CCTV POLICY. Document Type Corporate Policy. Unique Identifier HS-103

Transcription

1 CCTV POLICY Document Type Corporate Policy Unique Identifier HS-103 Document Purpose This policy covers the internal and external use of close circuit television in and around buildings owned by, or leased to, the Worcestershire Health and Care NHS Trust for the provision of community, mental health and learning disability services Document Author Risk and Security Manager Target Audience All Staff Responsible Group Health and Safety Committee Date Ratified December 2014 Expiry Date December 2017 This validity of this policy is only assured when viewed via the Worcestershire Health and Care NHS Trust website (hacw.nhs.uk.). If this document is printed into hard copy or saved to another location, its validity must be checked against the unique identifier number on the internet version. The internet version is the definitive version. If you would like this document in other languages or formats (i.e. large print), please contact the Communications Team on or

2 Version History Version Circulation Date Job Title of Person/Name of Group circulated to Brief Summary of Change 1 25/11/2014 H&S Committee members, including Staff Side & Union Accredited Reps Amended into a Trust policy Accessibility Interpreting and Translation services are provided for Worcestershire Health and Care NHS Trust, including: Face to face interpreting; Instant telephone interpreting; Document translation; and British Sign Language interpreting Please refer to intranet page: for full details of the service, how to book and associated costs. Training and Development Worcestershire Health and Care NHS Trust recognises the importance of ensuring that its workforce has every opportunity to access relevant training. The Trust is committed to the provision of training and development opportunities that are in support of service needs and meet responsibilities for the provision of mandatory and statutory training. All staff employed by the Trust are required to attend the mandatory and statutory training that is relevant to their role and to ensure they meet their own continuous professional development.

3 CONTENTS Page 1. Background & Introduction 1 2. Outline Benefits & Objectives 1 3. Purpose of the Policy & General Principles of CCTV 2 4. Data Protection Act 2 5. Siting of CCTV Equipment & Conditions Applying to Installation 4 6. Accountability Framework 4 7. Access to & Release of Recorded Information 5 8. Internal & External Communications 6 9. Compliance Complaints Monitoring & Review 7 APPENDICES 1. Extracts from the Data Protection Act 8 2. Request for Disclosure of Personal Data Application for Access to Recorded Images (Subject Access Request) 16 An Equality Analysis Assessment has been carried out on this policy

4 WORCESTERSHIRE HEALTH AND CARE NHS TRUST CCTV POLICY 1. BACKGROUND AND INTRODUCTION TO POLICY It is acknowledged that the use of closed circuit television (CCTV) has an important role to play in reducing crime and the fear of crime. Where appropriate CCTV will be employed in premises owned (or leased by) the Worcestershire Health and Care NHS Trust (the Trust). CCTV also plays a part in controlling access to or egress from those premises. It also accepted that CCTV is only part of a range of measures to be used by members of staff when seeking to make improvements in environmental security. CCTV has been in operation for a number of years within Trust premises, and most units would have been installed before legislation, now governing the use of such equipment, was introduced. Following adoption of this policy by the Trust, the use of all pre-existing and newly installed CCTV equipment will need to comply with this policy, and the associated legislative requirements. The Trust should be able to rely on all existing or new CCTV equipment providing high quality tape, or digital images, as a means of improving environmental security (i.e. as part of a package of measures to deter crime) and also the provision of evidence to the police, in circumstances where it is suspected a crime has been committed. The policy applies to all those members of staff who control (or determine) the use of CCTV, or are responsible for the security of images, and their subsequent use e.g. in any criminal proceedings. Those members of staff need to ensure that the use of CCTV respects the rights of individuals and is non-discriminatory in its application and use. All recordings need to be securely held and retained for an agreed (and published) period of time, as set out in this policy. This policy, and the arrangements described, hereunder, has been prepared to ensure that the agencies involved operate within the law. Specifically, there is a need to ensure that an individual s right to privacy is not breached, or that acquiring and using recorded material does not conflict with the requirements of the Data Protection Act 1998 and the separate Code of Practice for CCTV, established under that Act. 2. OUTLINE BENEFITS AND OBJECTIVES OF THE POLICY The Trust acknowledges the benefits of using CCTV in specific locations as a means of: Controlling access to and egress from buildings (and in some cases movement within those buildings). Assisting in the prevention and detection of crime (and the fear of crime) against persons and property. Enabling the identification and subsequent apprehension (and prosecution) of offenders, in relation to any crimes actually committed. Helping to ensure the security of property belonging to the Trust, their employees, or visitors. Assisting Directors and Senior Managers within the Trust to meet their obligations under Health and Safety legislation. CCTV Policy Page 1 of 18

