing images. 5.0 Legal Context 5.1 Data Protection Act 1998 The CCTV system must comply with the following eight data protection Principles : Personal data must be processed fairly and lawfully. Personal data shall be obtained for only one or more lawful purpose and must not be further processed for incompatible purposes. Personal data shall be adequate, relevant, and not excessive.

6 Personal data shall be accurate, and where necessary, kept up-to-date. Personal data shall not be kept for longer than necessary. Personal data shall be processed in accordance with the rights of data subjects under the Act. Appropriate technical and organisational measures shall be taken to prevent unauthorised or unlawful processing of data and against accidental loss or destruction of, or damage to data. Personal data shall not be transferred to a country outside the Europe Economic Area, unless that country ensures an adequate level of protection for the rights and freedom of individuals in relation processing the data. 5.2 Freedom of Information (Scotland) Act 2002 As a public body, NHS Western Isles may receive requests for CCTV images under the Freedom of Information (Scotland) Act If individuals are capable of being identified from CCTV images then the images can only be released if disclosing the information in question does not breach the data protection principles. 5.3 Health and Safety at Work Act 1974 NHS Western Isles has to comply with the legal requirements regarding the management of risk. The Health & Safety at Work etc Act 1974 Section 2(1), places a general duty on employers to ensure so far as is reasonably practicable, the health and safety at work of their employees. Section 3 of the Act extends this duty to others who are not our employees, but are affected by our acts or omissions. 5.4 The Management of Health and Safety at Work Regulations 1999 Regulation 3 places an absolute duty on employers to assess the risks to staff and others, and put systems in place to reduce significant risks. 5.5 Risk Assessment 6.0 Risk assessment may identify the need to install CCTV cameras as a measure to reduce risks to staff, patient or public safety. This will be determined by the level of residual risk after alternative control measures have been explored. 6.1 All staff members have a responsibility to adhere to this Policy at all times. The following post-holders have specific responsibilities in relation to the management of the system. Chief Executive Responsible for ensuring that arrangements are in place to provide an effective, compliant CCTV system. Information Governance Manager Maintain oversight of appropriate arrangements to ensure compliance with the Data Protection Act 1998 and Information Commissioner s Office CCTV Code of Practice.

7 7.0 Purposes of CCTV 7.1 The operation of CCTV will apply to the following: Staff, patient and public safety and security. For the general purposes of the prevention of crime, investigation of crime and detection of offenders in or on NHS Western Isles premises. For the investigation of serious or gross misconduct by employees (in accordance with the Management of Employee Conduct Policy). 8.0 Operation and Control 8.1 Cameras and equipment will only be installed and used in accordance with the purposes as stated in Section 7 above. 8.2 The CCTV system will be operated in accordance with the relevant operational procedures as listed within Section Administration 9.1 Processing, Storage, Retention and Disposal of Images Images are only to be processed for the stated purposes, stored in such a way to protect their integrity, held securely at all times and access restricted to only those with authorisation Processing must produce clear images that are suitable for the purposes for which they were intended Images will be held in all instances for a period of 14 days. Beyond this period images not appropriately downloaded will be overwritten Records will be held and maintained of the following: Type of camera and equipment. Camera locations Incidents (Datix) Disposal of cameras and equipment Service Level Agreements Access and disclosure requests Impact assessments Risk assessments Maintenance logs Relevant authorised persons. 9.2 Access to Images Viewing and disclosure of images from the CCTV system must be controlled and consistent with the purposes for which the system was established. The on call Executive/Senior Manager can authorise image viewing and is contactable at all time via the Western Isles Hospital switchboard.

8 9.2.2 Staff receiving a request for access to view images must follow the procedures set out for Disclosure, Subject Access Requests under the Data Protection Act 1998 and similarly for Freedom of Information (Scotland) Act 2002 requests Access to CCTV images by the police will be processed in the same manner as other requests for personal data and in accordance with the guidance document CEL Information Sharing between NHS Scotland and the Police issued by the Scottish Government In accordance with CEL , where requests for access to CCTV images from the Police are time critical, CCTV images should be released to assist the Police with their enquiries, Section 29 forms can be submitted retrospectively by the Police Copies of images/footage to paper, video or digital format must be carried out to a standard suitable for the purpose required If copies are to be forwarded other than by hand then they must be transported in accordance with the DPA Informing 10.1 Anyone entering a building or grounds where CCTV is in operation will be notified through the display of clear and prominent signs which will contain the following information: The name of the organisation The purposes of the CCTV Who to contact about the system 10.2 This Policy will be published on the NHS Western Isles website Covert/DirectedSurveillance 11.1 In some circumstances it may be necessary for NHS Western Isles in the course of their duties to make observations of a person or persons in a covert manner. This will be conducted in compliance with HDL (2003) 30, Regulation of Investigatory Powers (Scotland) Act 2000 (RIPA / RIPSA) The use of CCTV cameras as part of covert surveillance will only be permissible in cases involving the following: Preventing or detecting crime or preventing disorder; 11.3 In accordance with HDL (2003) 30, where cases involve potential criminal activity involving NHS Fraud and irregularities NHS Scotland Counter Fraud Services will authorise and conduct directed surveillance on behalf of NHS Western Isles, where this is necessary and proportionate For criminal cases not involving fraud against the NHS, NHS Western Isles will advise the public body with complementary power in the area of concern of the

9 situation. Their trained investigators may then make use of covert surveillance authorised by their employing body where this is necessary and proportionate Complaints 12.1 Complaints regarding the operation of the CCTV system should be brought to the attention of the NHS Western Isles Complaints Department, 37 South Beach Street, Stornoway, Isle of Lewis Supporting Operating Procedures 13.0 This CCTV Policy will be supported by the following operating procedures/guidance: Out of Hours Guidance for On Call Executive/Senior Managers Subject Access Requests for CCTV images Freedom of Information Access Requests for CCTV images. Risk Assessment Procedures Guidance for Capital Planning Projects Installation of CCTV Retrieval of Images from CCTV Systems Use of CCTV for Real Time Monitoring of Images Siting of Cameras Guidance on Signage 14.0 Related Policies and Documents 14.1 This policy should be read in conjunction with the following: Information Commissioner s Office - CCTV Code of Practice, 2008 Data Protection Act 1998 Freedom of Information (Scotland) Act 2002 The Regulation of Investigatory Powers Act 2000 The Regulation of Investigatory Powers (Scotland) Act 2000 NHS HDL (2003) 30, Regulation of Investigatory Powers (Scotland) Act The Scottish Executive Covert Surveillance Code of Practice Management of Health and Safety at Work Regulations 1999 CCTV Guidance Notes for NHS Scotland Organisations 2001 Information Commissioner s Office - Employment Practices Code CEL Information sharing between NHS Scotland and the Police NHS Western Isles- Secure Storage, Communication & Transportation of Personal Information Policy NHS Western Isles Information Security Guidance for Staff NHS Western Isles- Management of Violence & Aggression Procedure NHS Western Isles- Lone Working Arrangement NHS Western Isles- Health & Safety Manual General Risk Assessment Procedure NHS Western Isles Management of Employee Conduct Policy NHS Western Isles- Fraud Policy

10 15.0 General 15.1 When Western Isles staff members are employed on a site that is owned and controlled by another organisation, that organisation is responsible for the operation and control of any CCTV system in place. If there is a request for access to CCTV images at these sites then the request should be made directly to the particular organisation concerned. NHS Western Isles would require any organisation in these circumstances to comply with the Information Commissioner s Code of Conduct for CCTV to ensure compliance with the legislation.