DATE September 2024
REVIEW DATE September 2025
Owner Director of IT
Version Number: Ver01
Working Date: 14/03/2023
9ine Consultants review:
Type of Policy: EXEC
Authorised by Exec:
Authorised by Board: N/A
Effective date of Policy: September 2024
Circulation: Internal, External
INTRODUCTION
1.1 Jumeirah English Speaking School (‘JESS’ and/or the ‘School’) is required to adhere to the UAE Personal Data Protection Laws (PDPL) with respect to all information or data held about students, employees and visitors including any data captured on closed circuit television (CCTV).
1.2 JESS uses CCTV images to provide a safe and secure environment for students, staff and visitors and to protect school property. CCTV operates both at JESS Jumeirah and JESS Arabian Ranches
1.3 The purpose of this policy is to regulate the management, operation and use of CCTV systems at JESS.
1.4 The Policy is intended to ensure that JESS operates the CCTV system in compliance with UAE Data Protection Laws and any other relevant legislation.
PURPOSE
2.1 This policy applies to all staff, students and visitors at JESS Jumeirah and JESS Arabian Ranches.
2.2 JESS has installed the CCTV system to:
2.2.1 Increase personal safety of students, staff, parents and visitors;
2.2.2 Protect the school buildings and property;
2.2.3 Assist in the prevention and detection of misconduct towards the School;
2.2.4 Assist with the identification of actions that might result in disciplinary proceedings against students, staff or visitors;
2.2.5 Assist in the management and monitoring of School facilities including the investigation of accidents;
2.2.6 As a means of assistance to staff in case of emergency situations. This list is not exhaustive and other purposes may be or become relevant.
2.3 The School considers the use of CCTV to be in our legitimate interest to protect property and to maintain the safety of individuals.
2.4 The system comprises cameras installed within School buildings, grounds and perimeters. The location and type of each camera is held in the CCTV Maintenance Service Report Folder and outlined in Appendices 1 and 2. The camera locations were determined by risk assessment High, Medium, Low level risk with the assistance of historical data and incident reports.
2.5 The CCTV systems are owned and operated by the School. The Director of IT has overall responsibility for the CCTV systems. The Network Manager is responsible for the day to day maintenance of the CCTV systems.
2.6 The servers which support the cameras and record the images captured are kept in a secure location in Data Centre 1 (located in AR Reception). JESS understands that all systems, information, documents, and recordings obtained and used as data is protected by the PDPL. The viewing and copying of the images will be strictly controlled. Provision of images to external agencies will only be provided in line with section 4 below.
2.7 The images captured by cameras are recorded continuously. The cameras are not used to record sound but are in operation 24 hours a day, 365 days a year. Images can be viewed when there has been a specific event and in line with the guidance in section 4.
CCTV DESIGN AND OPERATIONAL USE
3.1 All exterior cameras have been directed where they will not focus on private homes, gardens and other areas of private property. The positioning was checked on installation. Cameras are fixed and cannot be moved.
3.2 Signage has been placed in a prominent area adjacent to all surveillance zones.
USERNAME AND IP ADDRESSES FOR CCTV
4.1 The username and IP addresses for all CCTV cameras and devices are held by the Director of IT for safekeeping. The Director of IT can authorise the Network Manager to access the usernames and IP addresses if they are not available to attend to an emergency.
4.2 The username and IP addresses are held in a confidential locked file that only the Director of IT and Network Manager can access.
VIEWING AND STORING OF IMAGES
5.1 The following members of staff are authorised to view images captured by the CCTV system:
5.1.1 the Director;
5.1.2 the Director of IT
5.1.3 the Designated Safeguarding Lead (‘DSL’) for each School. The DSL has the authority to delegate the viewing responsibility to the Designated Safeguarding Officer (‘DSO’) if the DSL is not available.
5.1.4 the Network Manager, for maintenance purposes only;
5.1.5 permanent members of the School Security Team (access to perimeter and gate cameras only);
5.1.6 External CCTV providers (engineers for the purpose of maintenance) only on site, no remote access will be granted;
5.1.7 Any other staff as required to assist in the identification of students or visitors following an incident
5.2 Permanent Security Personnel will view live images of the system at all times while the School is open. Temporary Security staff are not permitted entry into the CCTV control room.
