Chapter 2: Standards & Regulatory Framework for CCTV in Scotland
14.1 This chapter sets out the issues that operators and managers of CCTV should consider. It is based on processes already in place in many local authorities across Scotland.
14.2 This section identifies the suggested purpose, use, management and monitoring of Public Space Closed Circuit Television ( CCTV) Systems in operation within Scotland ( the System)
14.3 The standards identified hereafter may also be applicable to the use of vehicle-based and re-deployable CCTV equipment linked to, or in conjunction with the System.
15.1 To have a set of common objectives which link or drive towards achieving items within the Single Outcome Agreement, Community and Community Safety Plan's where appropriate.
15.2 When setting up or reviewing existing Public Space CCTV Strategies consideration should be given to the following:
15.3 Public Space CCTV should aim to -
- Help identify, apprehend and prosecute offenders;
- Provide the Police and the local authority with evidence to take criminal or civil action in the courts;
- Assist in the maintenance of public order;
- Assist in reducing the fear of crime and provide reassurance to the public;
- Making the area safe for those people who live, work, and trade in it and also those who visit the area;
- Create economic improvements;
- Preventing and responding effectively to harassment;
- Assisting the Council in its enforcement, resource management and regulatory functions within the area; and
- Protecting the physical environment
16.1 The document has been created to provide guidance and a common set of principles to operators of Public Space CCTV across Scotland:
16.2 The Principles should aim:
- To ensure that all Systems are operated fairly and within the law, including third party involvement.
- To ensure that all Systems are operated using technology commensurate with the requirements under the Data Protection Act and that evidential data is provided to a nationally recognised standard format.
- To ensure that providers of any system comply with the appropriate vetting and disclosure requirements and staffed with operators who have achieved a minimum standard of training and where required, are fully licensed to carry out CCTV monitoring work by the Security Industry Authority ( SIA).
- To ensure that providers, while carrying out other duties in conjunction with Public Space CCTV, do not conflict with any of the other principles.
17.1 The local Code of Practice should be supplemented by a separate Operational Manual, which offers instruction to the operators on all aspects of the day to day operation of the System. This document will be based upon the contents of the Code of Practice in conjunction with the National CCTV Standards.
17.2 The Code of Practice and the Operational Manual are to reflect best practice in the use of Public Space CCTV and the requirements placed on the System's operation considering the Human Rights Act 1998, the Data Protection Act 1998, the Regulation of Investigatory Powers (Scotland) Act 2000 and the Information Commissioner's CCTV Code of Practice - Revised Edition 2008.
17.3 Any changes being considered for the National CCTV Standards will be communicated to all providers for consultation and agreement. Changes to locally produced Codes of Practice and Operational Manuals should be agreed and documented at a local level. However, any changes made should not conflict with the requirements of the National Standards.
17.4 A copy of the National CCTV Standards, the local Code of Practice and the Operational Manual should be available within all CCTV control centres.
17.5 All providers should introduce a whistle blowing procedure, which ensures that staff are encouraged to report breaches of the National and local CCTV Standards in strict confidence, through locally agreed routes.
17.6 Copyright and ownership of all recorded material (data) will remain the property of the provider.
Cameras and Area Coverage
18.1 Each public space CCTV camera within a system should produce an image on a CCTV monitor. Those images should be recorded digitally to the Hard Drives of dedicated digital recorders. Cameras should be located in and around the Local Authority area at locations prescribed by partnership agreement and in compliance with the Information Commissioner's Code of Practice. All Recorded Material will be classified as data.
18.2 Cameras should ideally be fully operational with Pan, Tilt and Zoom facilities ( PTZ) where operational requirements necessitate. Transmission should ideally be in real time (25 frames per second (fps)) via fibre optic cable, dedicated wireless transmission, or via a secure wide area computer network ( WAN). Re-deployable cameras should, if applicable and where possible, have in-built digital recording capacity and use secure wireless technology to transmit images to the control centre. Cameras on mobile CCTV vehicles should record to on-board dedicated digital recorders. Mobile CCTV vehicles may additionally have the facility to transmit live images to the control centre via the use of secure wireless technology.
18.3 'Privacy zones', where applicable and if the technology is available on the system, should be programmed to ensure cameras do not view the interior of any private dwellings within its range.
18.4 There may be circumstances during routine monitoring when it may be required to suspend 'Privacy Zones', where it is considered necessary for the detection or prevention of crime. Unannounced 'Intrusive Surveillance' procedures should be in place and communicated to all operators.
