Treasure Trove Fairs
Closed Circuit Television Systems (CCTVS) are installed in Botany Avenue Commercial Centre – TTFAIRS Units.
New CCTV systems have been introduced in consultation with stall holders, staff. Where systems are already in operation, their operation will be reviewed regularly in consultation with the security officer and business owner.
- PURPOSE OF POLICY
“The purpose of this policy is to regulate the use of Closed Circuit Television and its associated technology in the monitoring of the internal environs of the premises under the remit of Treasure Trove Fairs.
CCTV systems are installed internally in premises for the purpose of enhancing security of the building and its associated equipment as well as creating a mindfulness among the occupants, at any one time, that a surveillance security system is in operation within the premises during both the daylight and night hours each day. CCTV surveillance at TTFairs Units is intended for the purposes of:
- protecting the buildings and stall assets, both during and after business hours;
- promoting the health and safety of staff, stall holders and visitors;
- reducing the incidence of crime and anti-social behaviour (including theft and vandalism);
- supporting the Gardai in a bid to deter and detect crime;
- assisting in identifying, apprehending and prosecuting offenders; and
- ensuring that the TTFairs rules are respected so that the business can be properly managed.
- To ensure mindful productivity from its staff members
This policy relates directly to the location and use of CCTV and the monitoring, recording and subsequent use of such recorded material. Where classes and activities are carried out in rented premises, the <named TTfairs Carboot> will ensure that CCTV systems, where installed, are operated only in a way that is compatible with the provisions of this policy.
- GENERAL PRINCIPLES
The TTFairs Carboot as the corporate body has a statutory responsibility for the protection of its property, equipment and other plant as well providing a sense of security to its employees, stall holders and invitees to its premises. The TTFairs Carboot owes a duty of care under the provisions of Safety, Health and Welfare at Work Act 2005 and associated legislation and utilises CCTV systems and their associated monitoring and recording equipment as an added mode of security and surveillance for the purpose of enhancing the quality of life of the TTfairs Carboot community by integrating the best practices governing the public and private surveillance of its premises.
The use of the CCTV system will be conducted in a professional, ethical and legal manner and any diversion of the use of CCTV security technologies for other purposes is prohibited by this policy.
Information obtained through the CCTV system may only be released when authorised by the Business Owner, following consultation with the Chairperson of the Board of Management and/or the CEO in the case of TTfairs Carbootss. Any requests for CCTV recordings/images from An Garda Síochána will be fully recorded and legal advice will be sought if any such request is made. (See “Access” below). If a law enforcement authority, such as An Garda Síochána, is seeking a recording for a specific investigation, An Garda Síochána may require a warrant and accordingly any such request made by An Garda Síochána should be requested in writing and the TTfairs Carboot will immediately seek legal advice.
This policy prohibits monitoring based on the characteristics and classifications contained in equality and other related legislation e.g. race, gender, sexual orientation, national origin, disability etc.
Video monitoring of public areas for security purposes within TTfairs Carboot premises is limited to uses that do not violate the individual’s reasonable expectation to privacy.
Information obtained in violation of this policy may not be used in a disciplinary proceeding against an employee of the TTfairs Carboot or other visitor attending one of its TTfairs Carboots.
All CCTV systems and associated equipment will be required to be compliant with this policy following its adoption by the TTfairs Carboot. Recognisable images captured by CCTV systems are “personal data.” They are therefore subject to the provisions of the Data Protection Acts 1988 and 2003.
- JUSTIFICATION FOR USE OF CCTV
Section 2(1)(c)(iii) of the Data Protection Acts requires that data is "adequate, relevant and not excessive" for the purpose for which it is collected. This means that TTfairs Carboot needs to be able to justify the obtaining and use of personal data by means of a CCTV system. The use of CCTV to control the perimeter of the TTfairs Carboot buildings for security purposes has been deemed to be justified by the board of management. The system is intended to capture images of intruders or of individuals damaging property or removing goods without authorisation.
In other areas of the TTfairs Carboot where CCTV has been installed, e.g. hallways, stairwells, the Business Owner has demonstrated that there is a proven risk to security and/or health & safety and that the installation of CCTV is proportionate in addressing such issues that have arisen prior to the installation of the system.
