Academic Handbook Operations

CCTV Policy

Last modified on August 23rd, 2024 at 12:43 pm

Print/Save PDF

Introduction

  1. Northeastern University London (the University) operates a Closed Circuit Television (CCTV) surveillance system across its campus buildings. This Policy sets out the purpose, use and management of the CCTV system at the University.
  2. The University complies with the Information Commissioner’s Office (ICO) CCTV Code of Practice, Data Protection Act 2018 and any subsequent data protection legislation, the Freedom of Information Act 2000, the Protection of Freedoms Act 2012, and the Human Rights Act 1998.
  3. CCTV outside of the University demise or buildings (including Landlord communal areas) are not the responsibility of the University and are not covered by this Policy.

CCTV System Overview

  1. The University’s CCTV system is owned by Northeastern University – London and managed by the University and its appointed contractor. Under current data protection legislation, Northeastern University – London is the ‘data controller’ for the images produced by the CCTV system. The University is registered with the Information Commissioner’s Office and the registration number is Z2735495. The CCTV system operates to meet the requirements of the Data Protection Act and the Information Commissioner’s guidance and is subject to a Data Protection Impact Assessment and a Privacy Assessment.
  2. The Director of Resourcing and Operations is responsible for the overall management and operation of the CCTV system, including activities relating to installation, recording, reviewing, monitoring and ensuring compliance with this Policy. 
  3. The CCTV system operates video-only (no audio) cameras across University’s buildings, including social, academic, and administrative areas. The cameras are typically placed at access/egress points, stairwells, corridors, and general use areas. CCTV is not placed inside classrooms, bathrooms, wellness rooms, or private offices.
  4. Signs are placed at University entrances, and other conspicuous locations, in order to inform staff, students, visitors and members of the public that CCTV is in operation. 
  5. The principal purposes of the CCTV system are:
    1. To proactively deter crime, particularly that which might harm an individual or relate to the theft or destruction of property.
    2. To provide real-time monitoring in the event of an active emergency or major event.
    3. To serve as an investigative tool.
  6. The University does not use facial recognition software: CCTV is used to facilitate community safety and not as a tracking tool.

Monitoring and Recording

  1. Cameras are monitored by Security Staff, who maintain day to day security of the campus. Outside Security Staff hours, the device is locked securely away.
  2. Generally, University video footage is stored locally on the London campus. 
  3. Designated individuals at Northeastern University’s Police Department (NUPD) and Office of General Counsel, both located in Boston, Massachusetts, United States are able to access video footage from the United States, for the purpose of advising on an investigation or advising on other legal or security matters. Northeastern University has a data sharing agreement with the University and treats all data in accordance with the Data Protection Act.
  4. The Director of Resourcing and Operations (or their nominated deputy), the Head of Facilities and the Security Manager are the only University personnel on site authorised to download, edit, and distribute video footage for Northeastern University London.
  5. The cameras record at all times.
  6. The cameras installed provide images that are of suitable quality for the specified purposes for which they are installed, and all cameras are routinely checked to ensure that the images remain fit for purpose and that the date and time stamp recorded on the images is accurate.
  7. All images recorded by the CCTV system remain the property and copyright of the University.

Applications for Camera Footage Review

  1. Any party requesting review of University CCTV footage must submit an access request form to the Security Manager or Head of Facilities. Requests to review footage are approved on a case by case basis by the Director of Resourcing and Operations (or their nominee).
  2. When a CCTV review has been approved the University will conduct a review on the person’s behalf but will not disclose any footage. This process is only for an investigative purpose and does not take precedence over the University’s Data Protection Policy.

Access to and Retention of CCTV Footage

  1. Requests by individual data subjects for images relating to themselves should be submitted via a “Subject Access Request” in accordance with the University’s Data Protection Policy.
  2. Requests for images made by a third party should be made in writing to the Director of Resourcing and Operations. Such disclosures will be made at the discretion of the Director of Resourcing and Operations, with reference to relevant legislation and, where necessary, following advice from the University’s Data Protection Officer.
  3. A record of any disclosure made under this policy will be held on the CCTV management system, itemising the date, time, camera, requester, authoriser and reason for the disclosure.

Retention of Images

  1. Unless required for evidential purposes, the investigation of an offence, or as required by law, CCTV images fall under the category of ‘routine security surveillance’ in the University’s data retention schedule and will be retained for no longer than 30 days from the date of recording.

Monitoring Compliance

  1. All staff involved in the operation of the University’s CCTV system will be made aware of this Policy and will only be authorised to use the CCTV system in a way that is consistent with the purposes and procedures contained therein.
  2. All staff with responsibility for accessing, recording, disclosing or otherwise processing CCTV images will be required to undertake data protection training and training in the operation of the CCTV system.

Misuse

  1. All staff who use the CCTV system are required to do so in compliance with this Policy and with relevant legislation; any staff members who fail to do so will be subject to staff disciplinary proceedings.

Version History

Title: CCTV Policy

Approved by: Executive Committee

Location: Academic Handbook/ Policies and Procedures/ General/ Operations
Version Number Date Approved Date Published  Owner  Proposed Next Review Date
24.1.2 August 2024 August 2024 Director of Resourcing and Operations September 2025
Version numbering system revised March 2023.
1.1 January 2023 January 2023 Director of Resourcing and Operations September 2023
1.0 September 2021 September 2021 Director of Resourcing and Operations September 2023
Referenced documents Data Protection Policy.
External Reference Point(s) Data Protection Act 2018; Freedom of Information Act 2000; Protection of Freedoms Act 2012; Human Rights Act 1998.