CCTV

Policy summary

St Chads Church has in place a Closed-Circuit Television (CCTV) surveillance system. This policy details the purpose, use and management of the CCTV system and details the procedures to be followed in order to ensure that St Chads Church complies with relevant legislation and Codes of Practice where necessary.

This policy and the procedures therein detailed, applies to all of St Chads Churches CCTV systems including covert installations capturing images of identifiable individuals for the purpose of viewing and or recording the activities of such individuals. CCTV images are monitored and recorded in strict accordance with this policy.

Contents

Introduction. 3

Purpose. 3

Scope. 3

Definitions. 4

Policy. 5

Policy statement 5

Location and signage. 5

Monitoring and recording. 6

Covert surveillance. 6

Facial Recognition. 7

Live Streaming. 7

Data Protection. 7

Retention of images. 9

Complaints Procedure. 9

Review Procedure. 9

Responsibilities. 9

Approval and review.. 10

Revision history. 10

Appendix 1 – CCTV Template Signage. 11

Introduction

  1. St Chads Church uses closed circuit television (CCTV) images for the prevention, identification and reduction of crime and to monitor the premises of St Chads Church in order to provide a safe and secure environment for staff, clergy, church officers, volunteers, visitors, users of the hall and car park, and to prevent the loss of or damage to St Chads Church contents and property.
  2. The CCTV system is owned by St Chads Church, Hollyfield Road, Sutton Coldfield, B75 7SN and managed by St Chads Church. St Chads Church is the system operator, and data controller, for the images produced by the CCTV system, and is registered with the Information Commissioner’s Office, Registration number A8935272
  3. The CCTV system is operational and is capable of being monitored for 24 hours a day, every day of the year.

Purpose

  • This Policy governs the installation and operation of all CCTV cameras at St Chads Church.   
  • CCTV surveillance is used to monitor and collect visual images for the purposes of:
    • protecting the buildings and assets, both during services (externally) or office hours, and after hours;
    • reducing the incidence of crime and anti-social behaviour (including theft and vandalism);
    • supporting the Police in a bid to deter and detect crime;
    • assisting in identifying, apprehending and prosecuting offenders; and
    • ensuring that the rules are respected so that the site/s can be properly managed.

Scope

  • This policy applies to St Chads Church and also to any separate legal entities owned and controlled by them which occupy premises controlled by the CCTV system.
  • This policy is applicable to, and must be followed by, all staff including consultants and contractors. Failure to comply could result in disciplinary action, including dismissal. This policy also applies to volunteers, trustees, committee members and Synod members.
  • All church officers involved in the operation of the CCTV System will be made aware of this policy and will only be authorised to use the CCTV System in a way that is consistent with the purposes and procedures contained therein. 
  • All systems users who are church officers with responsibility for accessing, recording, disclosing or otherwise processing CCTV images will have relevant skills and training on the operational, technical and privacy considerations and fully understand the policies and procedures.
  • Where required, CCTV operators will be properly licensed by the Security Industry Authority as follows:
  • A license is not needed if the person overseeing the CCTV is undertaking the work as a volunteer and receives no payment in kind or a reward for services. If the person in charge of this is a churchwarden, a license may not be needed.
  • A minister who is listed as the CCTV operator, as a fixed entity/person, will be treated as an “employee” and will therefore require a license.

Definitions

CCTV – closed circuit television camera. A TV system in which signals are not publicly distributed but are monitored, primarily for surveillance and security purposes and where access to their content is limited by design only to those able to see it.

Covert surveillance – observation, and/or recording, carried out without the subject’s knowledge, and may be done using camera’s or devices that are not visible to the subject.

Data controller – the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of CCTV images.

Data Protection Act 2018 (DPA) – UK data protection framework, regulating the processing of information relating to individuals.

Facial/ automated recognition – the use of camera technology to identify individuals’ faces and to make automated matches.

General Data Protection Regulations 2016 (GDPR) – European Union data protection framework, regulating the processing of information relating to individuals.[A3] 

ICO CCTV Code of Practice 2017 – recommendations on how the legal requirements of the Data Protection Act 1998 can be met when using CCTV, issued by the Information Commissioner’s Office.  The guidance will be updated to comply with current legislation.

Security Industry Authority (SIA) – the organisation responsible for regulating the private security industry in the UK, under which private use of CCTV is licensed. It is an independent body reporting to the Home Secretary, under the terms of the Private Security Industry Act 2001.

Surveillance Camera Code of Practice 2013 – statutory guidance on the appropriate and effective use of surveillance camera systems issued by the Government in accordance with Section 30 (1) (a) of the Protection of Freedoms Act 2012.