5 The overriding objective of this policy is to ensure that members of staff comply with all relevant legislation as it applies to the use of CCTV. In so doing, the statutory agencies involved can then be assured that such equipment is being legally and legitimately used in the interests of public safety, the prevention of crime and disorder, and the protection of the rights and freedoms of others. 3. PURPOSE OF THE POLICY AND GENERAL PRINCIPLES UNDERPINNING THE USE OF CCTV 3.1 Purpose The purpose of this policy is to ensure: That the application and use of CCTV on Trust premises (or buildings leased by the Trust) is in accordance with the requirements of the Data Protection Act 1998 and Human Rights Act Circumstances may arise where the use of CCTV falls under the Regulatory Powers Act 2000 That through provision of a clear framework staff can understand the benefits of CCTV and the limitations on its use. Arrangements are put in place regulating the siting and operation of CCTV equipment together with the notification (as required) of such installations to the Information Commissioner s Office (ICO). Optimum benefit is derived from the installation of CCTV, as part of the continued drive to make improvements in safety and environmental security. 3.2 General principles A number of general principles will apply to the introduction and use of all CCTV equipment : All systems will be installed by specialist contractors and will only be used for the purposes for which they were installed (i.e. the documented business purpose ). The Trust will take all reasonable steps to ensure that an appropriate balance is struck between meeting the objectives associated with the installation of the CCTV equipment, and the rights of an individual s privacy. (This principle will apply, both in terms of decisions taken over the siting of equipment and the subsequent use of recorded material). 3.3 Ownership of CCTV equipment and recorded material The Trust will own all CCTV equipment and be responsible for its maintenance. Similarly, the Trust will own all recorded material. 4. DATA PROTECTION ACT 1998 ISSUES 4.1 The Trust will ensure that a schedule of CCTV coverage (in respect of premises for which it has responsibility) will form part of the notification each organisation has to make to the ICO, as part of the overall registration of data systems, as required under the Data Protection Act. For the purposes of this policy, and in line with the Data Protection Act itself, the Trust will be the nominated data controller. 4.2 All CCTV, and associated equipment, will operate in accordance with the guidelines set out in the CCTV Code of Practice published by the ICO, a copy of which can be obtained from the Trust s Data Protection Officer. CCTV Policy Page 2 of 18

6 Conforming with this Code, will require the Trust to adhere to the following The operation of all equipment will be the responsibility of the Trust. Such responsibility will include the need to ensure that suitable back-up, retention and destruction arrangements are put in place, together with the proper storage of media, all of which is to be conducted in accordance with the prepared operational policies (see section 6.2). Cameras must not be hidden from view, and appropriate steps should be taken to inform patients, members of staff and members of the public of the presence of CCTV (together with details of the owners of the equipment) through the display of posters. To ensure privacy, the cameras should be focused on Trust property (or land), and the Trust must be in a position to demonstrate compliance, if challenged. In some circumstances, the use of software to blank out other non-trust premises might be considered. Images from the cameras should be appropriately recorded and stored. Sound recording should not form any part of the CCTV systems. 4.3 In addition to the above requirements, associated with the CCTV Code of Practice, the Trust must also ensure that the following requirements are met in line with the principles of the Data Protection Act All personal data should be obtained and processed fairly, and in a lawful manner. Personal data will only be used for the purposes specified, and disclosed only to those identified in section 7 of this policy (and as detailed in the Operational Policy see section 6.2). Personal data being held will be restricted to that which is adequate, relevant, and not excessive, in relation to the purposes for which the data is being held. Steps will be taken to ensure that personal data is accurate and, where appropriate, up to date. Personal data will be held for no longer than is necessary. Individuals will be allowed access to information about them and, where appropriate, will be permitted to erase images where to do so would fall within the guidelines of the CCTV Code of Practice. The Trust will take steps to prevent unauthorised (or accidental) access, alteration to, disclosure or loss and destruction of, information held. Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection Extracts from the Data Protection Act (sections 7 and 8) which are relevant to this policy are attached, for information, as Appendix 1. At Appendix 2 there is an application form to request disclosure of personal data under Section 29(3)/35 of the Data Protection Act, CCTV Policy Page 3 of 18

