The safety of our students, staff and visitors and the protection of University property are of the utmost importance. Around the clock, our team monitors a network of over 400 CCTV cameras, on and off campus.

Our technical support team manage the installation of new CCTV and Access Control equipment and can provide consultation, advice and costings to departments. You can contact them via security-access-control@rt.bath.ac.uk

Introduction

The University of Bath (the "University") is the owner of a public closed circuit television system (CCTV) currently installed on the Campus and in/on University buildings off Campus; in addition the system incorporates an automatic number plate recognition system (ANPR), body worn and covert cameras.

For the purpose of these Codes of Practice these systems together will collectively known as the CCTV systems.

Cameras are located in various areas around the campus and off campus including:

  • car parks
  • academic buildings
  • service buildings
  • bars
  • Students' Union
  • accommodation
  • shops

There are several types of camera:

  • overt fixed – these record uncontrolled images e.g. reception desk, doors etc.
  • overt Pan, Tilt, Zoom (PTZ) – these are controllable cameras that can follow vehicles or subjects when required
  • body worn – used by security staff when on late night patrols and dealing with drunkenness, violence and anti social behaviour
  • covert cameras – temporary fitted cameras used in areas not covered by CCTV but the scene of persistent criminality
  • overt PTZ High Definition (HD) cameras – these are controllable cameras that can follow vehicles or subjects when required and are placed in incident hotspots, e.g. Bus Arrivals Square, to record images that can be interrogated in detail after the event, e.g. zoomed into for identification purposes
  • ANPR – these record vehicle number plates together with a date and time stamp

The cameras cover roadways, car parks, buildings, vulnerable public facing offices, academic buildings and licensed premises.

Images are recorded locally within departments or centrally on servers in BUCS communications rooms; they are all viewable centrally by security staff. In addition a limited number of management staff have the facility to monitor cameras sited within their own areas of responsibility to monitor legal compliance (bars managers) safety (laboratory superintendents) and anti-social behaviour (housekeepers).

Objectives for the use of CCTV systems

The objectives for the use of the various CCTV systems are to:

  • assist in providing a safe and secure environment for the benefit of those who might visit, work or live on the campus
  • reduce crime and the fear of crime by reassuring students, staff and visitors
  • deter and detect crime, public disorder and anti-social behaviour
  • identify, apprehend and prosecute offenders in relation to crime, public disorder and anti social behaviour
  • provide the Police, Health and Safety Executive and University with evidence upon which to take criminal, civil and disciplinary action respectively
  • monitor crowd movements during University events
  • monitor and assist with traffic management
  • assist in the monitoring and deployment of security staff during normal duties and emergency situations
  • protect security officers from undue threats and violence
  • obtain evidence for use in the investigation of criminal actions, breaches of health and safety legislation and breaches of student and staff disciplinary procedures (subject to conditions, see paragraph three)

Procedural and administrative notes

The Head of Security Services of the University retains overall responsibility for the system and delegates the day to day management to the Security Manager and Security Technical Support Officer.

It is their responsibility to ensure that CCTV within the University is managed in line with this Code of Practice, the current CCTV Code of Practice produced by the Information Commissioner’s Office and the current Surveillance Camera Code of Practice issued by the Home Office.

All images produced by the system remain the property and copyright of the University.

The University will only investigate images for use in a staff disciplinary case when there is a suspicion of gross misconduct and not to generally monitor staff activity.

In these situations the investigating manager or HR Manager/Advisor will formally request access to images from Security Services, where these may prove or disprove suspected potential gross misconduct. Where access is given, the confidentiality of these images and who is able to access them will be closely controlled.

Likewise the images will only be sought as evidence in serious student discipline cases being heard by the Head of Student Services and Head of Security Services or other higher authority.

Covert cameras will be used on rare occasions when a series of criminal acts have taken place e.g. thefts in the same area not fitted with CCTV.

Authority of the University Secretary will always be sought before installing any covert cameras.

It should be noted that provided that authority has been sought and given prior to usage in line with this procedure, then recording will not constitute misconduct as set out in the last bullet point of section eight (What is Gross Misconduct) of the Disciplinary Policy & Procedure – covert recording of staff, meetings, etc – without express consent.

The objectives outlined in paragraph two of this code will be closely followed when assessing the requirements for new CCTV installations.

Similarly, if designated usage of the area changes it will be necessary to assess whether the location of cameras remains justified in meeting the stated purpose and whether there is a case for removal or relocation.

Security control room

The Security Control Room is situated on level one of Wessex House and is capable of receiving images from throughout the campus. It is staffed 24 hours a day by uniformed University Security Officers. In addition the Library Security staff are able to view by way of direct and remote viewer cameras linked to the network.

The Control Room is also equipped with a Home Office licensed radio system linking the Room with uniformed Security Officers and Parking Wardens who provide mobile and foot patrols of the car parks and are able to respond to incidents identified on the CCTV monitors.

