Version: / 1
Author: / Prepared by Nursing Matters & Associates.
Adapted for local use by:
Issue Date: / November 2012
Review date: / November 2014.
Authorised by:
1.0Policy Statement:
The use of Closed Circuit Television (CCTV) in the Centre will be in accordance with national standards and legislative requirements.
2.0Purpose of the Policy:
To outline the procedures and requirements for the use of CCTV in the Centre.
3.0Objectives.
3.1To outline the role and responsibilities of staff regarding the use of CCTV in the Centre.
3.2To outline the procedures in place for use of CCV in the Centre.
3.3To outline the safeguards in place to protect the privacy and confidentiality of residents, staff and visitors regarding the use of CCTV in the Centre.
4.0Scope.
This policy covers the use of CCTV in the buildings, premises and grounds of the Centre and applies to all staff employed in the Centre.
5.0Definitions.
5.1Data: means information in a form which can be processed. It includes both automated data and manual data.
5.2Personal Data: data relating to a living individual who is or can be identified either from the data or from the data in conjunction with other information that is in, or is likely to come into, the possession of the data controller. Recognisable images captured by CCTV systems are personal data and are therefore subject to the provisions of the Data Protection Acts.
5.3Processing: means performing any operation or set of operations on data. This includes:
■Obtaining, recording or keeping data,
■Collecting, organising, storing, altering or adapting the data,
■Retrieving, consulting or using the data,
■Disclosing the information or data by transmitting, disseminating or otherwise making it available,
■Aligning, combining, blocking, erasing or destroying the data.
5.4Data Controllersare those who, either alone or with others, control the contents and use of personal data.
5.5Data Subjectis an individual who is the subject of personal data.
5.6Data Processor: is a person who processes personal data on behalf of a data controller, but does not include an employee of a data controller who processes such data in the course of his/her employment.
6.0Principles Governing the Use of CCTV in the Centre.
6.1.1The Centre’s use of CCTV is underpinned by the following eight rules of data protection (Data Protection Commissioner, accessed 19/11/2012
6.1.2The remainder of this policy outlines how the Centre will adhere to these rules under the relevant sections.
7.0Use of CCTV in the Centre.
7.1Purpose of CCTV in the Centre.
CCTV is in use in the Centre for the following purposes:
7.1.1To act as a deterrent against unlawful intruders onto the grounds, buildings and premises of the Centre.
7.1.2To safeguard residents, staff and visitors from unlawful intruders.
7.1.3To monitor the perimeter of the Centre for security.
Note: If CCTV cameras are being used for monitoring workforce, there needs to be a clear rationale/justification for this use. When used for this purpose, you need to consider the following:
Provide clear details of what the purpose and benefits of this type of use are.
Make sure that you use the least intrusive method possible.
Have staff been informed that CCTV is being used for workforce monitoring and how it will be used and details of the data controller?
7.2Responsibilities of the Data Controller.
The Data Controller for the Centre is (Insert – this would be the proprietor/registered provider, which may be a company or an individual).The Data Controller has responsibilities regarding the use of CCTV in the Centre. The Data Controller must ensure that:
7.2.1Information is obtained and processed fairly.
7.2.2Information iskept only for one or more specified, explicit and lawful purposes.
7.2.3Use and disclose of information isonly in ways compatible with these purposes
7.2.4Information kept is safe and secure
7.2.5Information kept is accurate, complete and up-to-date
7.2.6Information kept is adequate, relevant and not excessive
7.2.7Information is not retained for longer than is necessary for the purpose or purposes
7.2.8A copy of an individual’s personal data is given to the individual, on request.
7.2.9Staff who have a role in processing data obtained from CCTV footage are made aware of their responsibilities.
7.2.10Give consideration to petitions from stakeholders such as staff /residents/visitors regarding possible invasion of privacy or confidentiality due to the location of a particular CCTV camera or associated equipment
7.2.11The Data processor.
The Data Processor for the Centre is (The data processor is the person or company who oversees or processes the data, for example it may be a security company that place and operate the cameras or a staff member who operates the CCTV on site. Where the data processor is a designated member of staff, the following responsibilities apply).
7.2.12The Data Processor must ensure that images captured will not be retained beyond a month, except where the images identify an issue – such as a break-in or theft - and is retained specifically in the context of an investigation of that issue.
7.2.13The data processed is stored securely in (Specify security arrangements).
7.2.14Ensure that access is restricted to authorised personnel (Identify here who, in the Centre is authorized to access data).
7.2.15Ensure that monitoring recorded tapes are not duplicated for release
7.2.16That tapes/DVDs should are stored securely and a log of access to tapes maintained. (Similar measures should be employed when using disk storage, with automatic logs of access to the images created).