7 5. SITING OF CCTV EQUIPMENT AND CONDITIONS APPLYING TO INSTALLATION 5.1 Coverage Areas covered by cameras should be restricted to buildings and/or land owned by the Trust. Equipment should be installed in such a way as not to impinge upon the provisions of Article 8 of the Human Rights Act 1998 giving individuals a qualified right for respect of their private and family life. Cameras should not be directed towards private properties adjacent to Trust owned land. In general terms, coverage will be, as agreed, following discussion between the Trust s Company Secretary, Risk and Security Manager and local managers. 5.2 Proportionality The number of cameras, their siting and use, must be proportionate to the objectives being addressed. 5.3 Equipment details No cameras will be covertly installed, and wherever they are fitted (internally or externally) official notices will be displayed setting out the purpose of the surveillance. All cameras will be suitably protected to avoid damage, either by vandalism, or in the case of externally mounted equipment, adverse weather conditions. 5.4 Ad hoc use of cameras for specific (directed) surveillance The Regulation of Investigatory Powers Act 2000 sets down some specific requirements under which the use of covert (or directed) observations may be considered. Such circumstances will be extremely rare and will be subject to a strict Code of Practice (to be developed). Until this Code of Practice has been approved, by the Trust, the use of CCTV for such covert purposes is not permissible. 6. ACCOUNTABILITY FRAMEWORK 6.1 Trust Chief Executive The Chief Executive will have overall responsibility for the application and use of CCTV equipment within premises and on land owned or leased by the Trust. Following a review of CCTV coverage, and the preparation of a schedule detailing that coverage, any subsequent change concerning, for example, a further extension of coverage, to address a particular need, should be approved by the Chief Executive. Such responsibilities may be delegated (in writing) to a named individual. The Data Protection Officer for the Trust should also be informed of any changes to the agreed schedule. In formally approving the schedule of CCTV coverage, the Chief Executive (or someone appointed to act on their behalf) will need to establish/determine the following: The organisation, or person, legally responsible for the premises/land in/on which CCTV is to be used. The appropriateness of (and reasons for) the use of CCTV in the circumstances described, which should be documented. Whether the notification of intended use of CCTV has been lodged with the ICO. Who will be responsible for ensuring day to day compliance with the CCTV Policy Page 4 of 18

8 operation of the equipment and this policy. 6.2 Company Secretary The Company Secretary will act on behalf of the Chief Executive to ensure that: There is compliance with this policy. Operational procedures are prepared to support the application of the policy. Any limitations imposed on the use of CCTV equipment are not exceeded. Notices are displayed informing members of staff, patients and visitors that CCTV is in operation. Access to recorded material and any subsequent use of that material is handled in accordance with the requirements of the Data Protection Act and associated Code of Practice for CCTV. The policy is reviewed every 3 years (or more frequently, if circumstances dictate). 7. ACCESS TO AND RELEASE OF RECORDED INFORMATION Unless prior agreement has been made to the contrary for a specific (and agreed) purpose, images taken form CCTV will only normally be held for a maximum period of 31 days. In terms of accessing such recorded material, the following arrangements will apply. 7.1 Subject access In order to ensure that the rights of individuals are preserved, and that the integrity of any evidence is maintained (in case recordings are required as evidence) access to, and disclosure of, recorded material will be carefully controlled. Arrangements for doing so will be described in the operational procedures referred to in 6.2 above. The Trust will only release recorded information in circumstances which are compatible with the purposes for which CCTV was established, and where such release is in line with Data Protection requirements. Anyone wishing to access recorded information will be required to submit a formal request to the Data Protection Officer, giving sufficient information to enable a search to be made. (NB: a fee may be charged for this service). The Data Protection Officer will have 40 days to respond. If, having regard to the guidelines contained within the (Data Protection) CCTV Code of Practice, the Data Protection Officer declines the request, a written response must be sent within 21 days to the person making the request setting out the reasons why the request has been denied. (Please refer to Appendix 3 for the appropriate form for this purpose) 7.2 Release of information to the Police, Courts, or other legal bodies From time to time, the police may request access to tapes and CDs under the Police and Criminal Evidence Act. Such requests will only be made where: A review of recordings is required to trace incidents which have already been reported to the police. Immediate action is required in relation to live/current incidents being pursued. A major incident has occurred. In the case of civil disputes, access to tapes or disks may be authorised through a Court Order. CCTV Policy Page 5 of 18