System Operator – person or persons that take a decision to deploy a surveillance system, and/or are responsible for defining its purpose, and/or are responsible for the control of the use or the processing of images or other information obtained by virtue of such system.

System User – person or persons who may be employed or contracted by the system operator who have access to live or recorded images or other information obtained by virtue of such a system.

Policy

Policy statement

  1. St Chads Church will operate its CCTV system in a manner that is consistent with respect for the individual’s privacy. 
  2. St Chads Church complies with Information Commissioner’s Office (ICO) CCTV Code of Practice 2017 to ensure CCTV is used responsibly and safeguards both trust and confidence in its continued use.
  3.  The CCTV system will be used to observe the areas under surveillance in order to identify incidents requiring a response. Any response should be proportionate to the incident being witnessed. 
  4. The use of the CCTV system will be conducted in a professional, ethical and legal manner and any diversion of the use of CCTV security technologies for other purposes is prohibited by this policy.
  5. Cameras will be sited so they only capture images relevant to the purposes for which they are installed. In addition, equipment must be carefully positioned to: 
  6. cover the specific area to be monitored only;
  7. keep privacy intrusion to a minimum;
  8. ensure that recordings are fit for purpose and not in any way obstructed (e.g. by foliage);
  9. minimise risk of damage or theft.
  10. CCTV will not be used for the purposes of streaming live services held in St Chads Church. See paragraph 38 on “Live Streaming” on page 6
  11. Interior CCTV will not used
  12. Exterior CCTV will remain in operation during services.

Location and signage

  1. Cameras are sited to ensure that they cover the premises as far as is possible. Cameras are installed throughout the site including: by the sliding doors to the hall, the main entrance to the hall, the carpark area near to the woodland, car park area behind the hall, and the main path to the church building
  2. The location of equipment is carefully considered to ensure that images captured comply with data protection requirements. Every effort is made to position cameras so that their coverage is restricted to St Chads Church premises, which may include outdoor areas.
  3. Signs are placed at all pedestrian and vehicular entrances in order to inform staff, church officers, visitors and members of the public, including local Uniform Groups, dance groups, and footballers using the carpark that CCTV is in operation.
  4.  The signage indicates that monitoring and recording is taking place, for what purposes, the hours of operation, who the system owner is and where complaints/questions about the systems should be directed.
  5. Signage templates are included in Appendix 1.

Monitoring and recording

  • Cameras can be monitored in a secure private office (church office).
  • Recordings will be stored in a fixed and secure lockbox/cabinet; with viewing CCTV images, and the data being accessed via a wireless device. 
  • Images are recorded on secure servers and are viewable by members of the Standing Committee. Additional staff may be authorised by the Standing Committee to monitor cameras sited within their own areas of responsibility on a view only basis. 
  • Where churches are using Cloud-based storage they will ensure that such storage is located in the European Economic Area (EEA), and that all relevant security and data protection measures are in place.
  • Recorded material will be stored in a way that maintains the integrity of the image and information to ensure that metadata (e.g. time, date and location) is recorded reliably, and compression of data does not reduce its quality.
  • Viewing monitors should be password protected and switched off when not in use to prevent unauthorised use or viewing.
  • The cameras installed provide images that are of suitable quality for the specified purposes for which they are installed and all cameras are checked daily to ensure that the images remain fit for purpose and that the date and time stamp recorded on the images is accurate. 
  • All images recorded by the CCTV System remain the property and copyright of the St Chads Church.

Covert surveillance

  • Covert surveillance is the use of hidden camera’s or equipment to observe and/or record the activities of a subject which is carried out without their knowledge.
  • St Chads Church will not engage in covert surveillance.

 

Facial Recognition

36. Where cameras are used to identify people’s faces, St Chads Church will ensure that we use high quality cameras to make sure we are capturing the individual accurately enough to fulfil the intended purpose. The results of this automatic matching will be monitored by a trained individual to ensure that there haven’t been any mismatches.

37. Any use of such automated technologies must involve some level of human interaction and should not be done on a purely automated basis.

Live Streaming

38. CCTV is not suitable for live streaming of services, as it is intended solely for safety and security purposes.

39.       Churches wishing to live stream services must use additional filming equipment and/or devices, and follow the guidance published on the Church of England website here: https://www.churchofengland.org/media/22304

Data Protection

  • In its administration of its CCTV system, St Chads Church complies with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018 and in accordance with St Chads Church Data Protection Policy.

Data Protection Impact Assessments

  • The CCTV system is subject to a Data Protection Impact Assessment. Any proposed new CCTV installation is subject to a Data Protection Impact Assessment identifying risks related to the installation and ensuring full compliance with data protection legislation. This will include consultation with relevant internal and external stakeholders.