Data protection

This Code of Practice reflects the spirit and guidance issued by the Information Commissioner’s Office as documented in the CCTV Code of Practice (revised edition 2008) and the Surveillance Camera Code of Practice (June 2013) issued by the Home Office and will not be used to invade the privacy of any individual, residence, business or other private premises, buildings or land.

The University is committed to complying with the requirements of the Data Protection Act 1998 and will operate the system in accordance with the eight data protection principles. The University will include the CCTV system on the University's data protection notification. The Head of Security Services will be responsible for ensuring that the notification covers the purposes for which the system is used.

The standards, which must be met if the requirements of the Data Protection Act 1998 (DPA) are to be satisfied, are based on the eight data protection principles which are:

  • personal data shall be processed fairly and lawfully and, in particular, shall not be processed unless (a) at least one of the conditions in Schedule Two is met, and (b) in the case of sensitive personal data, at least one of the conditions in Schedule Three is also met
  • personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes
  • personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed
  • personal data shall be accurate and, where necessary, kept up to date
  • personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes
  • personal data shall be processed in accordance with the rights of data subjects under this Act
  • appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data
  • personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data

All members of staff involved in operating the system will be made aware of the objectives of the scheme as set out in paragraph 2 of this Code and will be permitted only to use the system to achieve those objectives.

All members of staff involved in operating the system in the main controller satellite view stations will be forwarded a copy of the CCTV Codes of Practice for reference and compliance purposes.

The University recognises the importance of strict guidelines in relation to access to and disclosure of recorded images and all members of staff should be aware of the restrictions relating to this set out in this Code and the rights of individuals under the Data Protection Act.

Administration

It will be the responsibility of the Head of Security Services or in their absence their deputy to:

  • select camera sites and initial areas to be viewed
  • be responsible for compliance with the Data Protection Act
  • take responsibility for control of the images and make decisions on how these can be used
  • ensure the system is secure and only viewed by authorised persons
  • ensure that the procedures of this Code of Practice comply with the current CCTV Code of Practice produced by the Information Commissioner’s Office and the current Surveillance Camera Code of Practice issued by the Home Office
  • introduce a CCTV incident log and record of Police or other Statutory Authority requests for images
  • make bi-annual checks to establish that nominated managers still require viewing rights of the system in line with the above objectives
  • ensure adequate signing is erected
  • regularly evaluate the system to ensure it complies with the latest legislation, CCTV Codes of Practice and its use is in accordance with these Codes of Practice

Authorised users

Authorised persons include:

  • Security staff
  • Off Campus Coordinator
  • management staff with a legitimate reason for accessing images – e.g. managers/HR investigating the potential gross misconduct of staff, bars managers to monitor legal compliance, laboratory superintendents to monitor safety and housekeepers to monitor anti-social behaviour.
  • Police Officers
  • other Statutory Officers e.g. Health and Safety Executive Officers
  • members of staff facing disciplinary action and Trade Union officials representing them
  • students facing disciplinary action and their friends or representatives

It will be the responsibility of the Security Manager to:

  • clearly communicate the specific purposes of the recording of and use of images and objectives to all security staff
  • ensure that a CCTV incident log and record of Police or other Statutory Authority requests for images is maintained
  • carry out annual audits to check that procedures are being complied with
  • ensure that the audit team includes CCTV practices and procedures on their regular audits of the Security Services Department
  • ensure that regular three monthly reviews are conducted of all locked images and delete those not still required for evidential purposes
  • ensure that all Data Protection Act forms received from the Police or other investigatory bodies e.g. Health and Safety Executive are filed for future reference
  • ensure that all data and images are erased after a period of three months unless retained for evidential purposes

It will be the responsibility of the individual operating officer to:

  • select appropriate images to be recorded on controllable cameras (PTZ) so as to comply with the objectives outlined above
  • ensure that targeting of individuals with the cameras is only conducted when there is reasonable suspicion that the person falls within one of the objectives set above e.g. committing a criminal offence
  • not to view into private property and be mindful of student privacy within student accommodation
  • complete the CCTV incident log as appropriate

Storing and viewing images

All images recorded on the University cameras are digitally stored, either centrally at the Bath University Computing Centre or remotely within their respective Departments, on computer/server hard drives and although the images can be searched it is not possible to tamper with or alter them.

In the event of the Police requiring images they can be ‘burnt’ onto a CD/DVD for evidence in court, on receipt of the appropriate Data Protection form.

The general CCTV images over record after ten to 14 days, dependant on the image quality being recorded, however any relevant images can be ‘locked’ on the hard drive for future reference.

All other images and data will be erased after three months unless required for evidential purposes.

Locked images are reviewed on a three monthly basis and any not still required for evidential purposes will be deleted.

ANPR plate history is stored on a dedicated hard drive for up to six months and overwritten on a rolling basis. Viewing of live images on monitors is restricted to security operators or other authorised person (see paragraph six above) and can only be accessed using passwords.

