SCOPE

English Heritage Trust uses video surveillance across its estate as part of an integrated security management response to the threats of criminal and nuisance behaviour that affect its assets and people.  Typically this relates to CCTV systems.  Currently there are more than 60 sites with systems ranging in size from approximately 60 cameras at four sites to four cameras at some sites. As technology advances, this policy will also apply to body-worn cameras, drones, temporary battery-operated devices, automatic number-plate recognition and cloud storage systems.  This policy will apply to all such applications were they are installed or operated on our premises or to protect staff whilst carrying out their work-related duties off-site.

PURPOSE

EHT properties are of significant historic importance to the nation; they contain valuable artefacts and act as visitor attractions (both staffed and unstaffed) with thousands of visitors each year. EHT has a duty to protect these assets on behalf of the nation from criminal activity of all kinds which has been proven to take place on many occasions.  This also includes protecting staff and volunteers from aggressive and threatening behaviour. In more detail:

• Protecting historic buildings from architectural theft, metal theft and criminal damage
• Protecting museum-artefacts from burglary, theft and criminal damage
• Protecting historic landscapes from illegal metal detecting, digging for finds and criminal damage
• Protecting EHT assets including modern buildings, cash, equipment and plant from burglary, theft and criminal damage
• Supporting staff when dealing with potentially confrontational behaviour
• Reducing the incidence of anti-social behaviour
• Assisting the police and other law enforcement partners in identifying, apprehending and prosecuting offenders

LEGISLATION

This policy is based on current legislation and will make best endeavours to meet its requirements in a proportionate manner. Relevant legislation is listed below:

• Human Rights Act 1998
• Freedom of Information Act 2000
• Private Security Industry Act 2001
• Protection of Freedoms Act 2012
• General Data Protection Regulation 2018
• Data Protection Act 2018
• Criminal Procedure and Investigations Act 1996

In respect of Article 6 GDPR and Part 2 DPA 18, the lawful basis for processing data in our surveillance systems is typically  ‘Legitimate Interest’. However, different uses of VSS may have different objectives and higher levels of intrusion.   The category of data being recorded will be assessed as part of the DPIA for every installation.

ORGANISATIONAL RESPONSIBILITIES

To ensure this policy is delivered successfully the following roles have been designated:

• Senior Responsible Officer – an executive role with strategic oversight of surveillance
• Data Protection Officer – supports delivery of the policy and must be consulted regarding compliance and the DPIA
• Single Point of Contact – has corporate responsibility for all surveillance matters
• Responsible Officer – responsible for management of local system(s) with daily oversight of system use.
• Technical Support Officer – responsible for procurement and deployment of individual systems
• Authorised Users – for each system, the Responsible Officer will identify authorised staff who can operate and access the system.
• Information Governance Team – responsible for processing all requests for disclosure from without authorised users of a system and handling external complaints received about any EHT system.

Shared Responsibilities

In some cases, systems are jointly-controlled by other organisations or wholly operated by another organisation on behalf of EH, e.g. remote video receiving centres (RVRC). For each system where this is the case, there must be agreement in place with the other controller included in contracts, including processing agreements.  This must be properly documented, identifying who is the controller and the respective responsibilities.

TRAINING

Staff members identified above will receive training according to their role to discharge these duties.  In particular, Authorised Users will be trained to comply with this policy. Each system will use standard operating procedures (adapted to their site specific requirements) to ensure consistency and clarity of purpose. They will understand that all information relating to the VSS images must be handled securely.  If staff misuse the surveillance system , they may be committing an offence and will lead to disciplinary proceedings.

Personal Data  - Not all surveillance-images will be personal data.  Personal data relates to information relating to people who can be identified or who are identifiable, directly from the information in question, or who can be indirectly identified from that information in combination with other information.

• All personal data will be processed in accordance with the data protection principles

• Lawfulness, fairness and transparency
• Purpose limitation
• Data minimisation
• Accuracy
• Storage limitation
• Integrity and confidentiality (security)
• Accountability

SYSTEM DESIGN, INSTALLATION AND DEPLOYMENT

All new systems (and additions to systems) will implement the principles of ‘Data Protection and Security by Design’ as follows:

1. Justify and Plan; defining the problem, assessing the risk, establishing the need for surveillance and carrying out a Data Protection Impact Assessment
2. Operational requirement – drawing on operational staffs’ site knowledge and the Technical Support Officer’s expertise we will understand the purpose of the system and define the operational requirements for each area under surveillance ensuring that proposals for surveillance are proportionate and appropriate to the assessed risks.
3. Procuring the system – using the operational requirements and relevant standards (including EHT standard contracts) we will engage with the market (or use existing MTC as appropriate) where accredited service providers will interpret and develop the design to meet our needs. Security suppliers will themselves demonstrate accreditation to appropriate security standards.
4. Commissioning and User Acceptance – the service provider will demonstrate that the system installed has met the operational requirement.

