Closed Circuit Television (CCTV) Policy

1.1 The Parks Trust owns around 6,000 acres of parks, lakes and woods in Milton Keynes. This estate includes numerous operational properties, public car parks and leisure attractions. In addition, the Trust owns commercial property in Milton Keynes and further afield. 

1.2 In order to fulfil its duty of care to the public and to safeguard its assets the Trust has installed CCTV systems in some of its parks and commercial properties and from time to time deploys mobile CCTV to gather data on issues identified in specific locations. The key objectives are to:

• Reduce crime and anti-social behaviour and enhance the public’s feeling of safety on Parks Trust land.
• Assist the detection of crime and irregular activities on The Parks Trust estate and the apprehension and prosecution of offenders.
• Provide a better understanding of how certain areas of our parks are used. 

1.3 The Trust takes professional advice from an independent security consultant (Crimewave Ltd, ASC accredited) and this policy has been drawn up with their assistance.

2.1 This policy is built upon relevant UK government law and guidance, and industry best practices and will be reviewed every 2 years to ensure it complies with current legal requirements, policies and best practices. Any procedures founded on this policy will be reviewed at a time when this policy is amended.

3.1 As the Data Controller, The Parks Trust is responsible for the personal data collected by its CCTV system. We use a professional company as a Data Processor to act on our instructions. We have undertaken appropriate due diligence and have contractual safeguards in place with our Data Processor to ensure that the integrity of the data and data security can be maintained throughout processing. We recognise that the Data Processor may use Sub-Processors for certain procedures, and we have ensured sub-processors will adhere to the same standards as our data processor.

The Trust also operate dashcams and BWV and is covered by its own policy and procedures.

3.2 The below roles and agencies are responsible for CCTV:

• The Head of Property is responsible for ensuring this policy is followed, determining who the CCTV Operators are and that they’re sufficiently trained to manage CCTV situated at the Trust’s office, commercial rental properties and operational buildings within Milton Keynes.
• The Head of Operations and Forestry is  responsible for ensuring this policy is followed, determining who the CCTV Operators are and that they’re sufficiently trained to manage CCTV at external spaces and land the Operations Department are responsible for.
• The Executive Director of Willen Lake is responsible for ensuring this policy is followed, determining who the CCTV Operators are and that they’re sufficiently trained to manage CCTV that operates at Willen Lake.
• An external agency, Crime Wave Solutions, will train the CCTV Operators to manage CCTV situated across The Parks Trust estate. They will also ensure they handle data in line with this policy.
• The IT Manager is responsible for technical support of the CCTV systems.
• The Digital Marketing and CRM Manager is responsible for ensuring the document owners are kept up to date with any data protection legislation which impacts this policy and related procedures.

4.1 The purpose and deployment of cameras for its respective department will be approved by the relevant manager (see clause 3.2 of this policy). They must be satisfied that the deployment is: 

• Justifiable – there must be adequate reason to show the cameras are an appropriate response and there are clear objectives for their deployment.
• General – the target of the surveillance must be in a public area or against unknown offenders. If a known individual is the target this becomes ‘Direct Surveillance’, and the deployment will have to be authorised under the Regulation of Investigatory Powers Act 2000.
• Reviewable – All mobile CCTV deployments are temporary and are under continual review.  

4.2 CCTV warning signs will be put up in the vicinity of cameras to inform people the area is under surveillance. Where practical to do so, signage will be attached to pre-existing fixed installations and will provide contact details for data requests. This will display contact information for data requests.

4.3 Camera locations are chosen to minimise viewing of spaces not relevant to the legitimate purpose of the monitoring. As far as practically possible, CCTV cameras will not focus on public paths, private homes, gardens or other areas of private property. No surveillance cameras will be placed in areas where there is an expectation of privacy (for example, monitoring whilst you are at a desk or when you are in changing rooms) unless, in very exceptional circumstances, it is judged by us to be necessary to deal with very serious concerns.

4.4 Information gathered will be treated carefully and sensitively, and information will not be shared or inappropriately made public. 

4.5  Cameras will be operated in compliance with the Data Protection Act 2018 and any other data protection laws in force.

