ARU uses a number of types of camera which record audio and video. As our uses of these devices have the potential to capture information about individuals this is classed as processing personal data and therefore the Data Protection Act (2018) applies.
The following information relates to the various types of recording cameras used by ARU, why they are used and how we ensure that your privacy rights are respected as the law requires.
ARU uses CCTV systems at our Campuses, Offices and Sites of business either directly managed by us or operated under contract on our behalf by suppliers. We are the Data Controller, and we use these systems for the following purposes:
This guidance explains how we manage the use of these systems in compliance with the law, and follows the guidance of the Information Commissioner’s Office.
For all enquiries about the use of CCTV on our campuses, please telephone The Head of Security on 0845 196 3717
The University does not undertake covert surveillance, however if there were necessary circumstances to do so in future, this would be undertaken in compliance with the relevant laws and regulations.
Only designated staff have routine access to the CCTV systems and they do so in accordance with our Operation Manual. The day to day management of the systems will be the responsibility of the relevant Campus Security Manager.
The images from our cameras are recorded and monitored 24 hours a day 365 days a year with the majority being recorded digitally. All recorded material is the property of Anglia Ruskin University, which retains copyright. Images are overwritten within 31 days.
Body worn video devices (BWV), worn as part of a uniform are in use at University in particular circumstances by authorised Operators. These devices can record both visual and audio information.
BWV systems can be more intrusive than the more ‘normal’ CCTV style surveillance systems because of their mobility. We have therefore considered this when assessing the potential impact of use on Data Subjects; deciding whether or not video and audio use is proportionate, necessary and address a pressing need.
The Head of Security will undertake regular reviews of these procedures. An internal annual assessment will evaluate the effectiveness of the system. A report on the review and assessment process is provided to the Secretary & Clerk.
Unmanned Aerial Systems (UAS), Remotely Piloted Aircraft Systems (RPAS) are terms also used for the now-common term ‘Drones’. These are vehicles which, if fitted with a camera, are capable of recording images whilst airborne. As such they have the means of capturing personal data and their use must comply with the Data Protection Act.
Whilst privacy law has exemptions relating to reasonable domestic use, and use for ARU’s purposes by staff or students is captured by the law.
The University is aware that the use of Drones has a high potential for collateral intrusion by recording images of individuals unnecessarily and therefore can be highly privacy intrusive, ie the likelihood of recording individuals inadvertently is high, because of the height they can operate at and the unique vantage point they afford. Individuals may not always be directly identifiable from the footage captured by Drones, but can still be identified through the context they are captured in or by using the devices’ ability to zoom in on a specific person. As such, we are required to have strong justification for their use and the means to limit the volume of personal data we record which is not necessary for our reasonable purposes.
We will only use Drones where the recording system can be switched on and off when appropriate. This is particularly important given the potential for the cameras to capture large numbers of individuals from a significant height. Where there is an identified need for recording to be continuous, this must be approved by the Data Protection Officer.
There may be many purposes for which Drones could be used, including research, building maintenance and other purposes associated with our Learning Services.
Rules governing the use of Drones cover the whole system, rather than just the device in the air, therefore we ensure that the whole system is compliant; including data storage and access to recordings etc. Any data which we collect is stored securely, for example by using encryption or another appropriate method of restricting access to the information. Using an encrypted wireless communication link wherever possible provides an element of protection against potential hijacking of the device.
Where images or other personal data are stored on the vehicle (e.g. an on-board memory card) then the data will be appropriately protected in the event of loss or theft (e.g. following a crash). The data will be appropriately protected using encryption.
Drones will be controlled to remain within line of sight, retaining a log of usage, copying data to a secure location and securely destroying data on the device as soon as practical.
We ensure that data is retained for the minimum time necessary for its purpose and disposed of appropriately when no longer required. However if we have used Drones recording for purposes which do not involve recording of people (e.g. building maintenance inspections at height) then there is no requirement to have strict retention rules in place. Different retention periods apply to different uses. Please see our Retention guidance for further details.
We are aware that in some circumstances individuals are unlikely to realise that they are being recorded, or may not know that Drones have a camera attached. Making Data Subjects aware that recording may be undertaken is therefore challenging. Typically we will attempt to manage any Drone recording in public by promoting the visibility of Operators and where possible, providing signage. Operators will be able to explain what processing of personal data is being undertaken and direct requestors to this guidance.