Images are generally viewed confidentially in secure private offices however they may also be viewed discreetly at the Library Security Desk in small screens (6” or smaller) where images/individuals are not identifiable by persons passing the desk.

Requests to view images or image disclosure should be made in writing to the Security Manager.

Disclosure

The following guidelines will be adhered to in relation to disclosure of images:

  • will be in line with the above objectives
  • will be controlled under the supervision of the Security Manager or his/her deputy
  • a log book/sheet will be maintained itemising the date, time(s), camera, person copying, person receiving and reason for the disclosure
  • the appropriate disclosure documentation from the Police will be filed for future reference
  • images must not be forwarded to the media for entertainment purposes or be placed on the internet
  • images must not be copied in any way, e.g. photographed, downloaded or printed for use other than described in the objectives
  • images will only be released to the media for identification purposes in liaison with the Police or other law enforcement agency
  • the method of disclosing images should be secure to ensure they are only seen by the intended recipient
  • consider obscuring images of third parties not relevant to the investigation to prevent unnecessary identification of individuals

NB: Even if a system was not established to prevent and detect crime, it would still be acceptable to disclose images to law enforcement agencies if failure to do so would be likely to prejudice the prevention and detection of crime.

Any other requests for images should be routed via the Head of Security Services or his/her Deputy, as disclosure of these may be unfair to the individuals concerned.

In some limited circumstances it may be appropriate to release images to a third party, where their needs outweigh those of the individuals whose images are recorded. For example, a member of the public requests CCTV footage of a car park, which shows their car being damaged.

They say they need it so that they or their insurance company can take legal action.

You should consider whether their request is genuine and whether there is any risk to the safety of other people involved.

The University has discretion to refuse any third party request for information unless there is an overriding legal obligation such as a court order or information access rights.

Once an image has been disclosed to another body, such as the police, then they become the data controller for their copy of that image.

It is their responsibility to comply with the Data Protection Act in relation to any further disclosures.

Signage

Signage has been erected at the main entrances to the University Campus and at other locations where CCTV (including ANPR) is in use informing that them that CCTV surveillance is in operation.

The signs contain details of the University and a contact number for Security.

It is the responsibility of the Head of Security Services to ensure adequate signing is erected to comply with the Information Commissioner’s Code of Practice.

Subject access requests

Individuals whose images are recorded have a right to view the images of themselves and, unless they agree otherwise, to be provided with a copy of the images. All such requests are handled centrally by the University Secretary’s Office and must be passed to dataprotection@bath.ac.uk

  • these images must be provided within 40 calendar days of receiving a request
  • a fee of up to £10 is payable (this is the current statutory maximum set by Parliament)
  • those who request access must provide you with details which allow you to identify them as the subject of the images and also to locate the images on your system
  • a log of such request will be maintained in the disclosure log

If images of third parties are also shown with the images of the person who has made the access request, consideration must be given as to whether there is need to obscure the images of the third parties.

A public space CCTV camera records people walking down the street and going about their ordinary business.

Where nothing untoward has occurred, this can be released without editing out third party images.

Freedom of information

As a public body the University may receive requests under the Freedom of Information Act 2000 (FOIA). All such requests are dealt with centrally by the Freedom of Information Coordinator and should be passed on receipt to freedom-of-information@bath.ac.uk

The response should be made within 20 working days from receipt of the request.

Section 40 of the FOIA and section 38 of the FOISA contain a two-part exemption relating to information about individuals.

Receiving a request for CCTV footage

  • If the images are those of the requester, the information is exempt from the FOIA/FOISA and this request should be treated as a data protection subject access request as explained above
  • If the images are of other people, they can be disclosed only if disclosing the information in question does not breach the data protection principles

Use of the system

All security staff and other authorised users must read these codes of practice prior to being instructed on the operation of the system.

The system can be used to observe the Campus and areas under surveillance and identify incidents that require a response; the response should be proportionate to the incident being witnessed.

On some occasions the deployment of a security officer may be sufficient on other occasions contacting the Police to respond may be the appropriate action.

Such surveillance should be in accordance with the stipulated objectives.

Whenever a response is required a log should be commenced on the incident reporting system (Safeguard).

Viewing monitors should be pass-worded and switched off when not in use to prevent unauthorised use or viewing.

Complaints

Complaints received in relation to the use of the CCTV system should be made to the Head of Security Services who will investigate the allegation or complaint and then follow the normal University grievance procedures as outlined on the Human Resources website.

Complaints in relation to the disclosure or image supply should be made in writing to the Head of Security Services.

Changes to the code

Any changes to this Code will only take place after consultation with the Students’ Union and Trades Union Representatives.

The changes will then have to be ratified by the University Secretary.

Document control

Owner: Head of Security Services
Approval date: August 2015
Approved by: University Secretary