CCTV POLICY

Introduction

CCTV cameras are in operation in Bayside Medical Centre for the protection of our patients and team members. The purpose of this policy is to regulate the use of Closed Circuit Television (CCTV) and its associated technology when monitoring both the internal and external environment of the Physio Hub premises. A copy of this CCTV Policy will be made available on the Physio Hub website, provided to all Physio Hub staff and a copy will be provided to visitors / patients on request.

This policy applies to all personnel in and visitors to Physio Hub, Bayside Medical Centre, Sutton, Dublin 13. Moreover, it relates directly to the location and use of CCTV, and the monitoring, recording and subsequent use of such recorded material. This policy prohibits CCTV monitoring based on the characteristics and classifications contained in equality and other related legislation e.g. race, gender, sexual orientation, national origin, disability etc. Furthermore, CCTV monitoring is limited to uses that do not violate the reasonable expectation to privacy as defined by law. The CCTV cameras will be used to:
Protect Physio Hub’s buildings and assets, both during and outside of operational hours (the system will be in operation 24 hours a day, every day);
promote the health and safety of personnel and visitors;
support the Gardaí in a bid to deter and detect crime;
and assist identifying, apprehending and prosecuting offenders. The personal data recorded and stored by the CCTV system will be used only for the purposes outlined in this policy document. Collection, storage and use of CCTV footage shall be in compliance with Data Protection legislation.

The data controller in respect of images recorded and stored by the CCTV system at Physio Hub’s premises is Physio Hub. The data processor is Physio Hub. The Director or appropriate nominee(s) is responsible for monitoring the implementation and compliance of the CCTV policy within Physio Hub.

Fair Obtaining

The fair obtaining principles inherent in the Data Protection Acts 1988 and 2003 require that those people whose images may be captured on camera are so informed. Accordingly, Physio Hub’s Data Protection Officer will provide a copy of this CCTV Policy to staff and on request to visitors / patients to Physio Hub. Adequate signage will be placed at each location in which CCTV cameras are situated to indicate that CCTV is in operation (locations listed in following section). The name and contact details of the data controller as well as the specific purpose for which the CCTV camera is in place in each location can be provided upon request.

Location of Cameras
The CCTV network for Physio Hub is located in the following areas:
-All Dental Surgeries
-Waiting Room
-Decontamination Room
-OPG X-ray Room and small adjoining corridor immediately outside of the OPG room
There are 11 cameras in total with the objective of protecting the safety and wellbeing of the Physio Hub team and our patients.

Operation of the System
The recording system is a Digital system which records video data. The system can only be accessed by the Director of Physio Hub or an appropriate nominee(s).

Data Protection, Storage and Retention
The data captured from the CCTV cameras is securely stored as electronic data in a designated area within the dental clinic. Typically, this data is recorded on a loop and will be retained for a short period until it is over written on the Hard Drive. However, data may be retained for longer periods where in the opinion of Physio Hub the events captured may give rise to court proceedings. Unauthorised access to the CCTV data is not be permitted at any time. Access to the data is restricted to authorised personnel (see Section 6 for list). There is no access to the CCTV data other than with authorised personnel. The storage devices are password protected. Supervising the access and maintenance of the CCTV system is the responsibility of the Director or appropriate nominee(s). Unauthorised access will be viewed as a data breach. In such an event, Physio Hub’s Data Breach Management Policy and Procedure must be followed.

Access to the CCTV system will be restricted to authorised personnel only (as indicated in Section 6). In relevant circumstances, CCTV footage may be accessed: By An Garda Síochána where Physio Hub are required by law; Access requests can be made to:

Dr Laura Fee (Director) Physio Hub Bayside Medical Centre, Bayside Shopping Centre, Sutton, Dublin 13 [email protected]

With regard to requests from An Garda Síochána to download footage, the footage will only be released to An Garda Siochana and if requested by a Judge in a Court of Irish Law, the Data Protection Commissioner recommends that requests for copies of CCTV footage should only be granted when a formal written request is provided to Physio Hub stating that An Garda Síochána is investigating a criminal matter.

For practical purposes, and to expedite a request speedily in urgent situations, a verbal request may be sufficient to allow for the release of the footage sought. However, any such verbal request must be followed up with a formal written request.

It is up to Physio Hub to be satisfied that there is a genuine investigation underway. For practical purposes, a phone call to the requesting Garda’s station may be sufficient, provided that you speak to a member in the District Office, the station sergeant or a higher ranking officer, as all may be assumed to be acting with the authority of a District/Divisional officer in confirming that an investigation is authorised.

A log of all An Garda Síochána requests will be maintained by Physio Hub. Any such requests should be on An Garda Síochána headed paper, quote the details of the CCTV footage required and should also cite the legal basis for the request (i.e. Section 8(b) of the Acts). Prior to Physio Hub issuing any CCTV images to An Garda Síochána, it will be discussed and agreed with the responsible Physio Hub staff member.

There is a distinction between a request by An Garda Síochána to view CCTV footage and to download copies of CCTV footage. In general, An Garda Síochána making a request to simply view footage on the premises of a data controller or processor would not raise any specific concerns from a data protection perspective.

If you think that any of your information we have is incorrect or incomplete, please contact us as soon as possible at [email protected]. We will promptly correct any information you update with us.

Links To Other Websites
This policy will be reviewed and updated regularly to take into account changing Data Protection legislation or guidelines from the Data Protection Commissioner, An Garda Síochána, and relevant bodies. Revision Date Description Approved by A copy made available at reception for visitors.

Appendix: Glossary of Terms

CCTV – Closed-circuit television is the use of video cameras to transmit a signal to a specific place on a limited set of monitors. The images may then be recorded on video tape or DVD or other digital recording mechanism.

The Data Protection Acts – The Data Protection Acts 1988 and 2003 and any future amendments that confer rights on individuals as well as responsibilities on those persons handling, processing, managing and controlling personal data. All staff must comply with the provisions of the Data Protection Acts when collecting and storing personal information. This applies to personal information relating both to employees of the organisation and individuals who interact with the organisation.

Data – information in a form that can be processed. It includes automated or electronic data (any information on computer or information recorded with the intention of putting it on computer) and manual data (information that is recorded as part of a relevant filing system or with the intention that it should form part of a relevant filing system).

Personal Data – Data relating to a living individual who is or can be identified either from the data or from the data in conjunction with other information that is in, or is likely to come into, the possession of the data controller.

Access Request – this is where a person makes a request to the organisation for the disclosure of their personal data under Section 3 and/or section 4 of the Data Protection Acts.

Data Processing – performing any operation or set of operations on data, including:

-Obtaining, recording or keeping the data,

-Collecting, organising, storing, altering or adapting the data,

-Retrieving, consulting or using the data,

-Disclosing the data by transmitting, disseminating or otherwise making it available,

-Aligning, combining, blocking, erasing or destroying the data.

Data Subject – an individual who is the subject of personal data.

Data Controller – a person who (either alone or with appropriate nominee(s) controls the contents and use of personal data.

Data Processor – a person who processes personal information on behalf of a data controller, but does not include an employee of a data controller who processes such data in the course of their employment, for example, this might mean an employee of an organisation to which the data controller out-sources work. The Data Protection Acts place responsibilities on such entities in relation to their processing of the data. CCTV Policy