- LOCATION OF CAMERAS
The location of cameras is a key consideration. Use of CCTV to monitor areas where individuals would have a reasonable expectation of privacy would be difficult to justify. TTFairs Carboot has endeavoured to select locations for the installation of CCTCV cameras which are least intrusive to protect the privacy of individuals.
CCTV Video Monitoring and Recording of Public Areas in TTfairs Carboot may include the following:
- Protection of TTfairs Carboot buildings and property: The building’s perimeter, entrances and exits, lobbies and corridors, special storage areas, cashier locations, receiving areas for goods/services
- Monitoring of Access Control Systems: Monitor and record restricted access areas at entrances to buildings and other areas
- Verification of Security Alarms: Intrusion alarms, exit door controls, external alarms
- Criminal Investigations (carried out by An Garda Síochána): Robbery, burglary and theft surveillance
- COVERT SURVEILLANCE
TTFairs Carboot will engage in covert surveillance where the need or legitimate suspicion arises and not to do so otherwise.
Where An Garda Síochána requests to carry out covert surveillance on TTfairs Carboot premises, such covert surveillance may require the consent of a judge. Accordingly, any such request made by An Garda Síochána will be requested in writing and the TTfairs Carboot will seek legal advice.
- NOTIFICATION – SIGNAGE
The Business Owner will provide a copy of this CCTV Policy on request to staff, stall holders, parents and visitors to the TTfairs Carboot. This policy describes the purpose and location of CCTV monitoring, a contact number for those wishing to discuss CCTV monitoring and guidelines for its use. The location of CCTV cameras will also be indicated to the Board of Management and, in the case of TTfairs Carboots, also to the CEO. Adequate signage will be placed at each location in which a CCTV camera(s) is sited to indicate that CCTV is in operation. Adequate signage will also be prominently displayed at the entrance to TTFairs Carboot property.
CCTV cameras in operation
Images are being monitored and recorded for the purpose of crime-prevention, the prevention of anti-social behaviour, the prevention of bullying, for the safety of our staff and stall holders and for the protection of TTFairs Carboot and its property. This system will be in operation 24 hours a day, every day. These images may be passed to An Garda Síochána.
This scheme is controlled by TTfairs Carboot [and operated by <CompCare IT>]
For more information contact <07874065493
Appropriate locations for signage will include:
- at entrances to premises i.e. external doors, TTfairs Carboot gates
- reception area
- at or close to each internal camera
- STORAGE & RETENTION
Section 2(1)(c)(iv) of the Data Protection Acts states that data "shall not be kept for longer than is necessary for" the purposes for which it was obtained. A data controller needs to be able to justify this retention period. For a normal CCTV security system, it would be difficult to justify retention beyond a month (28 days), except where the images identify an issue – such as a break-in or theft and those particular images/recordings are retained specifically in the context of an investigation/prosecution of that issue.
Accordingly, the images captured by the CCTV system will be retained for a maximum of 28 days, except where the image identifies an issue and is retained specifically in the context of an investigation/prosecution of that issue.
The images/recordings will be stored in a secure environment with a log of access kept. Access will be restricted to authorised personnel. Supervising the access and maintenance of the CCTV System is the responsibility of the Business Owner. The Business Owner may delegate the administration of the CCTV System to another staff member. In certain circumstances, the recordings may also be viewed by other individuals in order to achieve the objectives set out above (such individuals may include the Gardai, Business Owner,Delegated Data Controller, Contracted Installer or the Individual of a recorded visitor). When CCTV recordings are being viewed, access will be limited to authorised individuals on a need-to-know basis.
Tapes/DVDs will be stored in a secure environment with a log of access to tapes kept. Access will be restricted to authorised personnel. Similar measures will be employed when using disk storage, with automatic logs of access to the images created.
Tapes/DVDs storing the recorded footage and the monitoring equipment will be securely stored in a restricted area. Unauthorised access to that area will not be permitted at any time. The area will be locked when not occupied by authorised personnel. A log of access to tapes/images will be maintained.
Access to the CCTV system and stored images will be restricted to authorised personnel only i.e. Business Owner of TTfairs ,Contracted Installer or delegated data processor.