5.3 Images from the monitored CCTV systems can only be viewed in:
5.3.1 Data Centre 1 (located in Arabian Ranches Reception);
5.3.2 Data Centre 2 (located in Jumeirah Library);
5.3.3 the Directors Meeting Room
5 of 14
5.4 Viewing of monitored CCTV images will only take place in the above restricted areas to which other employees will not have access while viewing is occurring.
5.5 Images from the unmonitored CCTV can only be viewed directly from the recorder which is attached to that camera.
5.6 Viewing of unmonitored CCTV images will only take place at the site of the recorder by authorised staff, or any external authority, including the Police. The exception to this is when a member of the DSL has requested a copy of CCTV footage for potential disciplinary proceedings when they must ensure the footage is viewed in a private area and only viewed by those persons pertinent to the investigation. Once the investigation is complete the footage must be returned to the Director of IT where it will be either stored securely or destroyed.
5.7 Other than detailed in 5.1 above, images captured by the system will only be shared with law enforcement agencies where an incident needs to be investigated. Any other requests for images should be refused, except in very limited circumstances where it may be appropriate to release images to a third party. In such cases the agreement of the Director and the Director of IT be sought before this information is released.
5.8 Materials and images from the CCTV system will not be used for any commercial purpose or released to the media.
5.9 When images are provided to any external authority, including the Police, this will be done by downloading the information onto a CD or memory stick. The following information will be recorded in the CCTV Maintenance Service Report Folder for every CD or memory stick produced:
5.9.1 The date and time the information was provided to the external authority;
5.9.2 The details of the person to whom the information has been provided, including their employing organisation and contact details;
5.9.3 The date and time covered by the images on the CD/Memory stick and the cameras on which they had been captured;
5.9.4 The name of the person and their job title transferring the images onto the CD/Memory stick.
5.10 Information stored on the system constitutes personal data as defined by the PDPL. An individual may ask to see images of themselves via a Subject Access Request.
5.11 There will be no disclosure of recorded data to third parties other than the authorised organisations such as the Police and others given permission by the Director or Data Protection Officer for a specific purpose, for example other investigations.
Page 6 of 14
RETENTION
6.1 Monitored CCTV images will be automatically deleted after 90 days1 except in circumstances such as where a law enforcement body is investigating a crime, the footage is required for insurance purposes or as part of an ongoing investigation.
6.2 If images are required as evidence or for a purpose stated above, a record will be kept in the CCTV Maintenance Service Report Folder of any images kept for this purpose, and the images will be deleted once that purpose has been fulfilled.
6.3 Once the purpose for holding the images has been fulfilled, all images will be erased permanently and securely. Any physical matter, such as still photographs, hard copy prints, tapes or discs, will be disposed of as confidential waste.
MAINTENANCE OF THE SYSTEM
7.1 The Network Manager will check and confirm the efficiency of the system on a daily basis. They will ensure that the equipment is recording properly, the cameras are functional, image quality is suitable for the purpose for which it is intended and the date and time stamp on the image is accurate. These checks will be recorded in the CCTV Maintenance Service Report Folder. Any faults will be reported immediately to the Director of IT who will ensure the service provider is informed immediately, this will be recorded in the CCTV Maintenance Service Report Folder.
7.2 Any maintenance, planned or unplanned, will be recorded in the CCTV Maintenance Service Report Folder as will any alterations/additions to the CCTV system. If the CCTV system is altered, for example if further cameras are added, this policy will be reviewed to ensure it is still fit for purpose.
7.3 Prior to the introduction of any new CCTV cameras, the School will consider where they are placed and what data they will capture by carrying out a Data Protection Impact Assessment (DPIA).
BREACHES OF POLICY
8.1 Any breach of this Policy by JESS staff will be investigated initially by an Officer appointed by the Director and may be dealt with under the disciplinary procedure.
8.2 Any complaints about the operation of the CCTV system should be addressed to the Director and dealt with under the School complaints procedure.
1 SIRA standard is a minimum recording of not less than 31 days.
STAFF GUIDANCE AND TRAINING
9.1 All staff are made aware of the CCTV Policy and will be able to access the Policy via the School Staff Handbook.
9.2 Staff authorised to operate the system and view images will be provided with guidance and training on their obligations under this Policy. Staff will be asked to confirm their understanding of the Policy and the requirements of the PDPL.
REVIEW OF POLICY
10.1 The Policy will be subject to annual review or where there are any alterations/additions to the system as specified in 7.2 above. The review will be in consultation with relevant parties.