9 Tapes or disks, in certain circumstances, may be made available to lawyers acting for defendants, or victims, in connection with criminal proceedings. The Health and Safety Executive is also empowered to seize tapes or disks as part of an investigation they may be undertaking if necessary without approval. Requests for recorded material from other statutory bodies (with enforcement powers) may also be received. Such requests will only be granted where sufficient justification for the request can be demonstrated. In these circumstances, it will be for the Chief Executive (or someone nominated, to act on their behalf), to authorise such releases. In all of the above circumstances, the reviewing of any tapes or disks must be undertaken under the supervision of an officer nominated by the Chief Executive (currently this role will be performed by the Company Secretary). 7.3 Release of information to the media and third parties (other than those referred to above) The overriding principle to be borne in mind is that, as a general rule, access to recorded material should be restricted to those Trust staff (and others noted in 7.1 and 7.2 above) who are entitled to view such information, either because such viewing relates to the purpose of establishing the CCTV surveillance in the first place, or (in the case of the police or courts) there is legal provision to do so. Circumstances may however arise where release of recorded material to the media may be justified in the wider public interest e.g. in the identification of a victim, witness, or perpetrator of a criminal act. This decision will be taken by the Chief Executive in conjunction with West Mercia Police. In such circumstances, and if practicable, the wishes and consent of the victim will always be sought. Under no circumstances should recorded material be made widely available, or used for personal gain. 8. INTERNAL AND EXTERNAL COMMUNICATIONS 8.1 All members of staff will be informed of the existence of this policy, which will be posted on the Trust s Intranet. 8.2 Notices will be displayed, in close proximity to cameras, and in other key locations, setting out (in brief) the purpose of the surveillance arrangements. 8.3 A leaflet will be prepared giving details of the policy, and its purpose, and arrangements for recording information. Copies of the policy and the leaflet can be obtained from the Trust s Risk and Security Manager. 9. COMPLIANCE 9.1 All employees of the Trust will be required to comply with the requirements of this policy, and associated legislation (e.g. the Human Rights Act and Data Protection Act). 9.2 Any intentional or reckless interference with any CCTVs or associated monitoring/recording equipment may constitute a criminal offence and will certainly be regarded as a disciplinary matter to be dealt with under Trust procedures. 10. COMPLAINTS Any complaint arising from the application or use of CCTVs, or their associated equipment, whether raised by members of staff, patients or members of the public, will be dealt with under the Trust Complaints Procedure. CCTV Policy Page 6 of 18

10 11. MONITORING AND REVIEW The operation of this policy will be reviewed every 3 years (or more frequently if circumstances dictate) by the Trust s executive management team, Health and Safety Committee and JNCC. CCTV Policy Page 7 of 18

11 Appendix 1 WORCESTERSHIRE HEALTH AND CARE NHS TRUST Extracts from the Data Protection Act 1998 Section 7 1. Subject to the following provisions of this section and to sections 8 and 9, an individual is entitled: (a) (b) (c) (d) to be informed, by the data controller, whether personal data, of which that individual is the data subject, are being processed by or on behalf of that data controller. If that is the case, to be given by the data controller a description of: 1) the personal data of which that individual is the data subject 2) the purpose for which they are being or are to be processed 3) the recipients or classes of recipients to whom they are to be disclosed to have communicated to him/her in an intelligible form: 1) the information constituting any personal data of which that individual is the data subject, and 2) any information available to the data controller as to the source of those data, and, where the processing by automatic means of personal data of which that individual is the data subject for the purposes of evaluating matters relating to him/her such as, for example, his/her performance at work, his/her creditworthiness, his/her reliability or his/her conduct, has constituted or is likely to constitute the sole basis for any decision significantly affecting him/her, to be informed by the data controller of the logic involved in that decision-taking. 2. A data controller is not obliged to supply any information under subsection (1) unless he/she has received: (a) (b) a request in writing, and except in prescribed cases, such fee (not exceeding the prescribed maximum) as he/she may require. 3. A data controller is not obliged to comply with a request under this section unless he/she is supplied with such information as he/she may reasonably require in order to satisfy him/herself as to the identity of the person making the request and to locate the information which the person seeks. 4. Where a data controller cannot comply with the request without disclosing information relating to another individual who can be identified from that information, he/she is not obliged to comply with the request unless: (a) (b) the other individual has consented to the disclosure of the information to the person making the request; or it is reasonable in all the circumstances to comply with the request without the consent of the individual. 5. In subsection (4) the reference to information relating to another individual includes CCTV Policy Page 8 of 18