4.6 Senior Managers  will be responsible for keeping a record of each deployment, results and what was gained from each deployment. This is shared through a monthly report from Crimewave for any park developments.

4.7 Prior to installation of CCTV, a Data Protection Impact Assessment (DPIA) will be carried out. Any digital masking of field of view is carried out. 

4.8 CCTV will not be used to record sound.

4.9 All fixed camera installations and service contracts should be undertaken by NSi / SSAIB approved security companies. Upon installation all equipment is tested to ensure that only the designated areas are monitored, and high-quality pictures are available in live and play-back modes. 

4.10 All Fixed CCTV equipment should be serviced and maintained on an annual basis by an NSi / SSAIB approved supplier.

The sharing of recorded CCTV footage collected by the Trust is controlled and audited. Data will not normally be released unless satisfactory evidence that it is required for legal proceedings or under a court order has been produced. In other appropriate circumstances, we may allow law enforcement agencies to view or remove CCTV footage where this is required for the prevention or detection of crime, and/or the apprehension or prosecution of offenders with valid authorisation.

5.1 Data subjects may make a request for disclosure of their personal information and this may include CCTV images (Data Subject Access Request “DSAR”). A DSAR is subject to the statutory conditions from time to time in place. In order for us to locate relevant footage, any requests for copies of recorded CCTV images must include the date and time of the recording, the location where the footage was captured and, if necessary, information identifying the individual. We reserve the right to obscure images of third parties when disclosing CCTV data as part of a subject access request, where we consider it necessary to do so. Access to CCTV footage can be requested via privacy@theparkstrust.com.

5.2 You may be able to request that we erase or restrict the processing of your data captured through CCTV. In some circumstances, such as if it necessary for the prevention and detection of crime, we may not be able to do so. Requests for erasure or restriction of processing can be made via: privacy@theparkstrust.com.

5.2 Upon receipt of a request the relevant Senior Manager will determine whether there is a duty of care to protect the images of any third parties. If the duty of care cannot be discharged, then the request can be refused. If there is any doubt that access can be granted, the Chief Executive must make the decision. 

5.3 Any images will be provided within 40 days of a valid request, which will be requested in writing by the Trust to the Data Processor. 

5.4 All recordings are treated as “confidential” and will only be available to trained CCTV operators or individuals that have the consent to view the footage under supervision. 

5.5 Images which are not required for the purpose for which the equipment is being used will not be retained for longer than is necessary which, at present, Milton Keynes Parks Trust deems as being up to 31 days. While images are retained, it is essential that their integrity be maintained, whether it is to ensure the evidence value or to protect the rights of people whose images may have been recorded. It is therefore important that access to and security of images is controlled in accordance with the requirement of the Data Protection Act 2018. 

5.6 All images recorded by fixed CCTV systems are recorded on to a digital recorder and stored securely within the system’s hard drive. The hard drive is overwritten automatically within 31 days. Re-deployable or temporary CCTV systems retention time will vary.  This period will be reviewed and revised, if necessary, as part of the organisation’s overall review of this policy. General CCTV footage will only remain on the system until over-written. 

5.7 Where the images relate to external offenses, once submitted to the relevant authority they are not retained for longer than 90 days.

5.8 Viewing of images is controlled by the Senior Manager. CCTV images must always be viewed in a restricted area, such as a designated secure office. The Trust’s CCTV operators will be able to view the data, but do not save or transfer it. The Data Processor will be able to save data and transfer it to individuals based on the Data Controller’s written instructions. 

5.9 In the event of an incident being investigated, only footage pertaining to that incident will be retained and kept securely, until a time when the purpose has been discharged or once it is legally permissible. 

5.10 We conduct regular reviews of the Personal Data we process and update our documentation accordingly. Such documentation is available for review if required by a regulatory body.

5.11 CCTV data will be subject to appropriate security measures to safeguard against unauthorised access and use. 

5.12 The Trust authorises the Data Processor to provide footage to emergency services in advance of a written request for expediency during time-sensitive situations. This pre-authorisation does not waive the requirement for a written request which should be provided by the emergency services within a reasonable timeframe to maintain an audit trail.