Security Policy Parliament Buildings CCTV Policy

September 2017 - V 1.2

Contents

Introduction and Objectives

1.1 Introduction

1.2 Definitions

1.3 Statement in Respect of the Human Rights Act 1998

1.4 Objectives of the CCTV System

1.5 Procedural Manual

1.6 Monitor and Review

 

Statement of Purpose and Principles

2.1 Purpose

2.2 General Principles of Operation

2.3 Copyright

2.4 Cameras and Area Coverage

2.5 Monitoring and Recording Facilities

2.6 Human Resources

2.7 Processing and Handling of Recorded Material

2.8 Operators Instructions

2.9 Changes to the Code or the Procedural Manual

 

Privacy and Data Protection

3.1 Public Concern

3.2 Data Protection Legislation

3.3 Request for information (subject access)

3.4 Exemptions to the Provision of Information

 

Accountability and Public Information

4.1 The Public

4.2 CCTV Information Leaflet

4.3 System Manager

4.4 System Operators

4.5 Audit

4.6 Public Information

 

The Assembly Control Room

5.1 Security Arrangements

5.2 Access to the Control room

5.3 Security Control Administration and Procedures

5.4 Staff

 

Maintenance of the CCTV System

6.1 System Maintenance

 

Management of Recorded Material

7.1 Recordings

7.2 Guiding Principles

7.3 Release of data

 

Digital Still Camera Image Prints

8.1 Digital Still Camera Image Prints

 

Appendices

Appendix A. Authorised access to the Assembly Control Room.

Appendix B. Authorised access to recordings

Appendix C.NI Assembly CCTV Image Retention Policy

Appendix D. Parliament Buildings – Areas covered by CCTV

 

Introduction and Objectives

1.1 Introduction

This Code of Practice is based on the Information Commissioners CCTV Code of Practice and guidelines, as enshrined in the Data Protection Act 1998.

The Northern Ireland Assembly has in place a CCTV system on the Assembly Property (Parliament Buildings) within the Stormont Estate.  Images are monitored and recorded centrally, and will be used in strict accordance with this policy.

The CCTV System is owned by Northern Ireland Assembly, Parliament Buildings, Ballymiscaw, Stormont, Belfast BT4 3XX.

The CCTV System comprises a number of CCTV cameras, located at strategic points, principally at the entrance and exit points of Parliament Buildings and within the building itself, which allows the Northern Ireland Assembly to carry out surveillance of the exterior and selected internal areas of Parliament Buildings. 

The Head of Usher Services with the support of staff, is responsible for the operation of the CCTV System and for ensuring compliance with this policy and the procedures documented in the Procedures Manual.  Contact details are as follows:

Head of Usher Services

Ken Eccles
(02890) 521945
Ext 21945
Email: ken.eccles@niassembly.gov.uk

Seamus McAleer
(02890) 521713
Ext 21713
Email: seamus.mcaleer@niassembly.gov.uk

The CCTV System is controlled from the Assembly Control Room within Parliament Buildings.  All areas of the Northern Ireland Assembly environs that are covered by CCTV, fall within this Code of Practice. 

The CCTV System comprises:

Fixed position cameras; Pan Tilt and Zoom

Cameras, monitors, multiplexers; digital recorders;

public information signs.

Signs are prominently placed at strategic locations including entrance and exit points to Parliament Buildings, to inform staff, Members, visitors and members of the public that a CCTV installation is in use and who to contact about the system.

Details of the CCTV System have been provided to the Information Commissioner and will be reviewed and updated annually as appropriate.

1.2 Definitions

Data Controller The Northern Ireland Assembly Commission

System Manager The Head of Usher Services.

System Owner The Northern Ireland Assembly Commission

Details of key personnel, their responsibilities and contact points are shown at Appendix (A) of this document.

1.3 Statement in Respect of the Human Rights Act 1998

The Northern Ireland Assembly recognises that public authorities and those organisations carrying out the functions of a public service nature are required to observe the obligations imposed by the Human Rights Act 1998. 

The Northern Ireland Assembly considers that the use of CCTV is a necessary, proportionate and suitable tool to primarily prevent, detect and help reduce criminal activity which may pose a threat to the Northern Ireland Assembly.  The secondary function of the CCTV system is to assist with public safety.