12 reference to information identifying that individual as the source of the information sought by the request; and that subsection is not to be construed as excusing the data controller from communicating as much of the information sought by the request as can be communicated without disclosing the identity of the other individual concerned, whether by omission of names or other identifying particulars or otherwise. 6. In determining for the purposes of subsection (4b) whether it is reasonable in all the circumstances to comply with the request without the consent of the other individual concerned, regard shall be had, in particular, to: (b) (c) (d) (e) any duty of confidentiality owed to the other individual; any steps taken by the data controller with a view to seeking the consent of the other individual; whether the other individual is capable of giving consent, and any express refusal of consent by the other individual. 7. An individual making a request under this section may, in such cases as may be prescribed, specify that his/her request is limited to personal data of any prescribed description. 8. Subject to Subsection (4), a data controller shall comply with a request under this section promptly and in any event before the end of the prescribed period beginning with the relevant day. 9. If a court is satisfied on the application of any person who has made a re quest under the forgoing provisions of this section that the data controller in question has failed to comply with the request in contravention of these provisions, the court may order him/her to comply with the request. 10. In this section: prescribed means prescribed by the Secretary of State by regulations; the prescribed maximum means such amount as may be prescribed; the prescribed period means 40 days or such period as may be prescribed; the relevant day in relation to a request under this section, means the day on which the data controller receives the request or, if later, the first day on which the data controller has both the required fee and the information referred to in subsection (3). 11. Different amounts or periods may be prescribed under this section in relation to different cases. Section 8 1. The Secretary of State may by regulations provide that, in such cases as may be prescribed, a request for information under any provision of subsection (1) of section 7 is to be treated as extending also to information under other provisions of that subsection. 2. The obligation imposed by section 7 (1)(C)(i) must be complied with by supplying the data subject with a copy of the information in permanent form unless: a) the supply of such a copy is not possible or would involve disproportionate effort; or b) the data subject agrees otherwise CCTV Policy Page 9 of 18

13 and where any of the information referred to in Section7(1C,I) is expressed in terms which are not intelligible without explanation the copy must be accompanied by an explanation of those terms. 3. Where a data controller has previously complied with a request made under section 7 by an individual, the data controller is not obliged to comply with a subsequent identical or similar request under that section by that individual unless a reasonable interval has elapsed between compliance with the previous request and the making of the current request. 4. In determining for the purposes of subsection (3) whether requests under section 7 are made at reasonable intervals, regard shall be had to the nature of the data, the purpose for which the data are processed and the frequency with which the data are altered. 5. Section 7(1)(d) is not to be regarded as requiring the provision of information as to the logic involved in the decision taking if, and to the extent that, the information constitutes a trade secret. 6. The information to be supplied pursuant to request under section 7 must be supplied by reference to the data in question at the time when the request is received, except that it may take account of any amendment or deletion made between that time and the time when the information is supplied, being an amendment or deletion that would have been made regardless of the receipt of the request. 7. For the purposes of section 7(4) and (5) another individual can be identified from the information being disclosed if he/she can be identified from that information, or from that and any other information which, in the reasonable belief of the data controller, is likely to be in, or come into, the possession of the data subject making the request. CCTV Policy Page 10 of 18

