Search site

Privacy and Data Protection

CCTV - Code of Practice

3.1 Public Concern

3.1.1 Although the majority of the public at large may have become accustomed to 'being watched', those who do express concern do so mainly over matters pertaining to the processing of the information, (or data) i.e. what happens to the material that is obtained.

Note: 'Processing' means obtaining, recording or holding the information or data or carrying out any operation or set of operations on the information or data, including;

i) organisation, adaptation or alteration of the information or data;

ii) retrieval, consultation or use of the information or data;

iii) disclosure of the information or data by transmission, dissemination or otherwise making available, or

iv) alignment, combination, blocking, erasure or destruction of the information or data.

3.1.2 All personal data obtained by virtue of the New Forest District Council CCTV System, shall be processed fairly and lawfully and, in particular, shall only be processed in the exercise of achieving the stated objectives of the System. In processing personal data there will be regard for everyone's right to respect for his or her private and family life and their home.

3.1.3 The storage and security of the data will be strictly in accordance with the requirements of the Data Protection Act 1998 and additional locally agreed procedures.

3.2 Data Protection Legislation

3.2.1 The operation of the New Forest District Council CCTV System has been notified to the Office of the Information Commissioner in accordance with current Data Protection legislation.

3.2.2 The Data Controller for the System is the New Forest District Council and Hampshire Constabulary and day-to-day responsibility for the data will be devolved to the System Manager.

3.2.3 All data will be processed in accordance with the principles of the Data Protection Act, 1998 which, in summarised form, includes, but is not limited to:

i) All personal data will be obtained and processed fairly and lawfully.

ii) Personal data will be obtained and processed only for the purposes specified.

iii) Personal data will be disclosed only to the people or organisations shown within this Code.

iv) Only personal data will be held which is adequate, relevant and not excessive in relation to the purpose for which the data is held.

v) Steps will be taken to ensure that personal data accurate and where necessary, kept up to date.

vi) Personal data will be held for no longer than is necessary.

vii) Individuals will, in most cases, be allowed access to information held about them and, where appropriate, permitted to correct or erase it.

viii) Procedures will be implemented to put in place security measures to prevent unauthorised or unlawful processing or accidental loss or destruction of information.

3.3 Request for Information (Subject Access)

3.3.1 Any request from an individual for the disclosure of personal data which he/she believes is recorded by virtue of the System will be directed in the first instance to the System Manager.

3.3.2 The principles of Sections 7 and 8, 10 and 12 of the Data Protection Act 1998 (Rights of Data Subjects and Others) shall be followed in respect of every request - those Sections are reproduced as Appendix B to this Code.

3.3.3 If the request cannot be complied with without identifying another living individual, permission from all parties must be considered (in the context of the degree of privacy they could reasonably anticipate from being in that location at that time) in accordance with the requirements of the legislation.

3.3.4 Any person making a request must be able to satisfactorily prove their identity and provide sufficient information to enable the data to be located.  The appropriate 'Subject Access' request form is included in Appendix G.

3.4 Exemptions to the Provision of Information

In considering a request made under the provisions of Section 7 of the Data Protection Act 1998, consideration should be given to Section 29 of the Act which includes, but is not limited to, the following statement:

3.4.1 Personal data processed for any of the following purposes:--

i) the prevention or detection of crime

ii) the apprehension or prosecution of offenders

are exempt from the subject access provisions in any case 'to the extent to which the application of those provisions to the data would be likely to prejudice any of the matters mentioned in this subsection'.

Each and every application will be assessed on its own merits and general 'blanket exemptions' will not be applied.

3.5Criminal Procedures and Investigations Act, 1996

The Criminal Procedures and Investigations Act, 1996 came into effect in April 1997 and introduced a statutory framework for the disclosure to defendants of material which the prosecution would not intend to use in the presentation of its own case, (known as unused material).  An explanatory summary of the provisions of the Act is contained within the procedural manual, but disclosure of unused material under the provisions of this Act should not be confused with the obligations placed on the data controller by Section 7 of the Data Protection Act 1998, (known as subject access).

Updated: 2 Dec 2014
Powered by GOSS iCM