CCTV Policy and Code of Practice
Introduction: Closed circuit television (CCTV) is installed at the practice premises for the purposes of staff, patient and premises security. Cameras are located at various places on the premises, and images from the cameras are recorded.
Data Controller: This is the controller of the data and the system, as defined in the Act. In this case the Controllers are Dr Jenkins and Partners
Data Subject: This is the person whose image is within the system, and who has rights of access as determined under the Act
Third Party: A person or body other than the Data Subject who requests access, or to whom an image may be provided
- Images will not be retained longer than is considered necessary, and will be then be deleted.
- All images will be held securely, and all access requests and access to images will be documented.
- Images may record individuals and / or record incidents. Not all recordings are designed to identify persons.
- Other than in accordance with statutory rights, the release or availability of images will be at the discretion of the Partners, who are Data Controllers for the purposes of the Data Protection Act.
- Images are held to improve the personal security of patients and staff whilst on the premises, and for the prevention and detection of crime, and images may be provided to police or other bodies.
- Where access is granted in response to an application received, the image may be edited to exclude images of third parties who may be also included within the requested image. This may be necessary to protect the identity of the third parties. In these circumstances the image released as part of the application may record / identify the “data subject” only.
- Images will be located by the Data Controller or authorised person.
- When assessing the content of the image released the decision will be taken by the Data Controllers having due regard to the requirements of the Data Protection Act and Code of Conduct.
Access – Data Subject
The Data Protection Act 1998 (Section 7) specifies the rights of access of the Data Subject.
All requests for access must be in writing on a Data Access form which will be provided on request, accompanied by a £10 fee, which is non-refundable should the request be declined.
The form must be fully completed.
A response will be provided as soon as possible and in any event within 40 days. Where an application is declined, a reason will be given.
Making an Access Request
- Download access form: CCTV Application for Data Access or ask for a form from reception Application for CCTV Data Access.pdf
- Ensure that the form is fully completed, using a separate sheet of paper if necessary, and return it together with the fee of £10 (non-refundable)
- Please note that a decision on access will be made based only on the details provided within the form and accompanying documents.No other information will be requested. It is therefore essential that full details are given
- Send the application to: Avon Valley Practice, 43 Fairfield, Upavon, Wiltshire, SN9 6DZ
Access – Third Party
Access by third parties will be tightly controlled to ensure the confidentiality of individuals. All requests will be in writing on the standard form provided, accompanied by a £10 access fee, which is non-refundable should the application be declined.
Images will only be made available to third parties in limited and prescribed circumstances, and this will generally be restricted to law enforcement agencies.
Where an application is declined a reason will be given.
These must be in writing and addressed to the Practice Manager.
Where the complaint is by a third party, and the complaint or enquiry related to someone else, the written consent of the Data Subject is required. Where this is not possible full justification must be given.