14 Use of CCTV Summary of main points from IOC CCTV Code of Practice (revised edition 2008) The Data Protection Act 1998is the first piece of legislation to control the u se of CCTV in public areas. The use of CCTV must comply with the 8 principles of the DPA: 1. Fairly and lawfully processed 2. Processed for limited purposes and not in any manner incompatible with those purposes 3. Adequate, relevant and not excessive 4. Accurate 5. Not kept for longer than is necessary 6. Processed in accordance with individuals rights 7. Secure 8. Not transferred to countries without adequate protection Purpose of CCTV cameras There must be an agreed and established purpose for the use of the cameras. Legal purposes can be as follows: 1. Prevention, investigation, detection of crime 2. Apprehension and prosecution of offenders (and use as evidence in criminal proceedings) 3. Public and employee safety 4. Staff discipline 5. Traffic flow monitoring This purpose should be included in the Trust s annual Notification to the Information Commissioner. Siting of the cameras 1. CCTV should be placed so that the images captured only relate to the purpose for which the camera is being used. 2. The cameras should be fixed in place so that their use cannot be altered Declaring the use of CCTV 1. Signs should be placed so that the public are aware they are entering a zone covered by CCTV. (Only in certain circumstances are having no signs acceptable) 2. Signs should be clear and visible and include the following: - Identity of organisation responsible - Purpose for the cameras - Details of whom to contact about the use of the cameras 3. This can be achieved by showing an image of a CCT V camera and including the wording: CCTV Policy Page 11 of 18

15 Quality - CCTV in operation for public safety and the prevention of crime. Contact.. (insert phone number) and Trust s logo or - This scheme is controlled by Trust. For further information contact.. (insert phone number). 1. If the equipment used has a sound recording facility, this should only be used to record sound if this is also declared on the sign and it is relevant to the purpose. 2. Images must be of good enough quality to identify individuals for the specified purpose 3. Any automated decision making (by the camera) should be accompanied by human verification Retention of the images 1. Images must only be retained for the specified purpose of the CCTV cameras 2. A retention period should be set (as short as possible, based on operational and legislative need) and the images should be erased after this period expires 3. Images should be stored securely for their retention period Access to the images 1. Images should only be accessed by authorised users of the equipment and relevant third parties. These may include: - Police - Relevant legal representatives - Subjects of CCTV footage (unless release may prejudice criminal proceedings) - Media (if public assistance is necessary to criminal proceedings) 2. However, al l requests for access should be assessed according to the disclosure rights under the Data Protection Act If a request is made by an individual to see footage held about him/herself, this should be dealt with according to the Trust s subject access request procedure. This entails the completion of a Subject Access Request Form and all requests being sent to the Trust s Data Protection Officer (DPO) with a 10 fee and necessary identification (contact number below for more details). The DPO may require further identification, e.g. photo image and dates that the individual was present at the site where the CCTV was located. The DPO will administer the request through the relevant Section and decisions will be made about confidentiality owed to third parties and the likelihood of criminal investigations being compromised by the release of data. Documentation to be kept relating to the CCTV system 1. A documented procedure for ensuring accuracy of the workings of the camera (e.g.: date and time recording). 2. A maintenance log and have clearly identified repair personnel 3. A log of access to the system - By authorised users - By third parties For any further queries relating to CCTV and Data Protection please contact the Trust s Data Protection Officer on CCTV Policy Page 12 of 18

16 Appendix 2 Request for Disclosure of Personal Data Under Section 29(3)/35 of the Data Protection Act, 1998 Section 1 Requestor Details Requested By (Name): Job Title: Organisation (including address) Section 2 Data Subject s Details Name: Address: Other Identifying Information Specific Information Required: Section 3 Information Supporting Disclosure Offence: Unable to specify the offence due to the risk of prejudice to the case Reason Information is Necessary: CCTV Policy Page 13 of 18

17 I certify that the data is required for one of the following purposes (please tick appropriate one), and non-disclosure would prejudice that purpose. I also certify that it will not be used in any way incompatible with the purpose: Prevention or detection of crime Apprehension or prosecution of offenders Assessment or collection of tax, duty or imposition of similar nature I understand that if any of the information given on this form is incorrect, I may be committing an offence under section 55 of the Data Protection Act1998. Signed: Date: Authorised: Print Name: Job Title Date: Authorisation should be given by person no lower than Police Inspector or Head of Unit/Section/Department, and the person making the authorisation should be higher position within the organisation than the person making the request. Tick box if attachments provided with form and list below For Official Use Only Information Released Yes No Signed: Print Name: Job Title Date: CCTV Policy Page 14 of 18