7.2.17Review camera locations and be responsible for the release of any information or material stored in video tapes in compliance with this policy.
7.3Head of Maintenance.
The Head of Maintenance has the following responsibilities:
7.3.1Ensure that the perimeter of view from fixed location cameras conforms to this policy both internally and externally
7.3.2Ensure that all areas being monitored are not in breach of an enhanced expectation of the privacy of individuals within the Centre and be mindful that no such infringement is likely to take place
7.3.3Ensure that adequate signage, at appropriate and prominent locations is displayed as detailed
7.3.4Ensure that signage is maintained and does not become obscured.
7.4All staff.
All staff have the following responsibilities:
7.4.1Comply the requirements of this policy.
7.4.2Make known to their line manager any concerns they may have about the security/ breach of security of personal data collected.
7.4.3Apart from authorized persons, no staff member has the authority to access any data collected from CCTV in the Centre.
7.4.4Any equipment used for CCTV in the Centre must not be tampered with.
7.5Positioning of Cameras.
There are (Insert number) CCTV cameras located within and around the perimeters of The Centre. These are positioned in the following locations:
(List locations)
NB: According to the Data Protection Commissioner the use ofCCTV to monitor areas where individualswould have a reasonable expectationof privacy, for example, bedrooms, toilets,
day rooms, or dining rooms may involve a breach of the Data ProtectionActs. To justify its use in such areas onan ongoing basis, a data controller wouldhave to demonstrate that a pattern ofsecurity breaches had occurred in thearea prior to the installation of the systemsuch as would warrant constant electronicsurveillance.
7.6Notification of CCTV Use.
7.6.1Signage is in place at the following prominent locations and describing the purpose and location of CCTV monitoring, a contact number for those wishing to discuss CCTV monitoring and guidelines for its use.
7.7Storage and Retention.
Please describe where and how images are stored. What the security arrangements for storage are in place and the retention period – must not exceed 28 days, except in the circumstances already mentioned.
8.0Access Requests by Third Parties.
8.1The Centre acknowledges the right of access to any person whose image has been recorded on the CCTV system. In the event that a person requests access to personal images recorded, the following procedure must be followed:
8.2All requests must be made in writing to (Specify).
8.3The Centre may charge up to €6.35 for responding to such a request and will respond within 40 days.
8.4For practical purposes, the person should provide details of the data, time and location of the recording.
8.5On receipt of the request, (Specify) will examine the images from the date and time provided.
8.6If an image of the person exists and is of such poor quality as not to identify the individual, the image may not be considered to be personal data and (Specify) will inform the person in writing of this finding.
8.7If an image exists, which does identify the individual (Specify) will provide the person with either a still picture/series of still pictures; a tape or disk of the relevant images within 40 days of the request.
8.8Where any person is being provided with a copy of their data, other peoples images will be obscured before the data is released.
8.9A record will be kept of the data, time and description of data provided as well as the name of the person to whom it was provided.
8.10Supply of Images to An Garda Siochana.
8.10.1In the event that that a member of An Garda Siochana makes a request for access to data, the following procedure must be followed:
All requests for access must be made to (Specify).
A request from An Garda Síochána should be in writing on Garda headed notepaper however, for practical purposes pending receipt of the written request, following such a request,(Specify) will phone the requesting Garda’s station and ask to speak to a member in the District Office, the station sergeant or a higher ranking officer, to confirm that an investigation is authorised.
The Garda sergeant/other ranking officer will be asked to confirm that an investigation involving access to the data has been authorised.
A record will be made of the date and time of the phone call; name of the Garda sergeant / ranking officer and his/her confirmation of authorisation of the investigation.
A record will be kept of the data, time and description of data provided as well as the name of the person to whom it was provided.
9.0Covert Surveillance.
9.1.1The use of CCTV for covert surveillance in the Centre would occur only in exceptional purposes where there is involvement of An Garda Siochana for the purposes of preventing; detecting or investigating offences, or for apprehension or prosecution of offenders.
9.1.2In the above circumstances, in keeping with the principles previously outlined, only those specific individuals and / or locations required for the purpose of the investigation will be recorded and only for a specified time period agreed as reasonable for the purposes of conducting the investigation.
10.0References.
- Data Commissioner, Ireland, Data Protection and CCTV. Accessed from
- Health Information and Quality Authority (2009) National Quality Standards forResidential CareSettings for OlderPeople in Ireland.
- HEALTH ACT 2007 (care and welfare of residents indesignated centres for older people) regulations 2009.
- Health Information and Quality Authority Social Services Inspectorate (2012). Provider Newsletter. Issue 7 July 2012.
- Information Commissioner’s Office, UK (2008) CCTV Code of Practice.
1 | Page
CCTV Policy NMA-CCTV January 2014