CCTV and other surveillance
The use of closed-circuit television (CCTV) in schools and colleges has
increased rapidly in recent years. While the use of such surveillance
may be perceived as a positive measure to help prevent vandalism and
enhance security, CCTV cameras can also lead to a climate of paranoia
among education staff. This guidance outlines the obligations on schools
when operating CCTV systems and applies across the UK.
The aim of the guidance (and its accompanying policy) is to ensure that
there is a full sharing of information between schools and their staff
about the purpose of CCTV, and the extent of its usage. Only by a clear,
open exchange of information will the current climate of potential
mistrust on this issue be eased.
Legal requirements
There are a number of legal requirements with which every school
installing CCTV has to comply. Firstly, schools have a statutory
requirement to notify the Information Commissioner that they are
installing CCTV and also to state clearly and precisely the purposes for
which it is being employed, including the dissemination and
distribution of all data collected. The Information Commissioner's
Office (www.ico.gov.uk) is the UK's independent authority overseeing
protection of personal information. Schools have to renew the
notification annually as well as inform the Information Commissioner
within 28 days if any changes are made to the use of CCTV.
The Information Commissioner must be informed of the identity of the
data controller. The data controller is likely to be either the school
(preferably a named employee) or the local authority - whoever is
responsible for the CCTV systems. If there are two or more parties
involved, as will often be the case, then all parties should be fully
aware of their responsibilities and obligations.
The actual use of CCTV can be affected by statutory legislation,
including the Data Protection Act 1998, the Human Rights Act 1998 and,
on occasion, the Regulation of Investigatory Powers Act 2000. Schools
must ensure that they not in possible breach of these regulations.
Assessing the impact of CCTV
When schools decide to use CCTV or are reviewing its continued use, they
should take into account the benefits of using surveillance cameras.
They must also consider whether better solutions exist, as well as the
effect it may have on individuals within the school. The latter should
form part of an assessment to determine whether CCTV is justified and
its impact.
Sutra Communication has produced a model impact assessment form, which members should
consider putting forward for the school to use. It is extremely
important that schools seek the views of all those who are subject to
surveillance - teachers, pupils and, significantly, their parents - and
respond to these views accordingly. Without this communication, is it
highly likely that staff and pupils may become suspicious. In short,
CCTV should not be introduced without extensive consultation.
Installation and placement of CCTV
When installing CCTV, management should state precisely and publicly the
objective of the installation. For different locations the objectives
may vary, some being common (eg security and protection of property) and
others specific (eg monitoring movement and behaviour in a communal
area).
Sutra Communication has serious reservations about the use of CCTV in classrooms,
especially for performance management purposes or in capability
procedures, where any use should be resisted. If the intended use
includes streaming to any external agency, members should seek further
advice from Sutra Communication.
A school's management needs to have clear procedures to determine how
the CCTV system operates. An authorised person (the data controlling
officer) has to be responsible for ensuring that the procedures are
followed. Sutra Communication recommends that the data controlling officer conducts a
full consultation with all school staff on the usage of CCTV.
The consultation should include an explanation of all the purposes for which the CCTV cameras are being, or have been, installed and confirmation that they comply with the law. As an outcome of the consultation, the school should implement a policy on its use of CCTV, which is made available to all staff and, preferably, provide a briefing on the policy for all staff.
When a CCTV system is installed in the school, signs must be put up to
state its purposes. The signs must be placed in prominent positions to
inform the public that they are entering a place where CCTV is in
operation. The sign must identify the data controller, which may be the
school or local authority, and give a contact number where further
information can be obtained. Sutra Communication recommends that every school should
have a data controlling officer on site, appointed from the senior
management team.
The siting of cameras must also be carefully planned and justified. The
school should state where the cameras have been installed and whether
they are fixed or dome cameras. In areas where staff and pupils have a
heightened expectancy of privacy, eg changing rooms or toilet areas,
cameras should not be used unless there are exceptional circumstances
such as if schools have very serious concerns that make it necessary for
them to be fitted. Such an exceptional circumstance might be when
vandalism has occurred in the entrance areas to changing rooms or if it
is suspected that bullying has taken place. However, even in those
circumstances, this should be time limited, and all staff and pupils
should be informed of the reason the cameras are there.
In no circumstances should CCTV be placed such that it could capture images of pupils changing. Cameras should not be fitted in staff rooms unless required for security reasons when the rooms are not occupied. In this case, it should only be switched on during those periods. Schools must be careful not to include captured images of surrounding properties, as this will contravene data protection regulations.