The CCTV System will be operated with respect for all individuals, recognising their right to be free from inhuman or degrading treatment, and avoiding discrimination on any ground such as sex, race, colour, language, religion, political or other opinion, national or social origin, association with a national minority, property, birth or other status.  The CCTV system will also be operated in such a way as to avoid infringement of individual privacy.

The Northern Ireland Assembly recognises its responsibility to ensure that the CCTV system should always comply with all relevant legislation to ensure its legality and legitimacy.  The CCTV system will be used only as a proportionate response to identified problems, and then only in so far as it is necessary in a democratic society:

  • in the interests of national security and public safety,
  • for the prevention and detection of crime or disorder,
  • for the protection of health and
  • for the protection of the rights and freedoms of others.

The Codes of Practice and observance of the Operational Procedures regarding the use of CCTV by the Northern Ireland Assembly shall ensure that evidence is secured, retained and made available as required by law, so that there is absolute respect for individuals' rights.

 

1.4 Objectives of the CCTV System

The CCTV System has been installed by the Northern Ireland Assembly Commission to protect Assembly premises and help ensure the safety of all Building users, staff, Members and visitors, consistent with respect for individual privacy. These objectives will be achieved by the ongoing monitoring of the CCTV System.

The Northern Ireland Assembly Commission’s notification to the Information Commissioner states the purpose of the CCTV system is for:

  • Crime prevention and detection, and the apprehension and prosecution of offenders
  • Deterring those having criminal intent;
  • Assisting in the prevention and detection of crime;
  • Facilitating the identification, apprehension and prosecution of offenders in relation to crime and public order;
  • Facilitating the movement of vehicles on site;

The CCTV System will not be used:

  • To provide recorded images for the world-wide-web;
  • For any automated decision taking.

1.5 Procedural Manual

A Procedures Manual has been produced which offers instructions on all aspects of the day to day operation of the CCTV System.  To ensure the purpose and principles (see Section 2) of the CCTV System are realised, the procedural manual is based and expands upon the contents of this Policy.

1.6 Monitor and Review

The operation of the CCTV System will be regularly monitored and the Policy will be reviewed every six months.

 

Statement of Purpose and Principles

2.1 Purpose

The purpose of this document is to set out the intended use of the CCTV System within the objectives outlined in Section (1).

2.2 General Principles of Operation

The CCTV System will be operated in accordance with all the requirements and the principles of the Human Rights Act 1998.

The operation of the CCTV System also recognises the need for formal authorisation of surveillance as required by the Regulation of Investigatory Powers Act 2000.

The CCTV System will at all times be operated fairly, within the law and within the provisions of the Data Protection Act 1998.  It will be used only for the purposes already outlined.

Public interest and confidence in the operation of the CCTV System will be safeguarded by ensuring the security and integrity of operational procedures.

Every effort has been made throughout the Code to indicate that a formal structure has been put in place, including a complaints procedure.

2.3 Copyright

Copyright and ownership of all material recorded by virtue of the CCTV System will remain with the Data Controller.

2.4 Cameras and Area Coverage

The areas covered by the CCTV System to which this Code refers, are those areas within the responsibility of the Northern Ireland Assembly and its environs.

The system comprises fixed position cameras, Pan Tilt and Zoom cameras, Monitors, Multiplexers, and digital recorders. Appropriate signage will identify the presence of all cameras.

Cameras are located at strategic points on the Assembly environs, principally at the entrance and exit points of the site and Parliament Buildings.  No camera will be hidden from view.  Cameras offer full colour, but may automatically switch to monochrome in low light conditions.  

2.5 Monitoring and Recording Facilities

The CCTV System cameras will be monitored on a 24 hour, 365 day basis from the Assembly Control Room.  The CCTV System also has the capability of recording via digital cameras operating throughout any 24 hour period.

All cameras can be monitored at any time on either a random or selected basis.  Duplicate monitoring and recording facilities also exist within the Assembly Control Room. 

The CCTV System is able to record images from selected cameras in real-time, produce hard copies of recorded images, and replay or copy any pre-recorded data at management’s discretion in accordance with the Code. All viewing and recording equipment will be operated by trained and authorised users.

2.6 Human Resources

Unauthorised access to the Assembly Control Room will be permitted at any time.  Access will be strictly limited to the Control Room Operators, Usher Services management, authorised persons, members of senior management, PSNI and any other person with statutory powers of entry.  A list of those members of management authorised to access the Assembly Control Room is shown at Appendix A of this document.

All authorised staff will be able to operate the CCTV System in accordance with the security operational procedures.

All operators shall receive training relevant to their role and in accordance with procedure.  Refresher training will be provided as necessary.

2.7 Processing and Handling of Recorded Material

All recorded material will be processed and handled strictly in accordance with this Code and the Procedures Manual.

2.8 Operators Instructions

Technical instructions on the use of the CCTV System equipment are contained in a separate Procedures Manual provided by the equipment suppliers. A copy of the Procedures Manual will be retained in the Room B35.

Operational procedures and Assembly Control Room instructions are currently in place. 

2.9 Changes to the Code or the Procedural Manual

Any major changes to either the Code or the Procedures Manual, will take place only after consultation with the CCTV System Owner.

 

Privacy and Data Protection

3.1 Public Concern

All personal data obtained by virtue of the CCTV System, shall be processed fairly and lawfully, and in particular only in the exercise of achieving the stated objectives of the CCTV System.  In processing personal data, a person’s right to respect for his or her private and family life, will always be observed. (see paragraph 2.2)

The processing, storage and security of the data will be strictly in accordance with the requirements of the Data Protection Act 1998, and additional locally agreed procedures.

Where the equipment permits it, 'Privacy Zones' will be programmed into the CCTV System as required, in order to ensure the correct parameters of the CCTV System are set.

3.2 Data Protection Legislation

The operation of the CCTV System has been notified to the Office of the Information Commissioner, in accordance with current Data Protection legislation.

The Head of Usher Services has responsibility for the CCTV System, and day to day responsibility for the data management has been devolved to the Principal Ushers.

All data will be processed in accordance with the principles of the Data Protection Act, 1998, summarised as outlined:

  • All personal data will be processed fairly and lawfully.
  • Personal data will be obtained only for the purposes specified.
  • Personal data held will be adequate, relevant and not excessive in relation to the purpose for which the data is processed.
  • Steps will be taken to ensure that personal data is accurate and where necessary, kept up to date.
  • Personal data will be held for no longer than is necessary.
  • Personal data will be processed in accordance with individuals’ rights under the Data Protection Act including individuals’ right of access to personal data.
  • Procedures will be in place to prevent unauthorised or accidental access to, alteration, disclosure, or loss and destruction of information.
  • Information shall not be transferred outside the European Economic Area unless the rights of individuals are protected.

3.3 Request for information (subject access)

Any request from an individual for the disclosure of personal data which they believe is recorded by virtue of the CCTV System will be directed in the first instance to the Head of Usher Services.

The principles of the Data Protection Act 1998 shall be followed in respect of every request.

If the request cannot be complied with without identifying another individual, permission from that individual must be obtained unless it is reasonable in all the circumstances to comply with the request without the consent of that individual.

Any person making a request must be able to satisfactorily prove their identity and provide sufficient information to enable the data to be located. 

3.4 Exemptions to the Provision of Information

In considering a request made under the provisions of Section 7 of the Data Protection Act 1998, reference may also be made to Section 29 of the Act which includes, but is not limited to, the following:

Personal data processed for any of the following purposes –

  • the prevention or detection of crime
  • the apprehension or prosecution of offenders

These are exempt from the subject access provisions in any case, to the extent to which the application of those provisions to the data subject would be likely to prejudice the matters referred to above.

 

Accountability and Public Information

4.1 The Public

Access to the Assembly Control Room is restricted in accordance with this code (see Appendix A). However, in the interest of openness and accountability, anyone wishing to visit the Assembly Control Room may be permitted to do so, subject to the privacy rights of others and with the prior approval of the CCTV System Manager (Head of Usher Services).

Any complaints with regard to any aspect of the CCTV System should be addressed in the first instance to the Head of Usher Services – contact details are as follows: 

Ken Eccles
Head of Usher Services,
NI Assembly, Parliament Buildings, Ballymiscaw, Stormont, Belfast, BT4 3XX                           Tel: (028) 90521945 (Ext 21945)
Email: ken.eccles@niassembly.gov.uk                                                                           

Concerns or enquiries relating to the provisions of the Data Protection Act 1998 may be addressed to the Information Standards Officer, and if unresolved, to the Information Commissioner’s Office – contact details of both are as follows:

Martina Dalton
Information Standards Officer
NI Assembly, Parliament Buildings, Ballymiscaw, Stormont, Belfast, BT4 3XX
Tel: (028) 90521147 (Ext 21147)
Email: martina.dalton@niassembly.gov.uk)

 

Information Commissioner’s Office (ICO)
Wycliffe House, Water Lane,
Wilmslow, Cheshire SK9 5AF
Tel: 0303 123 1113 (or 01625 545745 if you would prefer not to call an ‘03’ number, or +44 1625 545745 if calling from overseas)
Fax: 01625 524510

Further information can be found on the ICO website at: - www.ico.gov.uk

 

4.2 CCTV Information Leaflet

A CCTV Information leaflet is available explaining the purpose of the CCTV System, the type of data it records and the NI Assembly’s disclosure policy under the Data Protection Act 1998.  If a request is received to view recorded images, the leaflet will be issued.  The information requested will assist to correctly identify the requested data.

Copy of CCTV Information Leaflet can be found at: http://nia1.me/cctv

4.3 System Manager

The CCTV System Manager (Head of Usher Services) will have day-to-day responsibility for the operation, monitoring and reporting of the CCTV System.  The accuracy of images, in terms of date, time and quality will be ensured.  The ability to copy and download images will be restricted, as appropriate, by the CCTV System Manager.

4.4 System Operators

The CCTV System Manager (Head of Usher Services) will accept primary responsibility for ensuring there is no breach of security and that the Code is complied with.  The CCTV System Manager (Head of Usher Services) also has day to day responsibility for the management of the Assembly Control Room, and for ensuring compliance with the Code and Procedures Manual.

4.5 Audit

The CCTV System, the Code of Practice and Procedures Manual will be subject to audit at any time by the Assembly Internal Audit Team.  The accuracy of images, to ensure date, time and quality, as well as the control of image copying and downloading will be subject to audit.  Proactive checks and audit will take place on a regular basis to ensure compliance with procedures.  Further details can be found in the Procedures Manual.

The CCTV System may be subject to audit as determined by Regulations or the Information Commissioner.

4.6 Public Information

Code of Practice

A copy of the Code will be made available on request.

Signage

Appropriate signage with regard to the CCTV System will be located at entrance and exit points to the Parliament Buildings and its environs, and in internal areas where cameras are installed. The size and graphics of the signage complies with RNIB recommendations and will indicate:

  • The presence of CCTV monitoring;
  • The 'ownership' of the CCTV System;
  • Contact telephone number for the CCTV System (028 905 21001).

 

The Assembly Control Room

5.1 Security Arrangements

Images captured by the CCTV System will be monitored and recorded in the Assembly Control Room, on a 24 hour, 365 day basis. 

5.2 Access to the Control room

No unauthorised access to the Assembly Control Room will be permitted.  Access will be strictly limited to the duty Control Room Operators, Usher Services management authorised persons, members of Senior Management, PSNI and any other person with statutory powers of entry.  A list of those members of senior management authorised to access the Assembly Control Room is shown at Appendix (A).

Staff, Members and visitors may be granted access to the Assembly Control Room on a case by case basis, and only then on written authorisation from the Head of Usher Services or the Director of Corporate Services. In an emergency and where it is not reasonably practicable to secure prior authorisation, access may be granted to persons with a legitimate reason to enter the Assembly Control Room.

Before allowing access to the Assembly Control Room, staff will satisfy themselves of the identity of any visitor and that the visitor has appropriate authorisation. All visitors will be required to complete and sign the visitors’ log, which shall include details of their name, their department or organisation they represent, the person who granted authorisation and the times of entry and exit. A similar log will be kept of the staff on duty in the Assembly Control Room and of any visitors granted emergency access.

5.3 Security Control Administration and Procedures

Details of the administrative procedures which apply to the Assembly Control Room will be set out in the Usher Services Operating Procedures, a copy of which is available for inspection by prior arrangement.

Images of identifiable living individuals are subject to the provisions of the Data Protection Act 1998. The Principal Usher is responsible for ensuring day to day compliance with the Act. All recordings will be handled in strict accordance with this policy and the procedures set out in the Usher Services Operating Procedures.

5.4 Staff

All staff working in the Assembly Control Room will be made aware of the sensitivity of handling CCTV images and recordings. The Principal Usher will ensure that all staff are fully briefed and trained in respect of all functions arising from the use of CCTV.

All Assembly Control Room Operators will receive training updates on an annual basis. Training in the requirements of the Data Protection Act 1998 will be given by the Information Standards Officer to all those required to work in the Assembly Control Room.

 

Maintenance of the CCTV System

6.1 System Maintenance

To ensure compliance with the Information Commissioners Code of Practice, and that images recorded continue to be of appropriate evidential quality, the CCTV System shall be maintained in accordance with the maintenance agreement.

The maintenance agreement will make provision for a “callout” emergency repair service as well as regular/periodic service checks and maintenance of the equipment.

It is the responsibility of the Head of Building Services to manage the maintenance contract and maintain appropriate records.

 

Management of Recorded Material

7.1 Recordings

Digital recordings are obtained from the Assembly’s CCTV system operating in ‘real time’ mode.  Images are retained for 30 days from the date of recording, and then automatically erased. On occasion, it may be necessary to retain images for a longer period where a law enforcement agency is investigating a crime or where it is necessary and for the Assembly’s own purpose. 

Whilst images are retained, they will be held within a secure environment and are subject to recorded audit checks. Management procedures for image retention are listed below:

  • Image Retention Aim
  • Documenting retained images
  • Image Retention Guidelines
  • Image storage
  • Destruction of images
  • Systematic audit checks of retained images
  • Persons authorised to have access to images
  • Duties that authorised persons can perform

(See NIA CCTV Image Retention Policy - Appendix C)

7.2 Guiding Principles

Access to recorded material and the use of same will be strictly for the purposes defined in this Code.

Recorded material will not be copied, sold, or used for commercial purposes or for the provision of entertainment, or otherwise made available for any use which is incompatible with this Code.

7.3 Release of data

Every request for the release of personal data generated by this CCTV System will be channelled through the CCTV System Manager (Head of Usher Services), who will ensure the principles contained within Appendix B of this Code are followed at all times. 

It is intended, unless otherwise required by law, to safeguard the individual's rights to privacy and to give effect to the following principles:

  • Recorded material shall be processed lawfully and fairly, and used only for the purposes defined in the Code;
  • Access to recorded material will only take place in accordance with the standards outlined in Appendix B of this Code;

Members of the police service or any other agency having a statutory authority to investigate and / or prosecute offences may, subject to compliance with Appendix B, release details of recorded information to the media only in an effort to identify alleged offenders or potential witnesses. Under such circumstances, full details will be recorded in accordance with the Procedural Manual.

If material is to be shown to witnesses, including police officers, for the purpose of obtaining identification evidence, it must be shown in accordance with Appendix B and the Procedures Manual.

7.3.1 Requests by individuals for the release of their own personal data generated by this CCTV system must be made in writing to the Information Standards Officer.  Subject Access Request Forms are obtainable from the Usher Services Office, or alternatively requests can be submitted in writing via email, post or fax.

7.3.2 The Information Standards Officer will then arrange for a copy of the data to be made and given to the applicant.  All communications must go through the Information Standards Officer.  A response will be provided within 40 days of receiving the request.

7.3.3 The Data Protection Act gives the Information Standards Officer the right to refuse a request for a copy of the data, particularly where such access could prejudice the prevention or detection of crime, or the apprehension or prosecution of offenders.

7.3.4 If it is decided that a data subject access request is to be refused, the reasons will be fully documented and the data subject informed in writing, stating the reasons.

8.1 Digital Still Camera Image Prints

A print is a hard copy of a digital camera image or images which already exist on the digital hard drive storage unit. Such prints fall within the definition of 'data'.

Prints will not be made as a matter of routine. Each time a print is made, it must be justified by the originator, who will be responsible for recording the full circumstances under which the print is taken in accordance with the Procedures Manual.

Prints contain data and will therefore be released only under the terms of Appendix B of the Code, 'Release of data to third parties'. If prints are released to the media (in compliance with Appendix B) in an effort to identify alleged offenders or potential witnesses, full details will be recorded in accordance with the Procedures Manual.

A record will be maintained of all print productions in accordance with the Procedures Manual.  The recorded details will include a sequential number, the date, time and location of the incident, date and time of the production of the print, the identity of the person requesting the print (if relevant) and the purpose for which the print was taken.

The records of the video prints taken will be subject to audit, in common with all other records in the CCTV System.

 

Appendix A. Authorised access to the Assembly Control Room.

Other than Assembly Control Room operators on duty, the following persons have authorised access to the Assembly Control Room.

Head of Usher Services

Assistant Asembly Clerk Usher Services

Principal and Senior Ushers

Director of Corporate Services

Clerk/Chief Executive of the Assembly

 

Appendix B. Authorised access to CCTV recorded data

Release of Data to Third Parties - general policy

All requests for the release of data shall be processed in accordance with the Procedure Manual.  All such requests should be made in writing to the Information Standards Officer at the following address:

Information Standards Officer
NI Assembly
Parliament Buildings
Ballymiscaw
Stormont
Belfast
BT4 3XX

Email: info@niassembly.gov.uk

Those authorised access to recordings in order to achieve the purposes of the system

Director of Corporate Services

Head of Usher Services

Assistant Assembly Clerk Usher Services

Principal and Senior Ushers

Clerk/Chief Executive of the Assembly

Request to View Data

All requests to view data generated by the CCTV System, should be addressed to the Information Standards Officer and should be processed, provided:

  • The request is made in writing;
  • Sufficient information is supplied to identify the person making the request;
  • Sufficient and accurate information about the time, date and location is supplied, to enable the retrieval of the information; 
  • The reason for the request and the purported lawful basis of the request is supplied;
  • The person making the request is shown only information relevant to that particular request and which contains personal data of her or himself only, unless all other individuals who may be identified from the same information have consented to the disclosure, or it is reasonable in all the circumstances to disclose the information in the absence of such consent.

Before complying with a request, management will ensure the following:

  • The request does not contravene and compliance would not breach, current relevant legislation, i.e. Data Protection Act 1998, Human Rights Act 1998 etc
  • Any legislative requirements have been complied with, e.g. the requirements of the Data Protection Act 1998;

If in compliance with a request to view data, a decision is taken to release material to a third party, written agreement to release the information will be sought from the Head of Usher Services and the Information Standards Officer.

In complying with a request to supply a copy of the data to the data subject, only data pertaining to the individual should be copied.  All other personal data which may facilitate the identification of any other person should be concealed or erased. 

In addition to the principles contained within the Data Protection legislation, the NIA will ensure the data is:

  • Not the subject of a complaint or dispute which has not been actioned;
  • The original data and that the audit trail has been maintained;
  • Not removed nor copied without proper authority;
  • For individual disclosure only (i.e. to be disclosed to a named subject)

Process of Disclosure

Before complying with a request, management will ensure the following:

  • The accuracy of the request is verified.
  • The data is replayed to the requester only (or person lawfully acting on behalf of the person making the request).
  • The viewing takes place in a separate room and not in the control or monitoring area. Only data which is specific to the search request shall be shown.
  • It must not be possible to identify any other individual from the information being shown (any such information will be blanked-out, either by means of electronic screening or manual editing on the monitor screen).
  • If a copy of the material is requested and there is no on-site means of editing out other personal data, then the material shall be redacted prior to being sent to the person requesting the data

Media disclosure

In the event of a request from the media for access to recorded material, the procedures outlined below shall be followed:

  • The release of the material must be accompanied by a signed release document that clearly states what the data will be used for, sets out the limits on its use, and indemnifies the partnership against any breaches of the legislation.
  • The release form shall state that the receiver must process the data in a manner prescribed by the Assembly Commission e.g. specific identities/data that must not be revealed.
  • It shall require that proof of any editing must be passed back to the NIA, either for approval or final consent, prior to its intended use by the media (protecting the position of the Assembly Commission who would be responsible for any infringement of Data Protection legislation and the CCTV System's Code of Practice).
  • The release form shall be considered a contract and signed by both parties.

 

Appendix C. NI Assembly CCTV Image Retention Policy

1. Aim

1.1. The aim of this policy is to ensure compliance with the DPA (Data Protection Act), Human Rights Act and best practice as laid down by the Information Commissioners Office.

2. Overview

2.1. The Data Protection Act (DPA) does not prescribe any specific minimum or maximum retention periods that apply to CCTV systems. Retention should not be for any purpose incompatible with the Assembly’s own purpose for recording images. Images should not be kept for longer than necessary. On occasion it may be necessary to retain images for a longer period where a law enforcement body is investigating a crime to give them opportunity to view the images as part of an active investigation. Regular systematic checks of retained images are to be conducted to ensure best practice and policy compliance.

3. Assembly CCTV Image Storage and Access

3.1. Images recorded on the Assembly’s CCTV system are held for 30 days and are then automatically erased. Whilst images are retained, they are kept within a secure environment and access to the images is restricted to authorised personnel only.

4. Image Retention Guidelines

4.1. Retained images will be fully documented.

4.2. Images must not be retained for longer than is necessary for a particular specified and lawful purpose.

4.3. Once a retention period has expired, the images must be securely erased and that erasure documented.

4.4. If images are kept for evidential purpose, they are to be kept in a secure place in accordance with Information Assurance Policy with controlled documented access.

4.5. Digital images will be retained within the secure locker on the review client, unless the data controller authorises a copy (DVD) to be made.

5. Documenting the Retention of CCTV Images

5.1. The following details are to be recorded when images are retained.

  • The date/time at which the images were retained.
  • Name of person retaining the images.
  • Review date for the end of the retention period.
  • The reason for retaining the images.
  • Any crime number to which the images are relevant.

6. Documenting the Destruction of Images

6.1. The destruction of CCTV images is to be undertaken by an authorised person and countersigned by a line manager.

6.2. The following details below are to be recorded when images are deleted.

  • Name and signature of person deleting the images.
  • Date/time of deletion of images.
  • Reason for deletion of images.
  • Name and signature of person witnessing deletion of images.

Note: Images refers to digital data that is held within the ‘Synectics Review Locker’, or a copy held on DVD.

7. Regular Systematic Checks of the Retention Process

7.1. Audits of images that have been retained are to be conducted by Usher Services management to ensure that the Retention Policy is being complied with and that results are recorded, as explained below.

  • Name of person conducting Retention Policy checks.
  • Date/time of Retention Policy checks.
  • Number of images being retained.
  • Reason for retention of each image.
  • Compliance of retention period for each image
  • Security of images being retained (Access to retained images restricted to authorised personnel only)

8. List of Authorised Persons

8.1. The following persons are authorised to have access to images held within the Assembly Security Management System:

  • Head of Usher Services
  • Data Controller
  • Principal and Senior Ushers
  • Authorised Contractors (when conducting repairs / maintenance only)
  • Persons who have received written authorisation of access from the Head of Usher Services.

9. Authorised Persons Duties

9.1. Authorised persons have the authority to perform the following duties in relation to the retention of images:

  • Retain images on the Synectics client locker. (Subject to the Image Retention Guidelines)
  • Copy images onto DVD when authorised by the Data Controller and in accordance with the policy.
  • Review and delete images that are no longer required, to ensure best practice and compliance with the DPA and Image Retention Guidelines
  • Maintain and update the relevant documentation.
  • Conduct systematic checks of the retention process to ensure compliance.
  • Give authority for repairs / maintenance to the image retention systems.

 

Appendix D. Parliament Buildings’ Areas Covered by CCTV

  • East and West barriers and entrance routes
  • Upper East and West Car Parks
  • The building frontage including steps and apron
  • All building access points external and internal
  • Basement corridors leading from access points
  • The Great Hall
  • All Galleries in the Commons Chamber

Find MLAs

tools-map.png

Locate MLAs

Search

News and Media Centre

tools-media.png

Read press releases, watch live and archived video

Find out more

Follow the Assembly

tools-social.png

Keep up-to-date with the Assembly

Find out more