In relevant circumstances, CCTV footage may be accessed:
- By An Garda Síochána where TTFairs Carboot (or its agents) are required by law to make a report regarding the commission of a suspected crime; or
- Following a request by An Garda Síochána when a crime or suspected crime has taken place and/or when it is suspected that illegal/anti-social behaviour is taking place on TTFairs Carboot property, or
- To assist the Business Owner in establishing facts in cases of unacceptable other visitor behaviour; or
- To data subjects (or their legal representatives), pursuant to an access request where the time, date and location of the recordings is furnished to TTFairs Carboot, or
- To individuals (or their legal representatives) subject to a court order.
- To the TTfairs Carboot’s insurance company where the insurance company requires same in order to pursue a claim for damage done to the insured property.
Requests by An Garda Síochána: Information obtained through video monitoring will only be released when authorised by the Business Owner following consultation with the Chairperson of the Board of Management. If An Garda Síochána request CCTV images for a specific investigation, An Garda Síochána may require a warrant and accordingly any such request made by An Garda Síochána should be made in writing and the TTfairs Carboot should immediately seek legal advice.
Access requests: On written request, any person whose image has been recorded has a right to be given a copy of the information recorded which relates to them, provided always that such an image/recording exists i.e. has not been deleted and provided also that an exemption/prohibition does not apply to the release. Where the image/recording identifies another individual, those images may only be released where they can be redacted/anonymised so that the other person is not identified or identifiable. To exercise their right of access, a data subject must make an application in writing to the TTfairs Carboot Business Owner. The TTfairs Carboot may charge up to £50 for responding to such a request and must respond within 40 days.
Statutory DPA charges for a Individual Subject Access request is £10, however TTFairs charge upto £50 on the basis of administration fees.
The £50 cost covers:
- A CCTV Operator's time to locate and save into the evidence locker within the 30 days
- Use of the Digital Video Recorder
- Supply of the media for downloading the CCTV images
- Storage of records made of the application for the images
- Arranging a time for the operators to prepare the CCTV footage in accordance the Data protection rules ready for the individual to visit the premises to view the image(s) if requested
Access requests can be made to the following: Mike Snow 10 Derwent Crescent, Newbold, Chesterfield, Derbyshire, S41 8AL .
A person should provide all the necessary information to assist TTFairs Carboot in locating the CCTV recorded data, such as the date, time and location of the recording. If the image is of such poor quality as not to clearly identify an individual, that image may not be considered to be personal data and may not be handed over by the TTfairs Carboot.
In giving a person a copy of their data, the TTfairs Carboot may provide a still/series of still pictures, a tape or a disk with relevant images. However, other images of other individuals will be obscured before the data is released.
The Business Owner will:
- Ensure that the use of CCTV systems is implemented in accordance with the policy set down by TTFairs Carboot
- Oversee and co-ordinate the use of CCTV monitoring for safety and security purposes within TTFairs Carboot
- Ensure that all existing CCTV monitoring systems will be evaluated for compliance with this policy
- Ensure that the CCTV monitoring at TTFairs Carboot is consistent with the highest standards and protections
- Review camera locations and be responsible for the release of any information or recorded CCTV materials stored in compliance with this policy
- Maintain a record of access (e.g. an access log) to or the release of tapes or any material recorded or stored in the system
- Ensure that monitoring recorded tapes are not duplicated for release
- Ensure that the perimeter of view from fixed location cameras conforms to this policy both internally and externally
- Provide a list of the CCTV cameras and the associated monitoring equipment and the capabilities of such equipment, located in TTFairs Carboot to the owner formal approval
- Approve the location of temporary cameras to be used during special events that have particular security requirements and ensure their withdrawal following such events. NOTE: [Temporary cameras do not include mobile video equipment or hidden surveillance cameras used for authorised criminal investigations by An Garda Síochána].
- Give consideration to both stall holders and staff feedback/complaints regarding possible invasion of privacy or confidentiality due to the location of a particular CCTV camera or associated equipment
- Ensure that all areas being monitored are not in breach of an enhanced expectation of the privacy of individuals within the TTfairs Carboot and be mindful that no such infringement is likely to take place
- Co-operate with the Health & Safety Officer of TTFairs Carboot in reporting on the CCTV system in operation in the TTfairs Carboot
- Advise the owner that adequate signage at appropriate and prominent locations is displayed as detailed above
- Ensure that monitoring tapes are stored in a secure place with access by authorised personnel only
- Ensure that images recorded on tapes/DVDs/digital recordings are stored for a period not longer than 28 days and are then erased unless required as part of a criminal investigation or court proceedings (criminal or civil) or other bona fide use as approved by the Chairperson of the Board or owner.
