Surveillance Camera Commissioner personal information charter
Updated 21 April 2021
© Crown copyright 2021
This publication is licensed under the terms of the Open Government Licence v3.0 except where otherwise stated. To view this licence, visit nationalarchives.gov.uk/doc/open-government-licence/version/3 or write to the Information Policy Team, The National Archives, Kew, London TW9 4DU, or email: psi@nationalarchives.gov.uk.
Where we have identified any third party copyright information you will need to obtain permission from the copyright holders concerned.
This publication is available at https://www.gov.uk/government/publications/surveillance-camera-commissioner-privacy-information-notice/surveillance-camera-commissioner-privacy-information-notice
1. Introduction
This notice is provided in accordance with the UK General Data Protection Regulation (UK GDPR) and Data Protection Act 2018 (and amendments) and collectively referred to in this document as the data protection legislation. It is created following the guidance issued by the Information Commissioner’s Office (ICO) and in consideration of additional guidance material generated by the Home Office.
This notice sets out how those statutory obligations relating to the management of personal data will be addressed by the Surveillance Camera Commissioner (SCC) and the Surveillance Camera Commissioner Team (SCCT).
Information will be provided in the language in which it is held or in such other language that is legally required. Where there is a legal requirement for the SCC to translate any information, this will be done within reasonable timescales. Obligations under disability and discrimination legislation and any other legislation to provide information in other forms and formats will be addressed when providing information in accordance with this scheme.
2. Who we are and what we do
The Surveillance Camera Commissioner is appointed by the Home Secretary pursuant of Section 34(1) of the Protection of Freedoms Act 2012 (PoFA) but is independent of government. The Commissioner regulates the use of surveillance camera systems which are operated overtly in public places by relevant authorities (police forces, local authorities and parish and district councils) in England and Wales and encourages all operators of surveillance camera systems to adopt the provisions of the Surveillance Camera Code of Practice which is issued by the Secretary of State for the Home Department.
As an Arms Length Body to the Home Office, the Commissioner is an independent data controller who determines the purposes and means of processing personal data. The Commissioner is supported by a team of Home Office officials who carry out this processing in accordance with policies and guidance when processing personal data. The Home Office also provides the systems which are used for the purposes of the Surveillance Camera Commissioner relating to the processing of personal information.
The SCC Team are Home Office employees. This means that the Home Office acts as the ‘Surveillance Camera Commissioner’ when processing (i.e. collecting, using, storing, etc.) personal data for the purposes of supporting the Commissioner’s statutory functions.
More information about the role of the SCC and his team is provided on the SCC website.
The SCC only uses Home Office systems in connection with the management of personal data. Home Office policy in relation to the management of personal data is applied in order to be compliant with the requirements of the data protection legislation. The SCC is required by law to appoint a Data Protection Officer (DPO). The Commissioner has appointed the Home Office DPO in this role who provides the independent statutory functions in compliance with Article 37 of the UK GDPR.
To assist the Home Office DPO, the SCCT have identified a Data Protection Lead Officer who will act as the key point of contact with the Home Office DPO in respect of all responsibilities which arise in respect of data protection legislation responsibilities.
The Data Protection Lead Officer can be contacted by email at scc@sccommissioner.gov.uk
Correspondence can also be sent by post to:
The Surveillance Camera Commissioner Team
Data Protection Lead
The Home Office
2 Marsham Street
Westminster
London
SW1P 4DF
3. What data do we collect?
The following personal data is managed by the SCC/SCCT:
- personal data received in emails, letters and other communication/telecommunication from members of the public and external stakeholders
- personal data received and stored on Home Office allocated mobile communication devices
- personal data received from internal Home Office stakeholders including HR and recruitment data
- personal data received for the purpose of expenses claims
- personal data received from external stakeholders via informed consent for the purpose of receiving the Surveillance Camera Commissioner’s newsletter
4. What we do with your data
The SCC/SCCT will record and store all personal information in secure circumstances and thereafter ensure that data is retained for no longer than is necessary. The SCC/SCCT will only share your personal data where there is a basis in law and a legitimate reason to do so in connection with the business and responsibilities of the SCC.
All electronic based information which is received by SCC/SCCT is recorded and retained on Home Office systems. Emails and communications data are stored on secure Home Office electronic systems which are password protected and subject to internal review processes in consideration of our retention policy (see below). Hard copy documentation is recorded and retained in secure storage and subject to internal review processes in consideration of our retention policy (see below).
5. What gives us the right to process your information?
The role of SCC is created by virtue of Section 34(1) of the Protection of Freedoms Act 2012 (PoFA). The statutory responsibilities of the SCC arise from Section 34(2), 35(1) PoFA and Chapter 5 of the Surveillance Camera Code of Practice (SC Code). The SC Code is issued by the Secretary of State in accordance with Section 29 PoFA.
