Closed Circuit Television Camera - (CCTV) - NHS Swindon Clinical Commissioning Group - Swindon CCG

 
Closed Circuit Television Camera - (CCTV) - NHS Swindon Clinical Commissioning Group - Swindon CCG
Closed Circuit
   Television Camera
   (CCTV)
   Surveillance
   Policy

   NHS Swindon Clinical Commissioning Group
   October 2015December 2018

Our Mission: To Optimise the Health and Wellbeing of the People of Swindon and Shrivenham

                                     Page 1 of 24
NHS Swindon Clinical Commissioning Group (CCG)

 Policy:                       CCTV Policy
 Policy Ref:                   IG01
 Policy Statement:             This Policy sets out the appropriate actions and procedures,
                               which must be followed to comply with the Data Protection Act
                               in respect of the use of CCTV (closed circuit television) camera
                               surveillance in NHS Swindon Clinical Commissioning Group.

 Version Number:               1.20 1.4
 Version Date:                 12/11/201527/11/2018
 Review Date:                  30/11/201831/12/2020
 Author:                       Yvonne Knight, Corporate & InformationHead of Governance /
                               Risk Manager (C&IG/RM)
                               Senior Information Governance Manager, IG Manager, CSU
 Responsible Owner:            Caroline Gregory, Chief Financial Officer & SIRO
 Approving Body:               Integrated Governance & Quality Assurance Committee
                               Governing Body
   Document Control
   Reviewers & Approvals
   This document requires the following reviews and approvals.
 Name                                          Position                          Version          Date
                                                                                 Approved         Approved
 Caroline Gregory     Chair, Information Governance Steering Group               0.3              22/09/15
 Christine Perry      Chair, Integrated Governance & Quality Assurance           0.4              12/11/15
                      Committee
 Dr Peter Crouch      Chair, Governing Body                                      0.5              21/01/16
 Caroline Gregory     Chair, Information Governance Steering Group               1.2              28/11/18
 Maggie Arnold        Chair, Integrated Governance Committee                     1.4              03/01/19
 Dr Sarah Bruen       Interim Clinical Chair, Governing Body                     1.4
   Revision History
 Version     Revision     Details of Changes                                             Author
             Date
 0.1         04/02/2015   Draft Policy developed                                         CCG C&IG/RM
                                                                                         CSU IGM
 0.2         06/07/2015   Policy reviewed and amended. Appendix A added                  CCG C&IG/RM

 0.3         16/09/2015   Operational Procedure and retention period revised             CCG C&IG/RM
                          following testing of system capabilities.
 0.4         23/10/2015   Addition of stopping the deletion schedule if a SAR relating   CCG C&IG/RM
                          to CCTV images is received.
 0.5         12/11/2015   Minor amendments following consideration at IGC.               CCG C&IG/RM

Our Mission: To Optimise the Health and Wellbeing of the People of Swindon and Shrivenham

                                           Page 2 of 24
1.1           26/11/2018   Reviewed as part of scheduled review. Amended to          CSU Senior IG
                            include changes to Data Protection Legislation            Manager
 1.2           27/11/2018   Document control revised and updated. Further revisions   CCG Head of
                            and amendments to text.                                   Governance
 1.3           13/12/2018   Updated policy sections in line with corporate policy     Governance and Risk
                            template and re-numbering / re-formatting.                Manager, CCG
 1.4           19/12/2018   Addition of Section 6 – Roles and Responsibilities and    CCG Head of
                            Section 10 – Review.                                      Governance
   Acknowledgement of External Sources:
   List any policies or procedures from external institutions that have been used to inform the
   writing of this policy.
       Title/Author     Institution
       CCTV Policy      Tees, Esk and Wear Valleys NHS Foundation Trust
   Links or overlaps with other key documents & policies:
       Document Title                                    Version and Issue Date Link/Document
       Data Protection Act PolicyConfidentiality         2.01.0
       and Safe Haven Policy

   Distribution:
   This document has been distributed to the following people
    Name                                                              Date of Issue        Version
       Information Governance Steering Group                          12/02/2015           0.1
       Information Governance Steering Group                          07/07/2015           0.2
       Information Governance Steering Group                          22/09/2015           0.3
       Integrated Governance Committee                                12/11/2015           0.4
       Staff Partnership Forum                                        17/12/2015           0.5
       Governing Body                                                 21/01/2016           0.5
       Information Governance Steering Group                          28/11/2018           1.2
       Integrated Governance Committee                                03/01/2019           1.4
       Governing Body                                                 28/02/2019           1.4
   Document Version Numbering:
   Document versions numbered “0.1, 0.2, 2.4”, are draft status and therefore can be changed
   without formal change control. Once a document has been formally approved and issued it is
   version numbered “Issue 1.0” and subsequent releases will be consecutively numbered 2.0,
   3.0, etc., following formal change control.
   Freedom of Information
   If requested, this Document may be made available to the public and persons outside the
   healthcare community as part of NHS Swindon Clinical Commissioning Group’s commitment
   to transparency and compliance with the Freedom of Information Act.
   Accessibility
   This document is available in other styles, formats, sizes, languages and media in order to
   enable anyone who is interested in its content to have the opportunity to read and
   understand it.

Our Mission: To Optimise the Health and Wellbeing of the People of Swindon and Shrivenham

                                            Page 3 of 24
CONTENTS SECTION

   Contents
   1. Introduction ....................................................................................................... 5
   2. Purpose .............................................................................................................. 5
   3. Scope.................................................................................................................. 6
   4. Definitions .......................................................................................................... 6
   5. Process / Details of Policy or Procedure......................................................... 7
   6. Roles and Responsibilites .............................................................................. 12
   7. Training ............................................................................................................ 13
   8. Equality and Diversity ..................................................................................... 13
   9. Monitoring ........................................................................................................ 13
   10. Review ........................................................................................................... 13
   11. Dissemination ............................................................................................... 13
   12. Implementation ............................................................................................. 13
   13. References to Other Documents ................................................................. 14
   Appendix A – Operational Procedures for the Control and Use of CCTV ......... 15
   Appendix B - Signage............................................................................................. 18
   Appendix C – Right of Access Request Form ...................................................... 19

Our Mission: To Optimise the Health and Wellbeing of the People of Swindon and Shrivenham

                                                       Page 4 of 24
CCTV Policy

       1.    Introduction

       1.1   This document sets out the appropriate actions and procedures, which
             must be followed to comply with Data Protection Legislation the Data
             Protection Act in respect of the use of CCTV (closed circuit television)
             camera surveillance in NHS Swindon Clinical Commissioning Group
             (CCG).

       1.2   The Data Protection Act 1998 came into force on the 1st March 2000 and
             contains broader definitions than those of its predecessor (1984) Act and
             more readily covers the processing of images of individuals caught by
             CCTV cameras. The changes in data protection legislation mean that for
             the first time legally enforceable standards will apply to the collection and
             processing of images relating to individuals.

       1.3   A CCTV image that shows a recognisable person then it is generally
             classed as personal data and is covered by the Data Protection ActData
             Protection Legislation. Anyone who believes they have been filmed by
             CCTV is entitled to ask for a copy of the image(s), subject to the
             exemptions on access under the act. They do not have the right of instant
             access, and must abide by the appropriate CCG’s data protection
             procedures. In some cases a permanent copy of the information
             containing the images of the data subject need not be provided if a
             viewing of the footage has been agreed instead.

       1.4   An important new feature of the legislation is the production of a CCTV
             Code of Practice by the Office of the Information Commissioner.The
             Information Commissioner has produced a Code of Practice. This Code of
             Practice sets out the measures which must be adopted to comply with the
             Data Protection Act 1998Data Protection Legislation. This goes on to
             gives guidance for the following of good data protection practice. The
             Code of Practice has the dual purpose of assisting operators of CCTV
             systems to understand their legal obligations while whilst also reassuring
             the public about the safeguards that should be in place.

      2. Purpose

       2.1   The purposes of the CCG's CCTV scheme as notified under the Data
             Protection Act Data Protection Legislation include:

       •     to Ssupport Police in a bid to prevent or detect crime or disorder;
       •     to Aassist in the identification, apprehension and prosecution of offenders
             (including use of images as evidence in criminal proceedings);
       •     Tto increase personal staff / patient / public safety and reduce fear of
             crime;

Our Mission: To Optimise the Health and Wellbeing of the People of Swindon and Shrivenham

                                       Page 5 of 24
•     to Pprotect the CCG’s premises and assets;
       •     to Eensure that individual staff members feel safe working alone in the
             building outside of core office hours.

      3. Scope

       32.1 This Policy applies to all staff and contractors employed by the CCG, will
            cover all employees of NHS Swindon CCG, persons providing a service
            (voluntary or paid) to the CCG, visitors and all other persons whose
            image(s) may be captured by the system.

       34.   Definitions

       34.1 Prior to considering compliance with the principles of Data Protection
            Legislationthe Data Protection Act, a user of CCTV or similar surveillance
            equipment, will need to determine two issues.

       34.2 The type of personal data being processed i.e. is there any personal data
            which falls within the definition of special categories is there any personal
            data which falls within the definition of sensitive personal data as defined
            by Section 2 of the Act.as defined by Data Protection legislation.

       4.3‘Sensitive personal data’ in relation to this policy is includes images stored
       digitally.

       3.44.4 Under the Data Protection Act General Data Protections Regulations
              (GDPR), - 7 principles the personal data (including CCTV images) is being
              processed (including CCTV images) must be processed in a manner that
              is consistent with:

             -   fairly and lawfully processedLawfulness, fairness and transparancycey;
             -   processed for limited purposes and not in any manner incompatible
                 with those purposespurpose limitation;
             -   adequate, relevant and not excessivedata minimisation;
             -   accurateaccuracy;
             -   not kept for longer than is necessarystorage limitations;
             -   processed in accordance with individual’s rights;
             -   secureintegrity and confidentiality ;
             -   not transferred to countries without adequate protection.
             -   accountability

       3.54.5 The Information Governance (IG) Lead will ensure that CCTV Systems are
              registered with the Information Commissioner under the terms of the Data

Our Mission: To Optimise the Health and Wellbeing of the People of Swindon and Shrivenham

                                        Page 6 of 24
Protection Act 1998 of Data Protection Legislation and will comply with the
                 requirements of the Data Protection Act.

        3.64.6 All schemes will operate in accordance with the guidelines set out in the
               “CCTV Code of Practice” published by the Office of the Information
               Commissioner, a copy of which is available from the CCG’s IG LeadData
               Protection Officer (DPO) or direct from the Information Commissioner’s
               website.

        3.74.7 The CCG must adhere to the following guidelines, to conform to this Code
               of Practice Policy:

                 ∂    The CCG’s IT Team will be responsible for overseeing that the
                      monitoring of all images are is done so in accordance with this policy
                      and that suitable operation, backup, retention, destruction and
                      maintenance of all storage media is conducted in accordance with the
                      written operational procedure (see Appendix A).

                 ∂    Cameras will not be hidden from view and appropriate steps must be
                      taken to inform the public of the presence of the system and its
                      ownership at all times.

                 ∂    To ensure privacy, cameras will operate so that they only capture
                      images relevant to the purpose for which that the particular scheme
                      has been established and approved.

                 ∂    Images from the cameras are appropriately recorded in accordance
                      with the CCG’s existing operational procedures (see Appendix A).

                 ∂    There is no sound recording undertaken from any part of the system.

   5.     Process / Details of Policy or Procedure

   5.1System

        5.1.1        Types of CCTV System

                 This policy covers the use of the following types of system:
                 • Digital on PC

        5.21.2        Operation of the System

                 The scheme will be administered and managed by the CCG’s IT Team.

Our Mission: To Optimise the Health and Wellbeing of the People of Swindon and Shrivenham

                                           Page 7 of 24
The data controller will be NHS Swindon Clinical Commissioning Group.
                CCTV cameras within the CCG will not be used for covert surveillance.

       5.1.33     Siting the Cameras

                It is essential that the location of the equipment is carefully considered,
                because the way in which images are captured will need to comply with
                the Data Protection ActLegislation.

                To ensure privacy, cameras will operate so that they only capture images
                relevant to the purpose for which the particular CCG’s scheme has been
                established and approved.

                All cameras are located in prominent positions within public and staff view.

                Training programmes are facilitated for relevant CCG staff on the Data
                Protection Act Legislation and CCTV Code of practice.

                Signage has been placed on all entrance points to CCG premises to
                ensure staff and visitors are aware they are entering an area that is
                covered by CCTV surveillance equipment. The signage must include
                details on the purpose, organisation and contact details, see example in
                Appendix B.

       5.1.4      Quality of the Images

                It is important that the images produced by the equipment are as clear as
                possible in order that they are effective for the purpose(s) for which they
                are intended. This is why it is essential that the purpose of the scheme is
                clearly identified. For example if a system has been installed to prevent
                and detect crime, then it is essential that the images are adequate for that
                purpose.

                Upon installation all equipment is tested to ensure that only the designated
                areas are monitored and high quality pictures are available in play back
                mode. Cameras should be properly maintained and serviced annually to
                ensure that clear images are recorded. A record of such maintenance will
                be completed and retained by the CCG’s IT Team.

                All faulty equipment within the CCTV system that could affect picture or
                recording quality should be repaired or replaced as soon as practically
                possible. Failure to do so not only compromises the efficacy of the system,
                but also breaches two of the principles c and d of the Data Protection Act
                1998 GDPR– that data should be adequate and accurate principles – data
                minimisation and accuracy.

                If a time/date facility is used on the system regular reviews must take
                place to make sure that the system is displaying the correct time and date.

Our Mission: To Optimise the Health and Wellbeing of the People of Swindon and Shrivenham

                                          Page 8 of 24
5.1.5     Retention and Processing the Images

               Images, which are not required for the purpose(s) for which the equipment
               is being used, should not be retained for longer than is necessary. The
               Retention Period shall be for 30 days. While images are retained, it is
               essential that their integrity be maintained, whether it is to ensure their
               evidential value or to protect the rights of people whose images may have
               been recorded. It is therefore important that access to and security of the
               images is controlled in accordance with the requirements of the 1998 Act.

               Where the digital images are required for evidential purposes in legal or
               CCG disciplinary proceedings they will be properly processed following
               consultation with an Executive Director.

               The digital images should be copied to disc, placed in a sealed envelope
               signed and dated and stored securely until completion of the investigation.
               Viewing of images is controlled by the Head of ITAssistant Director of IT or
               a member of the IT Team nominated to act on his / her behalf.

               Images will not be made available to the media, for commercial gain or
               entertainment.

               Where a Subject Access Right of Access Request (SAR) relating to
               images captured on the CCG’s CCTV system is received, the deletion
               schedule should be stopped until the image(s) can be successfully copied
               and the SAR Right of Acccess Request is completed.

       5.1.6    Access to and disclosure of images to third parties

               It is important that access to, and disclosure of, the images recorded by
               CCTV and similar surveillance equipment is restricted and carefully
               controlled. This will ensure that the rights of individuals are preserved, but
               also to ensure that the chain of evidence remains intact should the images
               be required for evidential purposes e.g. a Police enquiry or an
               investigation being under taken as part of the CCG’s disciplinary
               procedure.

               Access to the medium on which the images are displayed and recorded is
               restricted to authorised CCG staff and any third parties as detailed in the
               purpose of the scheme. They will also be made available to the Police /
               Crown Prosecution Service / Solicitor / NHS Legal Protection Unit where
               requests are made under section 31(1)(a)section 29 of the Data Protection
               Act 2018 for the purpose of detecting crime.

               Advice on any issues can be sought from the Information Governance
               Lead. Data Protection Officer.

Our Mission: To Optimise the Health and Wellbeing of the People of Swindon and Shrivenham

                                         Page 9 of 24
Access and disclosure to images is permitted only if it supports the
               purpose of the scheme. Under these conditions the video/data record
               book completed and held by the CCG’s IT Team and the appropriate
               image release form (Appendix C) must be completed.

       5.1.7     Access to images by individuals

               Section 7 45 of the 1998 2018 Data Protection Act gives any individual the
               right to request access to CCTV images.

               A person whose image has been recorded and who wishes to access the
               tape must make a formal written request to the Information Governance
               LeadData Protection Officer. Individuals who request access to images
               must be issued with a copy of the Subject Access Right of Access
               Request form, Appendix C.

               Any person making a request must be able to satisfactorily prove their
               identity and provide sufficient information to enable the data to be located;
               this will include a suitable photograph of the data subject to assist in the
               search process.

       5.1.8     Exemptions to Right of Access the Subject Access Requests

               In considering a request made under the provisions of Section 7 45 of the
               Data Protection Act 19982018, Subject Right of Access provisions,
               reference may also be made to Section 31(1)(a)29 of the Act which
               includes, but is not limited to the following statement:

                Personal data processed for any of the following purposes:
               • tThe prevention or detection of crime; and
               • tThe apprehension or prosecution of offenders, are exempt from the
                  subject Right of access Access provisions in any case “to the extent to
                  which the application of those provisions to the data would be likely to
                  prejudice any of the matters mentioned in this subsection”.

               Each and every application will be assessed on its own merits and general
               ‘blanket exceptions’ will not be applied.

               If it is decided that a Subject Access Right of Access Request is not to be
               complied with, the reasons will be fully documented and the data subject
               informed stating the reasons.

       5.1.9 Requests to prevent processing

               An individual has the right to request a prevention of processing where it is
               likely to cause substantial and unwarranted damage to that individual.

Our Mission: To Optimise the Health and Wellbeing of the People of Swindon and Shrivenham

                                         Page 10 of 24
All requests should be addressed in the first instance to the Information
                Governance LeadData Protection Officer who will provide a written
                response within 21 days of receiving the request.

       5.1.10      Complaints

                Complaints received in relation to the CCTV scheme should be addressed
                to and will be dealt with by the CCG’s Head of ITAssistant Director of IT.

                Complaints received about processing under the Data Protection Act
                Legislation will be dealt with by the Information Governance Lead. Where
                these cannot be resolved the individual has the right to write to the Office
                of the Information Commissioner.

       5.1.11      Enforcement

                The Data Protection Commissioner has the power to issue Enforcement
                Notices where they consider that there has been a breach of one or more
                of the Data Protection Legislation Principles.

                An Enforcement Notice would set out the remedial action that the
                Commissioner requires of the CCG to ensure future compliance with the
                requirements of the Act. Additionally any such Notice would be
                investigated by the CCG, and may result in disciplinary action or
                prosecution of the person(s) concerned.

       5.1.12      Documentation

                Copies of all documentation and records relating to the CCTV scheme will
                be held by the CCG’s Assistant Director Head of IT and will be kept under
                restricted confidentiality, for a period of 6 years.

       5.1.13      Freedom of Information Requests

                The Freedom of Information Act 2000 gives any person the right to
                request information which is held by a public authority.

                NHS Swindon Clinical Commissioning Group is committed to being open
                and transparent with its health community and the wider public.

                FOI requests, which Swindon CCG has a duty to respond to within 20
                days, should be made in writing either by email to:

                freedomofinformation@swindonccg.nhs.uk

                or by post to:

Our Mission: To Optimise the Health and Wellbeing of the People of Swindon and Shrivenham

                                         Page 11 of 24
Freedom of Information officer
             NHS Swindon Clinical Commissioning Group
             The Pierre Simonet Building
             North Swindon Gateway
             North Latham Road
             Swindon
             Wiltshire
             SN25 4DL

             Your request will be automatically forwarded to NHS South Central & West
             Commissioning Support Unit, an NHS support organisation operating
             under the authority of the NHS England, whose staff manage requests on
             our behalf.

             They will acknowledge and deal with your request for the CCG, and will
             only use your personal information for this purpose.

             All information provided is held within secure computer systems and
             managed in line with the requirements of the Data Protection Act (1998)

       6.    Roles and Responsibilites

       6.1   Data Protection Officer
                ∂ The Data Protection Officer will ensure that CCTV Systems are
                   registered with the Information Commissioner under the terms of
                   Data Protection Legislation.
                ∂ Provide advice on the access to and disclosure of images to third
                   parties.
                ∂ Receive and deal wth any and all requests of access to images by
                   individuals.
                ∂ Receive and deal with any and all requests to prevent processing.

       6.2      IT Team
                    ∂ The CCG’s IT Team will be responsible for overseeing that the
                      monitoring of all images is done in accordance with this policy
                    ∂ The scheme will be administered and managed by the CCG’s IT
                      Team.
                    ∂ Complete and retain a record of the maintenance of the
                      cameras.
                    ∂ Control the viewing of all digital images.
                    ∂ Deal with any and all complaints received in relation to the CCTV
                      scheme.
                    ∂ Hold all documentation and records relating to the CCTV
                      scheme.

Our Mission: To Optimise the Health and Wellbeing of the People of Swindon and Shrivenham

                                     Page 12 of 24
7.    Training

             No specific training is currently available to support this policy. Any queries
             relating to policy development in general or the application of this policy
             specifically, should be directed to the Head of Governance.

       8.    Equality and Diversity

             The CCG has standard processes for assessing and monitoring Equality,
             Diversity and Inclusion.

       9.    Monitoring

             Progress reports will be presented to the Integrated Governance and
             Quality Assurance Committee and the Information Governance Steering
             Group as part of the monitoring of this policy.

       10.      Review

             This Policy will be reviewed after 2 years or sooner if required by
             legislation. The review will be conducted by the Policy Authors in
             conjunction with the Data Protection Officer and the Assistant Director of
             IT.

       7.    Equality and Diversity

             An Equality Impact Assessment (EIA) has yet to be completed for this
             policy but no significant issues are expected. The EIA will be published on
             the CCG internet when completed via the Communications and
             Engagement Team.

       11.      Dissemination

             The CCG’s Governance Lead Team together with the CCG’s
             Communication Team will be responsible for the dissemination of the
             approved policy to all CCG staff, including its availability via the CCG’s
             intranet.

       12.      Implementation

             Senior managers, managers and staff are responsible for implementing
             the CCG’s policies. Where the policy includes a training and / or a
             competency assessment requirement, staff should discuss this with their
             line manager in the first instance.

Our Mission: To Optimise the Health and Wellbeing of the People of Swindon and Shrivenham

                                       Page 13 of 24
13.      References to Other Documents

             Data Protection Policy Information Governance Policy
             Safe Haven and Confidentiality Confidentiality and Safe Haven Policy
             Subject Access Request Individual Rights Policy
             Freedom of Information Act Policy

Our Mission: To Optimise the Health and Wellbeing of the People of Swindon and Shrivenham

                                     Page 14 of 24
Appendix A – Operational Procedures for the Control and Use of CCTV

   In accordance with the CCG’s CCTV Policy all installations and use of CCTV must be
   conducted in accordance with:

      ∂   The CCG’s current CCTV Policy;
      ∂   The Data Protection Commissioner’s Code of Practice (CCTV) ;
      ∂   The following operational procedures.

   Standards

   Cameras

      ∂   Cameras must always be operated so that they will only capture the images
          relevant to the purpose for which the particular scheme has been established
          and approved.

      ∂   Cameras should be properly maintained in accordance with manufacturer’s
          guidance to ensure that clear images are recorded.

      ∂   Cameras should be protected from vandalism in order to ensure that they
          remain in good working order.

      ∂   If a camera/equipment is damaged or faulty there should be a separate local
          procedure for:

             -   Defining the individual(s) responsible for ensuring the
                 camera/equipment is fixed.
             -   Ensuring the camera/equipment is fixed within a specific time period.
             -   Monitoring and overseeing the quality of the maintenance work.

      ∂   Cameras located at the fire escape, rear outer door, front door, server room
          and reception area of the CCG’s offices will operate 24 hours per day, seven
          days per week.

      ∂   All other Cameras will operate between the hours of 18.30 and 08.00 Monday
          to Friday and 24 hours per day at weekends, ending at 08.00 on a Monday.

   Operators

      ∂   All operators of CCTV equipment should be trained in their responsibilities in
          accordance with the CCG’s policy and this procedure.

Our Mission: To Optimise the Health and Wellbeing of the People of Swindon and Shrivenham

                                       Page 15 of 24
∂   All staff involved in the handling of the CCTV equipment, both directly
          employed and contracted, will be made aware of the sensitivity of handling
          CCTV images and recordings.

   Training

      ∂   Guidance in the requirements of the law on of Data Protection Legislation will
          be given to staff who are required to manage and work the CCTV systems.

      ∂   Staff will be fully briefed and trained in respect of all functions, both
          operational and administrative relating to CCTV control operation.

      ∂   Training by camera installers will also be provided as appropriate.

   Maintenance

      ∂   A comprehensive maintenance log will be kept by the CCG’s IT Team which
          records all adjustments / alterations / non-availability.

      ∂   To maintain image quality, the media on which images have been recorded
          will be replaced at regular intervals.

      ∂   All media must be kept in a secure place and appropriately protected against
          damage from theft, tampering or inappropriate use from either members of
          staff or uninvited visitors.

      ∂   Images, which are not required for the purpose(s) for which the equipment is
          being used, will not be retained for longer than is necessary. The retention
          period for NHS Swindon CCG is 30 days.

      ∂   Where a Subject Access Right of Access Request (SAR) relating to images
          captured on the CCG’s CCTV system is received, the deletion schedule
          should be stopped until the image(s) can be successfully copied and the Right
          of Access Request (RAR) SAR completed.

      ∂   A review must be undertaken at least annually against the stated purpose of
          the identified scheme.

   Access

      ∂   All staff should be made aware of the procedures for granting access requests
          to recorded images or the viewing capabilities of CCTV schemes (as per the
          CCG’s CCTV Policy). All such requests (in the first instance) should be notified
          promptly to the CCG’s IG LeadData Protection Officer in writing.

Our Mission: To Optimise the Health and Wellbeing of the People of Swindon and Shrivenham

                                         Page 16 of 24
∂   Criteria for the viewing of images by non-security related personnel:

          At the discretion of the responsible officer, individuals may be allowed to view
          images:

          i) If they are investigating an untoward incident;
          ii) To identify persons relating to an incident.

          Areas which would normally result in permission being refused include:

          i) Where the person wishing to view has no connection with the incident or has
          no management role relating to an incident;
          ii) Where viewing is purely salacious;
          iii) Where the performance of a member of staff not relating to crime, fraud or
          the investigation of untoward incidents is involved.

Our Mission: To Optimise the Health and Wellbeing of the People of Swindon and Shrivenham

                                        Page 17 of 24
Appendix B - Signage

Our Mission: To Optimise the Health and Wellbeing of the People of Swindon and Shrivenham

                                     Page 18 of 24
Appendix C – Right of Access Request Form

   Subject Access Right of Access Request (SAR) Form

   This form enables you to apply for access to information held about you on the
   Swindon Clinical Commission Group CCTV system. It also explains your rights to
   access this information. NHS Swindon Clinical Commission Group (the CCG) is
   obliged to respond within one calendar month40 days upon receipt of a fully
   completed application.

   Your rights

   Subject to certain exemptions, you have the right to be told whether any information
   is held about you and a right to a copy of that information. The CCG will only release
   that information if we are satisfied as to your identity. The CCG will not give you any
   information, which identifies someone else, unless that person agrees. If you think
   that information might be held about you which may identify another person you may
   want to get that person’s agreement and send that to us with your application.