Applications for disclosure of images

  • Requests by individual data subjects for images relating to themselves via a Subject Access Request should be submitted to the Data Protection Team (Standing Committee) together with proof of identification. Further details of this process are detailed on the St Chads Church website www.stchadssuttoncoldfield.org.uk/home/cctv OR can be obtained by contacting the Churchwarden (c/o St Chads Vicarage, 41 Hollyfield Road, Sutton Coldfield, B75 7SN)
  • In order to locate the images on the system sufficient detail must be provided by the data subject in order to allow the relevant images to be located and the data subject to be identified.
  • Where St Chads Church is unable to comply with a Subject Access Request without disclosing the personal data of another individual who is identified or identifiable from that information, it is not obliged to comply with the request unless satisfied that the individual has provided their express consent to the disclosure, or if it is reasonable, having regard to the circumstances, to comply without the consent of the individual.
  • A request for images made by a third party should be made to the Churchwarden (c/o St Chads Vicarage, 41 Hollyfield Road, Sutton Coldfield, B75 7SN).
  • In limited circumstances it may be appropriate to disclose images to a third party, such as when a disclosure is required by law, in relation to the prevention or detection of crime or in other circumstances where an exemption applies under relevant legislation.
  • Such disclosures will be made at the discretion of the Data Protection Team (Standing Committee), with reference to relevant legislation and where necessary, following advice from the Diocese Registrar of the Church of England Birmingham 
  • A log of any disclosure made under this policy will be held by the PCC secretary itemising the date, time, camera, requestor, reason for the disclosure; requested; lawful basis for disclosure; date of decision and/or release, name of authoriser.
  • Before disclosing any footage, consideration should be given to whether images of third parties should be obscured to prevent unnecessary disclosure.
  • Where information is disclosed, the disclosing officer must ensure information is transferred securely.
  • Images may be released to the media for purposes of identification. Any such decision to disclose will be taken in conjunction with the Police and/or other relevant law enforcement agencies. 
  • Surveillance recordings must not be further copied, distributed, modified, reproduced, transmitted or published for any other purpose.

Retention of images

  • Unless required for evidentiary purposes, the investigation of an offence or as required by law, CCTV images will be retained for no longer than 31 calendar days from the date of recording. Images will be automatically overwritten or destroyed after this time. 
  • Where an image is required to be held in excess of the retention period the Data Protection Team (Standing Committee) will be responsible for authorising such a request, and recordings will be protected against loss or held separately from the surveillance system and will be retained for 6 months following date of last action and then disposed of as per 53 above
  • Images held in excess of their retention period will be reviewed on a three-monthly basis and any not required for evidentiary purposes will be deleted. 
  • Access to retained CCTV images is restricted to the Data Protection Team (Standing Committee) and other persons as required and as authorised the Data Protection Team (Standing Committee).

Complaints Procedure

  • Complaints concerning St Chads Church use of its CCTV system or the disclosure of CCTV images should be made to the Church Warden (c/o St Chads Vicarage, 41 Hollyfield Road, Sutton Coldfield, B75 7SN).
  • When requested, anonymised information concerning complaints will be provided to the Surveillance Commissioner.

Review Procedure

  • There will be an annual review of the use of the CCTV system to ensure it remains necessary, proportionate and effective in meeting the stated purposes.
  • As part of the review of St Chads Church will assess:
  • whether the location of cameras remains justified in meeting the stated purpose and whether there is a case for removal or relocation;
  • the monitoring operation, e.g. if 24 monitoring in all camera locations is necessary or whether there is a case for reducing monitoring hours;
  • whether there are alternative and less intrusive methods for achieve the stated purposes.

Responsibilities

  • St Chads Church is responsible for the overall management and operation of the CCTV system, including activities relating to installations, recording, reviewing, monitoring and ensuring compliance with this policy. 
  • The to the Data Protection Team (Standing Committee) is responsible for ensuring that adequate signage is erected in compliance with the ICO CCTV Code of Practice.
  • The Data Protection Team (Standing Committee) is responsible for authorising the disclosure of images to data subjects and third parties and for maintaining the disclosure log.

Approval and review

  
Policy ownerM McAllister, Data Protection Officer, National Church Institutions
Policy authorM McAllister, Data Protection Officer, National Church Institutions
Date21/9/20
Approved bySt Chads Church PCC
Date11/5/2001
Review dateMay 2022

Revision history

Version no.Revision datePrevious revision dateSummary of changes
0.1  Draft CoE CCTV Policy Template
0.221/9/20 Amendments following review by CCB
1.022/9/2021/9/20Amendments following review by CCB