- Ensure that when a zoom facility on a camera is being used, there is a second person present with the operator of the camera to guarantee that there is no unwarranted invasion of privacy
- Ensure that camera control is solely to monitor suspicious behaviour, criminal damage etc. and not to monitor individual characteristics
- Ensure that camera control is not infringing an individual’s reasonable expectation of privacy in public areas
- Ensure that where An Garda Síochána request to set up mobile video equipment for criminal investigations, legal advice has been obtained and such activities have the approval of the Chairperson of the Board or, in the case of an TTfairs Carboots, the CEO.
- SECURITY COMPANIES
The TTfairs Carboot CCTV system is controlled by a security company contracted by the TTfairs Carboot. The following applies:
The TTfairs Carboot has a written contract with the security company in place which details the areas to be monitored, how long data is to be stored, what the security company may do with the data, what security standards should be in place and what verification procedures apply. The written contract also states that the security company will give the TTfairs Carboot all reasonable assistance to deal with any subject access request made under section 4 Data Protection Acts 1988 and 2003 which may be received by the TTfairs Carboot within the statutory time-frame (generally 40 days).
Security companies that place and operate cameras on behalf of clients are considered to be "Data Processors." As data processors, they operate under the instruction of data controllers (their clients). Sections 2(2) and 2C of the Data Protection Acts place a number of obligations on data processors. These include having appropriate security measures in place to prevent unauthorised access to, or unauthorised alteration, disclosure or destruction of, the data, in particular where the processing involves the transmission of data over a network and against all unlawful forms of processing. This obligation can be met by having appropriate access controls to image storage or having robust encryption where remote access to live recording is permitted. Staff of the security company have been made aware of their obligations relating to the security of data..
- IMPLEMENTATION & REVIEW
The policy will be reviewed and evaluated from time to time. On-going review and evaluation will take cognisance of changing information or guidelines (e.g. from the Data Protection Commissioner, An Garda Síochána, Audit units (internal and external to the TTfairs Carboot) the C&AG (in the case of ETBs), national management bodies, legislation and feedback from stall holders, staff and others.
The date from which the policy will apply is the date of adoption by the Board of Management or maintained by a data processor, the date of formal adoption by the owner. Implementation of the policy will be monitored by the Business Owner of the TTfairs Carboot.
APPENDIX 1 - DEFINITIONS
Definitions of words/phrases used in relation to the protection of personal data and referred to in the text of the policy;
CCTV – Closed-circuit television is the use of video cameras to transmit a signal to a specific place on a limited set of monitors. The images may then be recorded on video tape or DVD or other digital recording mechanism.
The Data Protection Acts – The Data Protection Acts 1988 and 2003 confer rights on individuals as well as responsibilities on those persons handling, processing, managing and controlling personal data. All TTfairs Carboot staff must comply with the provisions of the Data Protection Acts when collecting and storing personal information. This applies to personal information relating both to employees of the organisation and individuals who interact with the organisation
Data - information in a form that can be processed. It includes automated or electronic data (any information on computer or information recorded with the intention of putting it on computer) and manual data (information that is recorded as part of a relevant filing system or with the intention that it should form part of a relevant filing system).
Personal Data – Data relating to a living individual who is or can be identified either from the data or from the data in conjunction with other information that is in, or is likely to come into, the possession of the data controller.
Access Request – this is where a person makes a request to the organisation for the disclosure of their personal data under Section 3 and/or section 4 of the Data Protection Acts.
Data Processing - performing any operation or set of operations on data, including:
- Obtaining, recording or keeping the data,
- Collecting, organising, storing, altering or adapting the data,
- Retrieving, consulting or using the data,
- Disclosing the data by transmitting, disseminating or otherwise making it available,
- Aligning, combining, blocking, erasing or destroying the data.
Data Subject – an individual who is the subject of personal data.
Data Controller - a person who (either alone or with others) controls the contents and use of personal data.
Data Processor - a person who processes personal information on behalf of a data controller, but does not include an employee of a data controller who processes such data in the course of their employment, for example, this might mean an employee of an organisation to which the data controller out-sources work. The Data Protection Acts place responsibilities on such entities in relation to their processing of the data.