   The rights of Swindon Clinical Commission Group

   The CCG may deny access to information where the Data Protection LegislationAct
   allows but the main exemptions in relation to information held by The CCG are where
   the information is held for:
       ∂ The prevention or detection of crime
       ∂ The apprehension or prosecution of offenders
   Where giving you the information would be likely to prejudice any of these purposes.

   Fee

   A fee, up to a maximum of £10 may be charged under the Act. Currently the CCG
   does not charge a fee.

   Proof of Identity

   Section 1 asks you to give information about yourself that will help the CCG to
   confirm your identity. TheHE CCG has a duty to ensure that information is held in a
   secure manner and TheHE CCG must be satisfied that you are who you say you are.

Our Mission: To Optimise the Health and Wellbeing of the People of Swindon and Shrivenham

                                       Page 19 of 24
Section 2 asks you to provide evidence of your identity by producing document(s)
   with your application.

   Closed Circuit Television (CCTV), Video / Digital Images

   Images are retained on digital systems or tapes for 30 days and after this time the
   images on them are destroyed. A search will be made from the information you
   supply, 15 minutes either side of the times given, the full digital system will not be
   searched. Should your image appear on the digital system you will be given an
   option to view it. The viewing of the digital system / tape will be arranged by prior
   appointment.

   When you have completed this form please send it to: -

   Information Governance Team
   NHS South, Central and West Commissioning Support Unit
   Southgate House, Pans Lane, Devizes, SN10 5EQ
   Swindon Clinical Commissioning Group
   The Pierre Simonet Building
   North Swindon Gateway
   North Latham Road
   Swindon
   Wiltshire
   SN25 4DL

   Email: SCWCSU.SAR@nhs.net enquiries@swindonccg.nhs.uk

Our Mission: To Optimise the Health and Wellbeing of the People of Swindon and Shrivenham

                                        Page 20 of 24
1. Details of person requesting the information

    Full Name

    Present
    Address

                      Postcode:

    Date of Birth

    Telephone
    Number

   2. Proof of Identity

   To establish your identity and address, this application must be accompanied by a
   copy of document(s) bearing your full name (first name(s) and surname), date of birth
   and address (e.g. a driving licence). Copies of identification documents will be
   retained.
   As your application is for a CCTV image, then a passport type photograph and
   physical description is also required.

                    Photo

Our Mission: To Optimise the Health and Wellbeing of the People of Swindon and Shrivenham

                                      Page 21 of 24
3. Written authority

   If you are acting on behalf of the Data Subject (i.e. the person to whom the
   information is about) a written authority is required. Please complete the details
   below. Also please state your relationship to the data subject (e.g. solicitor /client,
   parent / child etc.)

    Full Name

    Present Address

                        Postcode:

    Date of Birth

    Telephone
    Number
    Relationship to
    the applicant

    Signature

   4. To help us find the information

   Please provide details of the information you are seeking, together with any other
   relevant information (dates, times location etc). This will help to identify the
   information you require.

              Please tick the        ∂   view the digital system / tape [ ]
           appropriate box(s)        ∂   Copy of the image [ ]

      Date and time of CCTV
                       event

Our Mission: To Optimise the Health and Wellbeing of the People of Swindon and Shrivenham

                                         Page 22 of 24
Location

     Details of what you seek

    Your physical description
     (including height, build)

    For THE CCG Use Only

    5. Receipt of Application

      Application checked and legible

            Date application received

            Identification document(s)
                              checked

               Details of document(s)

        Applicant Informed of Receipt

      Name of person completing this
                            section

                          Department

                                 Date

                            Signature

Our Mission: To Optimise the Health and Wellbeing of the People of Swindon and Shrivenham

                                         Page 23 of 24
Form Last Reviewed October 2015November 2018

Our Mission: To Optimise the Health and Wellbeing of the People of Swindon and Shrivenham

                                     Page 24 of 24
You can also read
Next slide ... Cancel