TECHNICAL STANDARDS

Surveillance systems will be required to comply with British Standards, including:

• BS EN 50132 - 7: Installation & Commissioning of CCTV Systems
• BS EN 62676 – 4: Video Surveillance Systems for use in security applications
• BS 8418: Detector Activated Remotely Monitored CCTV
• BS 7858: Vetting Employees
• BS 7958: Management & Operation of a CCTV Control Room
• BS 8495: Code of practice for digital CCTV recording systems for the purpose of image export to be used as evidence
• BS 8593: Code of Practice for deployment and use of Body Worn Video

STORAGE AND RETENTION

We will retain appropriate records to demonstrate our compliance.  We will keep records for all surveillance systems  which will document the purpose(s) for lawful surveillance, data sharing agreements and the relevant retention period.

Images captured by our systems will be stored securely.  All equipment will be housed in spaces that are secure and deny access to recorded images.  Access to these areas will be limited to Authorised Users.   We will store only the minimum information for the shortest period of time that permits us to fulfil the purpose of the system. The retention period will be determined at the system-design stage by the Operational Requirement.  By exception, when incidents occur, relevant ‘clips’ of images may be saved in an archive folder, to ensure evidence is available to assist with subsequent investigations/prosecutions.  Such a folder may be kept longer than the normal retention period, but no longer than required to fulfil this need.

VIEWING AND DISCLOSURE

Access to review stored images will be restricted to Authorised Users.  Where there is a request to review from outside the Authorised User-Group, a written record of access will be kept for one year. Details will include name of requester and organisation, date, purpose and outcome. All such requests should be sent to the Information Governance Team.

Disclosure will not be unduly obstructed but requests may be refused if there is insufficient information or the reason is invalid. There are two types of requests for the release of data that are permitted:

1. Subject Access Request – an individual requests data on the system relating only to them.
   1. There must be a written request with sufficient information (e.g. date, time, location) and photograph to ensure the person can be located
   2. Liaise with the Information Governance Team as soon as possible
   3. 3^rd parties must be obscured
   4. The data must be in an agreed format
2. Others – requests are most likely to be received from the police or internal colleagues, but might include agencies such as local authorities, solicitors or insurance companies. The request will be processed by the Responsible Officer. Before we agree to process the request we will:
   1. Confirm the identity of the requester
   2. Ensure that the purpose of the request is compatible with the stated purposes of the system we operate
   3. Liaise with the Information Governance Team as soon as possible

All requests and disclosures will be supported by a written record.  This will include regular data sharing, as covered by a Data Sharing Agreement.

Further details of how we discharge these requirements can be found in our Standard Operating Procedures.

GENERAL USE OF VIDEO SURVEILLANCE SYSTEMS

Whilst our data is kept securely, our systems will be operated in a transparent way, ensuring they are fit for their stated purpose, by liaising with stakeholders in the initial design.  As well as addressing any concerns they may have, this will help to ensure that processing is necessary and proportionate. Additionally:

• Information about surveillance will be included in our Privacy Policy
• A copy of this Surveillance Policy will be made available on our website
• A copy of the local Code of Practice for each system will be available on request
• Signage will be prominently displayed where each system operates, at locations before entering the area under surveillance. Signage will include contact details as well as the specific purposes for the system.

COVERT USE

On very rare occasions we may receive a request from the police (or other law enforcement agency) to use our system for a specific purpose that is additional to its normal use.  This would only occur if it were authorised and directed by the police.  For us to agree, the following criteria must be fulfilled:

• The proposal is aligned to the Regulation of Investigatory Powers Act
• The processing is lawful under Part 3 Data Protection Act
• The circumstances are exceptional
• There is reasonable suspicion
• The use is for a specific operation
• It will cease, once the investigation is complete
• It would impact the investigation, if we were to publicise this new use
• Any intrusion on privacy would be taken into account
• The Data Protection Officer is consulted
• The decision is taken by the Senior Responsible Officer

MAINTENANCE

All surveillance systems will be maintained by an accredited service provider, in accordance with the relevant British Standards.  Full records of attendance, work undertaken and any changes to the system will be kept on site for three years.  This will help ensure that the system remains fit for its stated purpose.

SYSTEM REVIEW AND AUDIT

We will carry out systematic reviews of system performance to ensure they remain fit for purpose and identify need of any changes to technology.

This review will consider:

• Has the scope of the scheme changed since last review? Are more/less cameras required?
• Is the equipment functioning as expected?
• Has maintenance been carried out effectively? Have there been any significant changes as a result of repairs or upgrades?
• Has the DPIA been reviewed?

Owing to the large number of systems, this audit will be carried out at different levels and different frequencies, including dip-sampling.  This will include self-audit by Responsible Officers, targeted visits by Estates team members and by the Single Point of Contact.

COMPLAINTS

Enquiries or complaints will be channelled either through the local Responsible Officer or, more likely via the contact number on the CCTV signage.  All will be directed to the Information Governance team, for advice.