18.5 Where there is advanced knowledge of the suspension of 'Privacy zones' the operator will require written authorisation in accordance with the RIP(S)A legislation.
Monitoring and Recording Facilities
18.6 The cameras from a fixed camera system (wall or pole mounted) should transmit live images (25fps) back to a central control centre
18.7 Vehicle-based and re-deployable camera systems should record images within the vehicle or, if applicable, the individual camera module. Both systems have the option of sending images over secure wireless technology to a control centre where they can be monitored and recorded on a dedicated hard drive. Images transmitted in this way will have a lower and variable frame rate.
18.8 Secondary monitoring of the System will be subject to the agreements between the Local Authority and authorised partnership agencies and/or the completion of relevant and authorised RIP(S)A documentation.
Recording Data Policy
18.9 Subject to the equipment functioning correctly:
- Images from every fixed camera will be recorded throughout every 24-hour period onto the hard disc drives of dedicated digital video recorders. To ensure images of sufficient quality for partners to use, it is recommended that all cameras record at 25 fps (real time).
- Images from the vehicle-based cameras should be recorded during each surveillance period in both real-time and/or time-lapse mode on digital recording equipment.
18.10 Signs must be displayed which are clearly visible and legible, notifying the general public that CCTV monitoring is taking place in the area. The signs should indicate the presence of CCTV monitoring, the 'ownership' of the System and a contact telephone number of the 'data controller' of the System. All signs must comply with the requirements of the Data Protection Act.
18.11 Public Space CCTV cameras forming part of a Local Authority System are not installed in a covert manner. However, cameras may be used as part of a covert operation, subject to the relevant authorisation under RIP(S)A and the Scottish Government - Covert Surveillance Code of Practice.
Recording sound and Public Address
18.12 Public Address systems which allow a voice broadcast from control rooms may be considered - as will Help Points with two way communication facilities.
18.13 Re-deployable cameras can be used as part of any System. These are stand-alone cameras which can be temporarily fixed into specific locations and can then transmit data via secure wireless technology back to a control centre or recorded at source and be accessible at a later date. The use of these cameras, and the data produced as a result of their use should also comply with the objectives of the System and the local CCTV Code of Practice.
18.14 Local Authorities should have an agreed set of criteria in place before any re-deployable camera or a vehicle-based unit is specifically deployed. The criteria should include:
- Clearly define the objectives of the deployment
- Outline the expected outcome
- Identify the personnel involved in carrying out the deployment, including the person in charge
- Include communications arrangements surrounding the deployment
- Set out the handling arrangements of data captured as a result of the deployment
- Outline contingency procedures
- Confirm that any relevant authorisation has been obtained
- Review of results to ensure objectives have been achieved
- Comply with Data Protection & Human Rights legislation
- Where applicable, comply with RIP(S)A legislation
Maintenance of the System
18.15 In order to ensure that recorded images continue to be of appropriate evidential quality, as recommended by the Information Commissioner's Code of Practice, all public space CCTV systems should be maintained under a contractual agreement. Details of the maintenance agreement should be contained in the operational manual.
18.16 The maintenance agreement will make provision for regular/periodic service and maintenance checks, including emergency repair of equipment and settings to maintain picture and recording quality.
18.17 The system operator should ensure appropriate records are maintained in respect of the functioning of the cameras and of the response of the maintenance contractor.
ACCOUNTABILITY AND PUBLIC INFORMATION
19.1 Legitimate public concerns exist over the use of CCTV. In general the guidelines below are designed to ensure that the use of the system is subject to adequate supervision and scrutiny. It is of fundamental importance that public confidence is maintained.
19.2 Operators of Public Space CCTV systems are required to register the system with the Information Commissioner ( www.ico.gov.uk).
Local Annual Report
19.3 Operators of Public Space CCTV systems should produce an annual report. This should include relevant information including management structures and performance data. Copies of the annual report should be made available on request or placed on the Community Safety or other relevant section of the Councils/operating organisations web site.
19.4 Regular internal and peer reviews should be conducted to ensure compliance with the requirements of the Data Protection Act. It could also include organisations such as the Surveillance Commissioners who regularly audit local authorities' surveillance processes.
19.5 An evaluation should be conducted periodically in accordance with the Scottish Government guidelines. See Appendix 2
Control Centre Access
19.6 For reasons of security and confidentiality, access to the CCTV control centre will be restricted to authorised personnel only.
19.7 From time to time visitors may be granted access to the control centre. Good practice should ensure:
- Operators endeavour to maintain cameras on a long range view.
- Visitors should sign a dedicated access log which should include a declaration of confidentiality (see appendix 1).
