This code of practice aims to ensure that the closed circuit television (CCTV) system of the University of Bristol stands up to scrutiny and is accountable to the people it aims to protect.
The University of Bristol is committed to the belief that everyone has the fundamental right to respect for his or her private and family life and their home.
The code of practice for the University of Bristol closed circuit television system, operated by Security Services, is underpinned by the Information Commissioner's CCTV Code of Practice, Security Industry Authority standards and Security’s operational procedures.
For the purpose of the code of practice the following definitions will apply:
2.1 University
The University of Bristol
2.2 CCTV
Closed Circuit Television System, which includes digital and analogue recordings
2.3 Security
University of Bristol, Security Services Division.
2.4 Data Controller
The University of Bristol
This code of practice applies to all employees and students of the University of Bristol and all employees of contract services. This code does not apply to standalone webcams or cameras that will be used solely for teaching and research and requests to use such cameras should be sent to the Information Governance Manager (after completing a CCTV Impact Assessment Form (Office document, 23kB)).
The CCTV system is operated by Security Services whose personnel are employed directly by the University of Bristol. The CCTV system, all recorded material and copyright is owned by the University of Bristol.
The following principles will govern the operation of the CCTV system.
The system is intended to provide an increased level of security in the University environment for the benefit of those who study, work, live in or visit the campus.
The CCTV system will be used to respond to the following key objectives, which will be subject to annual assessment:
As community confidence in the system is essential, all cameras will be operational. An appropriate maintenance programme is in place.
6.1 System details
The CCTV system consists of overt cameras situated on University property, which continuously record activities in the area of coverage. The control room is staffed 24-hours a day by qualified and Security Industry Authority (SIA) licensed staff working in shifts. All systems are recording 24 hours a day but not all are monitored around the clock.
Recorded images of living, identifiable individuals constitute personal data under the Data Protection Act. As such, the principles of the Data Protection Act will be adhered to and any future changes of legislation will be taken into account.
The use of CCTV is listed in the University’s notification with the Information Commissioner’s Office.
Use of covert cameras will only be authorised by the Director of Legal Services in exceptional circumstances where there is reason to suspect criminal activity or a serious breach of University regulations and notification of the monitoring would be likely to prejudice the prevention or detection of that activity. The period and scope of the monitoring will be as narrow as possible to allow investigation of the alleged offence and the monitoring will cease as soon as the investigation is complete. Only information gathered in relation to the alleged offence will be retained. This information will only be viewed by those for whom access is strictly necessary, for example in relation to potential disciplinary proceedings. A CCTV Impact Assessment Form (Office document, 23kB) must be completed and authorised prior to installation.
The Freedom of Information Act and the Data Protection Act will be adhered to in relation to requests for access to CCTV footage. Any request for disclosure of information must be made to the Information Governance Manager in the University Secretary’s Office (data-protection@bristol.ac.uk).
Access to the control room and recorded/live footage will be prohibited except for lawful, proper and sufficient reasons (eg. official visits from law enforcement or inspection agencies, security staff, cleaning staff, etc) and only then with the personal authority (verbal or written) of the Head of Security or deputy. Any such visits will be conducted and recorded in accordance with the procedural manual.
All visitors to the control room will be required to sign the visitor’s book and a declaration of confidentiality.
Any other personnel admitted to the control rooms, such as cleaning staff, engineers or IT staff effecting repairs must be authorised by the Head of Security or deputy (verbally or in writing) and must be supervised at all times whilst they are in the control room.
All requests to view CCTV footage will be dealt with in accordance with the Data Protection Act and Freedom of Information Act:
Requests for information by the Police and other authorities must be accompanied by the relevant data protection form duly signed by the appropriate authority and must also be made through the Information Governance Manager. Disclosures in relation to the prevention or detection of crime and the apprehension or prosecution of offenders may occur without the consent of individuals under Schedule 2 Part 1.2 of the Data Protection Act 2018.
Internal requests to view CCTV, for instance in relation to a disciplinary investigation, should be made to the University Secretary’s Office clearly setting out why the request is being made and how it might assist the investigation.
Footage may be accessed without Secretary’s Office authorisation in emergency situations where it is vital that the footage is made available immediately. A data protection form must still be obtained to document that the access occurred.
A copy of this code of practice will be made available to anyone on request.
Signs are placed in the locality of the cameras. The signs indicate:
Any use of the CCTV system or materials produced which is outside this code and is inconsistent with the objectives of the system will be considered gross misconduct. This includes the unauthorised use of webcams.
Misuse of the system will not be tolerated; continuing public support is vital. Any person found operating outside these codes without good and reasonable course will be dealt with under the University disciplinary procedure. If any breach constitutes an offence under criminal or civil law then court proceedings may be taken.
Any complaint concerning misuse of the system will be treated seriously and investigated by the Head of Security (or deputy) and the Information Governance Manager. The Head of Security (or deputy) and the Information Governance Manager will ensure that every complaint is acknowledged in writing within seven working days which will include advice to the complainant of the inquiry procedure to be undertaken.
Where appropriate the Police will be asked to investigate any matter recorded by the CCTV system which is deemed to be of a criminal nature.
In the event of a major incident arising, such as serious public disorder, bomb threats/explosions or serious fires the police will be given authority to supervise the CCTV control room. Such authority will be given by the Head of Security (or deputy) verbally or in writing.
CCTV footage will be retained for a maximum of 30 days, except in cases where a copy has been made in relation to a police investigation. These copies may be held for up to 12 months.
The disposal of footage will take place in accordance with the University’s Disposal of computer equipment and secure erasure of data guidance.
This code of practice will be reviewed annually.
Email: Information Rights Officer Data-protection@bristol.ac.uk