The use of covert cameras is only lawful if a specific identified criminal activity is being investigated. Data subjects must be allowed access to images recorded of them, and all images must be processed fairly and lawfully, documented and retained no longer than necessary.

Covert CCTV Policy

January 2012

CCTV Policy – Covert Systems

Overview

PJS CCTV Ltd provide technical security solutions for a variety of businesses including Covert CCTV systems. All PJS CCTV systems are designed and installed in compliance with the Principles of the Data Protection Act 1998. It is however the end users responsibility to ensure continued compliance with the Act with regards to the storage and use of evidential data.

Any company wishing to use Closed Circuit Television should create a company policy detailing the type of system and the reason for its introduction. This policy should be regularly checked and updated/amended where appropriate according to changes to the site specific requirements.

The use of covert CCTV can be particularly sensitive and therefore we have created our own company policy relating to this type of equipment. This is not meant to replace our clients own policies which should still be written and adhered to, but is intended to enhance our clients understanding of the DPA98 and to ensure full compliance with it.

Clients Requirements/obligations

The client should submit in writing a request for a covert CCTV system. PJS will provide a covert data request and tracking (PJS/COV001) sheet for this. PJS require a minimum of 5 working days lead time for normal covert installations unless a special requirement is requested and agreed.

This request should contain the following details:

• Company name, address & telephone number.
• Contact name, address & telephone number.
• Installation address and contact details.
• Date time and duration of proposed installation.
• Alleged target details and reason for installation.

Some clients may wish to design and specify their own covert system detailing camera types and positions. The request will be acknowledged with the clients Loss Prevention department or other appropriate contact. The details will be passed to our engineering management whom will make the necessary arrangements to install the system. Should the desired time/ or date be unacceptable we will contact the client and offer an alternative.

We will on occasion be required to contact the site by telephone. Should this be necessary, all PJS staff will ensure that they do not divulge their true identity until they are speaking directly with the contact. We will liaise with the client regarding a password or phrase which can be used to identify ourselves. PJS operatives will ensure that the contact is able to speak freely regarding the proposed installation and if not they will arrange to call back when convenient. Details of proposed installations can be confirmed with the site contact where required and should a site contact need to be present for the work we will exchange descriptions so as to easily identify each other at the time of installation.

Equipment Specification

All PJS Covert PC systems are built by our own I.T. technicians and are bench tested and a test label fixed to the PC prior to installation.

The systems will be PC based having a built in hard disk drive for recorded data and up to 31 days recording time.

The system will be set to record for a set period of time

The systems will be capable of recording from 1 – 4 cameras at 25 frames per second

The PC will utilise Windows Xp™, Nero Express™ and Geovision X-View™ Software.

The PC will be equipped with an on board CD/DVD Writer to allow direct copying of data to disc.

In some circumstances a survey may be required prior to installation to ascertain the correct camera type.

Camera types will be site specific and may be requested by the client from pre built items or built as bespoke units.

All cameras will be low voltage and will normally be cable using RG59+2 solid core coaxial cable with adjoining 2 core power cable.

The client is responsible for providing mains power in the form of mains outlets. PJS engineers will utilise the most appropriate mains outlets and ideally these should be hidden from general view to ensure that they are not switched off. 

The PJS Covert Engineers will work in a methodical manner in line with current British Standards and our own working practices. They will be courteous at all times and will leave their working area clean and tidy. They will ensure that the site contact is satisfied with the installation and a job sheet will be signed where required. No other paperwork relating to the system will be left on site.

The system will be checked by the engineer to ensure recording settings, image quality and fields of view are correct before leaving site and the covert installation checklist completed.

The system will be removed after an agreed period of time, usually 2-4 weeks as per DPA, and the system will be taken to the PJS se

cure data processing suite where it will be stored until images stored on it can be viewed.

PJS have 3 Status levels for covert installations.

1. ACTIVE           = system installed or being viewed or data being processed
2. FILED              = system data obtained, HD copied, HD/CD filed & held for 3 months
3. DESTROYED  = system data wiped & destroyed after 3 months

Data Processing  

The data stored on the system will be obtained, viewed and processed in line with the 8 principles of the Data Protection Act and around parameters and guidelines from the clients Loss Prevention Team.

The PJS Data Controllers should be nominated in the clients own CCTV policy as nominated viewing officers of the client for the purpose of data processing.

Should evidence be found, our Data Controllers will contact the clients Loss Prevention Team and inform them of the nature and content of the evidence in relation to the alleged incident. The details of the evidence will be noted and should the client require, it will be copied onto CD/DVD for presentation to the client along with all necessary paperwork.

Included with the evidence will be the data tracking sheet COV002 containing the original request for covert CCTV, the details of the equipment installed, the details of the Data Controller and the evidence provided and any other appropriate information relating to the processing of the evidential images.

2 copies of the evidence will be copied. 1 copy will be provided for the client with the 2nd copy being stored in the PJS secure data storage archives. Should additional copies of the evidence be required they will be copied directly from the archive (Nº2) copy. The archive copy will be stored for a period of no more than 3 months unless otherwise requested in writing by either the client and/or the Police Authorities.

Should the Police authorities require copies of the evidence these shall be provided following written consent from the client and will require confirmation of receipt by the officer collecting the data along with his/her name and rank and serial number. The collecting should place the data in an evidence bag and continue with their own evidence tracking process until such time as the data is returned or destroyed.

The hard drive of the PC containing the evidence will be transferred onto a master covert PC  and stored in the PJS archives. All Data will be stored for a period of no more than 3 months unless otherwise requested in writing by either the client and/or the Police Authorities.

The HD and any CD copies from the data will be automatically destroyed after 3 months. CD’s will be shredded and HD formatted, unless otherwise requested in writing by either the client and/or the Police Authorities.

All COV001, COV002 and COV003 evidence sheets relating to destroyed data will be stored for a period of 3 years from the date the original copy of the data was taken.

THE DATA PROTECTION ACT 1998