18 Request for Disclosure of Personal Data Under section 29(3)/35 of the Data Protection Act, 1998 Accompanying Notes Completing the Form The purpose of this form, request to apply an exemption under s29(3) or s35 of the Data Protection Act 1998, is to enable the Trust to respond to requests for the disclosure of personal data by providing the necessary information to locate the data in question, and to allow an informed decision concerning the request for release of the information based on the understanding of the grounds for applying the exemption. Section 1 Please provide sufficient details to enable us to identify you as a person with the statutory authority to make a request under the exemptions, and to allow us to contact you or forward the information once a decision has been made. Section 2 Please specify the information you are looking for and if known any other details which would enable us to locate the data e.g. department the individual has had contact with, or where the data is likely to be held. You can attach any additional documents which may help us to locate the information, or identify the data subject. Please tick the attachments box at the bottom of the form if you are sending any additional information. For the purposes of crime prevention or apprehension/conviction of an offender the requested information should relate to a specific individual this exemption should not be used for "trawling" for information Section 3 On the rare occasion where you are unable to specify the offence please tick the appropriate box underneath. This should only be used where it is likely to prejudice the case as this information can aid the decision making process. The Trust reserves the right to withhold data if sufficient grounds for applying an exemption are not provided. Checklist for Members of Staff 1. Has the section 29 form been completed? If not then information must not be released. 2. Has a person with relevant authority (Head of unit or above) signed the form? 3. Are you satisfied the information is required for the purposes as identified in the form? If not refer to your line manager. 4. Are they asking for information under statutory powers or are they requesting a section 29 exemption? 5. If they are requesting a Section 29 exemption then this form must be completed. Enquiries All enquiries regarding this form should be made to the Trust s Data Protection Officer on CCTV Policy Page 15 of 18

19 Appendix 3 Application for Access to Recorded Images (Subject Access Request) Please ensure that ALL sections are completed before returning the form Section 1 About You The information requested below is to help Worcestershire Health and Care NHS Trust to: 1. Satisfy itself as to your identity. 2. Find any relevant data held. Title (tick box) Mr Mrs Miss Ms Other Title (e.g. Dr.) Surname/Family Name First Name(s) Maiden/Former Name Sex (tick box) Male Female Height Date of Birth Place of Birth Your Current Home Address (To Which We Will Reply) Post Code Telephone Number Town County A telephone number will be helpful in case there is a need to contact you If you have lived at the above address for less than 10 years, please give your previous address(es) for this period. Dates of occupancy Previous Addresses Dates of occupancy Dates of occupancy CCTV Policy Page 16 of 18

20 Section 2 Proof of identity To help establish your identity, your application must be accompanied by TWO official documents that, between them, show your name, date of birth and current address. For example, birth/adoption certificate, driving licence, medical card, passport or other official document that shows your name and address. Also a recent full-face photograph of yourself. Failure to provide this proof of identity may delay your application. Section 3 Supply of Information You have a right, subject to certain exceptions, to receive a copy of the information in a permanent form. Do you wish to: a) View the information and receive a permanent copy.* b) Only view the information.* * Delete as appropriate Section 4 Declaration Declaration (to be signed by the applicant) I have read and understood the accompanying leaflet explaining the relevant body s policy in relation to the purpose of CCTV surveillance and the arrangements for access to recorded images. I certify that the information that I have supplied in this application is true and accurate and that I am the person to whom it relates. I understand that it is necessary for the relevant body to confirm my identity and that it may be necessary to obtain more detailed information in order to locate the correct information. I enclose a non-refundable payment of 10 for the search to be completed. Signed By Print Name Date Warning - A person who impersonates, or attempts to impersonate, another may be guilty of an offence. Section 5 To Help Us Find the Information A witness reporting an (alleged) offence or incident A witness to an (alleged) offence or incident A victim of an (alleged) offence Were You (tick box) A person accused or convicted of an offence Other (please give details) Yes No Yes No Yes No Yes No CCTV Policy Page 17 of 18

21 Date(s) and Time(s) of Incident(s) Place Where the Incident Happened Brief Details of Incident Use Separate sheets if required. Before Returning This Form Have you completed all sections of the form Have you enclosed TWO identification documents? Have you signed and dated the form? Have you enclosed the (ten pounds) fee? Have you included a stamped addressed envelope for the return of proof of identity/authority documents (where appropriate)? Note Worcestershire Health and Care NHS Trust reserves the right to obscure or suppress information relating to other third parties (under the terms of the Data Protection Act 1998). Further Information Further information and advice may be obtained from: Information Commissioner Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF Tel: (01625) Please note that this application for access to information must be made direct to Worcestershire Health and Care NHS Trust and NOT to the ICO. Signed By: Print Name: Date A written response to your application will be made within 21 days CCTV Policy Page 18 of 18