Viewing CCTV
The initial viewing of live and recorded images of CCTV should be
restricted to the data controlling officer only. It may be necessary to
appoint and train a deputy controlling officer to cover any absence, or
if the chief controlling officer is not normally on site or otherwise
not readily available. Special arrangements should be in place, and
published, if for any reason the installation and control of the CCTV
and images collected are under ultimate control of an outside agency, eg
under a PFI arrangement.
Sutra Communication, in general, considers that the outsourcing of any monitoring of
surveillance CCTV could have serious implications. Members should
contact Sutra Communication in such circumstances so the arrangements can be scrutinised
and suitable advice given. The school's policy should contain clear
information about the security of such images and access to them.
Requests for access to images should be dealt with under the policy and
decisions on such requests made by the data controlling officer, who
should have been fully trained in the use of the school's policy, and
the Data Protection Act and its subsequent code of practice.
Any recorded images should be viewed in a restricted area such as an
office, where content cannot be seen from the outside. If a school has
more than one person authorised to operate the CCTV system, it is
imperative a mechanism is in place to allow for communication and
transfer of information, ensuring that there is a consistent approach to
managing access to the CCTV images.
Storage and retention of CCTV images
The school's policy should also cover the retention of images taken by
the CCTV cameras. The policy on retention of images should align with
the school's purposes in recording them. For example, if the objective
of the CCTV is as a deterrent to vandalism, the policy should state that
once images are viewed, and with no reports of vandalism, the images
should be destroyed as soon as possible.
In essence, schools should strive to keep images for the shortest period
possible. It is absolutely paramount that images taken and stored
before they are destroyed are secure and that nobody other than the data
controlling officer has access to them.
If the CCTV system uses video or DVD recordings, the tapes/discs should
be indexed, stored for the appropriate amount of time and wiped clean
after that time expires, ready for reuse. If using hard drive
technology, the data controlling officer should be fully trained in its
use and how to index, store and wipe clean, as well as ensure that
security measures are in place to prevent external sources accessing the
footage. Where dissemination of data is possible, particularly with
(hard drive) digital systems, it must be clear who is authorised to
carry out such processing, the restrictions under which they operate and
the limitations of what they are authorised to do.
For all data that is stored for possible future viewing, a register must
be maintained, detailing relevant information such as date, time and
length of the original recording, as well as the locations covered and
groups or individuals recorded. Reviews of stored images should be
regularly conducted, so that obsolete stored material can be deleted
securely.
Requests for CCTV images
The data controlling officer should also be trained in issues such as
what to do if a request for the images is received from an outside
source, eg the police, who are able to make such an application for
purposes of preventing or detecting crime. The procedure for dealing
with such requests should be outlined in the school's policy and made
clear for all staff to see. In particular, the details of any data
released to a third party should be formally recorded, to also include
the date of the disclosure, to whom, reasons for the request and any
other relevant information, such as a crime incident number.
Review of CCTV systems
All school CCTV systems should be constantly reviewed to monitor their
effectiveness and impact on the school community. It is not acceptable
for a school simply to install CCTV cameras and forget about the impact
they may be having.
A policy of constant review is one way of demonstrating that the use of
CCTV is only for specific purposes. Should cameras be present in
classrooms, staff must remain confident that the system's use has not
been extended, even inadvertently or casually, into any formal or
informal process of performance management or capability procedures.
Complaints
Complaints about non-compliance with the Data Protection Act can be made
to the UK Information Commissioner (some areas, such as Scotland, have
their own Information Commissioner but it is the UK-wide IC who deals
with non-compliance). The UK Information Commissioner has the power to
serve on a data controller either:
- an information notice, requiring the data controller to provide details as to that data and the process taking place, or
- an enforcement notice, requiring the data controller to take specific steps, such as to stop processing or to rectify, erase or destroy the data.
Needless to say, failure to comply may lead to a criminal prosecution.
Summary
Ultimately, compliance with this guidance will result in schools being
protected from claims that they are breaching the law around
surveillance and the use of CCTV cameras. It will also serve to dispel
many of the justifiable fears and concerns that school staff and parents
have about the increasing use of surveillance in their schools.
By sharing information, school leaders are likely to find that their
comments, observations and opinions can be used to integrate into a
school-wide policy that makes the use of CCTV cameras specific and
purposeful.
There is a balance to be made between the intrusion into privacy that
CCTV cameras clearly can make, and the security and protection of anyone
who uses a school. As technology continues to advance at a rapid rate,
maintaining that balance is a challenge that schools will need to
continue to be aware of and address over coming years.
No comments:
Post a Comment