- Visitors should be escorted at all times.
- Where a live incident occurs during a visit consideration should be given as to whether the visitor(s) should be required to leave the control centre.
- Visitors to any control centre must not be permitted to make requests to view specific stored material or give instruction to members of staff regarding the control of cameras.
- A restricted access notice should be clearly visible advising visitors that access to the control centre is restricted and must be supervised.
Enquiries and Complaints
19.8 Providers should ensure that a comprehensive procedure is in place to record public enquiries and complaints. All staff should be aware of the procedure and a dedicated officer appointed to co-ordinate responses. These procedures should be audited and the information should be included in the annual report.
STAFFING & OPERATION OF THE CONTROL CENTRE
20.1 Managers and Operating staff may require to be licensed by the Security Industry Authority ( SIA) to ensure legislative compliance. This requirement should be assessed based on local conditions.
20.2 All staff should be trained to a minimum standard of attainment which should include a sound knowledge of the following:
- Operation of the Control Centre equipment
- Control Centre and Review Suite administration
- Human Rights Act 1998
- The Data Protection Act 1998
- CCTV Code of Practice Revised Edition 2008
- The Regulation of Investigatory Powers (Scotland) Act 2000.
- Work place Health & Safety
20.3 CCTV Operators should be subjected to full security screening prior to commencement of employment. This could include vetting to Non Police Personnel Vetting Standard ( NPPV) but such decisions are best made locally. Whether this is to Enhanced or Standard level will be determined by whether or not the Control Centre is located within police premises. It is considered good practice that all operating staff sign a local declaration of confidentiality.
20.4 In addition, where emergency service Airwave Radio is installed within the control centre it is a requirement that all staff with access to the control centre sign the Official Secrets Act.
Operation of the System on behalf of a third party
20.5 Under certain circumstances a third party may make a request to make use of the System for a specific purpose.
20.6 Only requests which have been authorised under RIP(S)A by a Police Superintendent, authorised Council Officer or authorised representative from a partner agency will be considered. Any such request should only be accommodated by mutual agreement between authorised staff within the control centre and those making the request.
20.7 These requests must satisfy all legislative requirements. Local procedures should be in place to cover this eventuality.
20.8 In the event of such a request being approved, the control centre staff will be responsible for the operation of the equipment at all times.
20.9 In certain circumstances a request may be made under RIP(S)A, to assume full operational control of the System, which would exclude the control centre staff from the room. A procedure should be in place to recognise the possibility of such circumstances e.g. a Memorandum of Understanding ( MOU) between the relevant agencies and the Local Authority.
CONTROL CENTRE DESIGN
21.1 Control centre design and security should take cognisance of the standards set in BS 5979: 2007.
22.1 All data recorded by the CCTV System may potentially be used as evidence. In Scotland the Crown Office & Procurators Fiscal Service ( COPFS) has determined that the acceptable standard for presentation of digital evidence in Scottish courts is DVD format. As such, CCTV service providers should consider their systems ability to export data in this format and should aspire to meet this format if currently unable to do so.
22.2 All data must be handled with due regard to the individuals right to privacy, as well as in accordance with the following guidelines:
- All information should be treated strictly in accordance with any legislative requirements from the moment it is produced in the control centre until its final destruction
- The audit trail of recorded data will ensure that a particular evidence production can be tracked and traced at any time
- Access to and the use of, recorded data will be strictly for the purposes defined in the Data Protection Act
- Recorded data will not be copied, sold, otherwise released or used for commercial purposes, or for the provision of entertainment
- Members of the public may only view recorded data in accordance with current legislation
22.3 The Data Protection Act does not prescribe any specific minimum or maximum retention periods which apply to all systems or footage. Retention should reflect the organisation's own purposes for recording images. Recorded data would normally be stored for a maximum period of 31 days and then, in the case of recordings on hard drives, overwritten. Images should not be kept for longer than strictly necessary.
22.4 Where CCTV data is required as evidence, it must be clearly labelled, made tamper-proof and secured at all times, until released to the Police, or appropriate organisation. Procedures for the release of data to authorised personnel should be drawn up between local partners and agreed.
22.5 CCTV operators involved in the production of evidential data may be required to sign a witness statement. In some instances the operator may also be required to attend court and give evidence.
Release of data to a third party
22.6 Every request for the release of personal data generated by any System will be subject to the Data Protection Act and as such, the criteria for release must be adhered to at all times.
22.7 It may be beneficial for partner agencies to make use of recorded data for training and educational purposes. Such data should be destroyed at the end of its requirement.