The SCC and his team have a responsibility to record information received, and to process and retain it, where to do so is necessary for the SCC to discharge his statutory functions, so as to demonstrate legitimacy and transparency of those functions the Commissioner undertakes in support of the public interest.
The SCC/SCCT bases the processing of personal data as performance of a public task under the terms of data protection legislation.
6. Privacy information
The SCCT processes personal data to enable the SCC to effectively discharge his responsibilities. Personal data is retained securely only for as long as is necessary for the purposes for which it was collected and retained for no longer than the retention periods set out below.
The SCCT may share your data within the Home Office, with other regulators, with law enforcement and with others stakeholders but only in circumstances where it is necessary to do so for the lawful, diligent and expeditious undertaking of the SCC’s functions.
The SCCT will only share your data otherwise than in accordance with the above with your freely given and informed consent.
The table below sets out the types of personal data obtained by the SCC and his team, and the retention periods for such data:
| Personal data | Retention period |
|---|---|
| Formal letters and other written correspondence to and from SCC and SCC team | Maximum of 4 years to accord with the duration of the SCC’s term of Commission plus one year. This is because matters will be of relevance to a statutory undertaking, public interest or matters in connection with which the SCC may be held to account and the extra year takes into account the potential for a successor to be appointed and ensure continuity as necessary |
| Correspondence/communications data to and from SCC mailbox to public and external bodies/stakeholders | Maximum period of 12 months. This is because the SCC has to address, account for or otherwise make reference to matters which are communicated to him, some of which may be over a protracted period and involve a duty to retain records. An audit trail of a period no longer than this period is important in demonstrating transparency and integrity as an important matter of public confidence |
| Internal emails /communications data within Home Office | Maximum period of 12 months. These are high volume messages which facilitate the administration of the SCC and support functions and occasionally include HR data. The rationale as above equally applies given that all members of SCC/SCCT hold public office. |
| Data obtained through internal and external recruitment campaigns | Held for a period of 2 years. Details obtained via recruitment campaigns are processed by the HO Science Directorate and held for a period of 2 years in line with HO policy |
| Expenses information from expenses claims from stakeholders | Held for a period of 2 years. Details of stakeholder expenses claims made under Home Office rules following attendance at meetings/other legitimate purposes are processed by the HO Science Directorate and held for 2 years to allow for appropriate auditing of Home Office accounts |
| Personal data received via informed consent for the purpose of receiving the Surveillance Camera Commissioner’s newsletter | Held until such time that individuals unsubscribe from the newsletter communications, or email the SCC/SCCT directly to request for their data to be deleted |
| Third party certification and Secure by default self-certification correspondence/communications data to and from Certification bodies and external organisations | Held for a period of 5 years in line with HO policy. We keep our retention periods under review and will update this section should we make changes |
There will inevitably be exceptions to the above which out of necessity may arise from a legal responsibility or legal requirement or significant public interest.
7. Your rights
Under certain circumstances, and unless subject to an exemption under data protection legislation, you have the following rights in respect of your personal data:
- the right to request a copy of the personal data which the SCC and his team hold about you, and details of how this data is collected and used (you can do this by submitting a Subject Access Request)
- the right to request the rectification of personal data which the SCC and his team hold about you
- the right to have your data erased and to withdraw your consent to data processing where your consent has been specifically sought and obtained
- the right to request restrictions on further processing of your personal data to limit the way which the SCC and his team uses your data
- the right to object to your personal data being processed by the SCC and his team
Such requests should be made to the SCCT Data Protection Lead by email: scc@sccommissioner.gov.uk
Alternatively, requests may be made by post to:
The Surveillance Camera Commissioner Team
Data Protection Lead
The Home Office
2 Marsham Street
Westminster
LONDON
SW1P 4DF
8. Data Protection Officer
Since personal data processed by the SCCT is done by Home Office Officials, you may also contact the DPO direct if you believe that your personal data has not been appropriately handled.
The contact details of the Home Office Data Protection Officer:
Office of the DPO
Peel Building
2 Marsham Street
London
SW1P 4DF
- email: dpo@homeoffice.gov.uk
- telephone number: 020 7035 6999
You also have the right to complain to the Information Commissioner’s Office (ICO) if you are dissatisfied with the manner in which your personal data has been handled.
You can contact the ICO on 0303 123 1113 or by email by accessing the following link in their website https://www.ico.org.uk/global/contact-us/email/.
Alternatively, you can write to the ICO at:
The Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF