CCTV Systems

FIPPA means the Freedom of Information and Protection of Privacy Act, RSBC 1996, c 165.

"Privacy Officer" means the Director, Library Experience of Vancouver Public Library as designated by the Chief Librarian under section 66 (1) of the Freedom of Information and Protection of Privacy Act.

“personal information” means recorded information about an identifiable individual including, but not limited to, information relating to an individual’s appearance and activities.

“public event” means a presentation, ceremony, performance, program or similar event at which the participants voluntarily appear and that is open to the public.

“CCTV system” refers to any mechanical, electronic or digital system or device that: (i) enables continuous or periodic CCTV or video recording, observing or monitoring of individuals, assets and/or property; and (ii) is intended to be mounted or affixed to a structure, fixture or vehicle. For greater certainty, "CCTV system" does not include cell phones with video capability, hand-held video recorders or video conferencing systems.

 

1  General Principles

All CCTV systems:

All CCTV systems must be used in accordance with the provisions of the Library’s Protection of Privacy Policy and FIPPA.

CCTV monitoring systems must not be used to monitor staff attendance or performance except as specifically permitted and authorized pursuant to this policy.  
The Chief Librarian has the overall responsibility for administration of the CCTV Systems policy.

The Director of Corporate Services and the Privacy Officer have responsibility for overseeing the CCTV Systems policy.

A Privacy Impact Assessment is required for all CCTV system installations, whether or not they collect personal information.  The Director Corporate Services and Facilities is responsible for providing the Library’s Privacy Officer with Privacy Impact Assessments for all CCTV systems.

The Privacy Officer has the primary responsibility for reviewing Privacy Impact Assessments created pursuant to this policy, ensuring that the installation complies with FIPPA requirements, and providing recommendations to the Chief Librarian. The Privacy Officer is also responsible for Freedom of Information requests related to records that the Library collects via its CCTV systems.

A log must be maintained by Security Services for the operation of the CCTV system, showing the dates and times of operation, the location and field of view of the cameras, and the position titles of those that have access to the information.

2   Privacy and Transparency

The Library will exercise a high degree of care when using CCTV systems in order to protect privacy rights.

As a general rule, FIPPA requires the Library to notify individuals when their personal information may be collected.

The public is notified of the existence and use of CCTV systems through VPL branded signage that is clearly written and prominently displayed at the entrance to all locations where a CCTV system is in operation:

“To ensure a safe and respectful environment for patrons and staff, and to prevent loss of library property, video surveillance is in use at various locations in the library. Questions – contact Director, Corporate Services and Facilities at 604-331-3761”     

Cameras will be easily visible to the public unless being used for covert surveillance for specific investigations.

3   Collection of Personal Information

Personal information must only be collected as permitted under the Library’s Protection of Privacy Policy and FIPPA.

A CCTV system that collects or may collect personal information may be used only when it is directly related to and necessary for a Library program or activity, such as maintaining the safety or security of individuals, assets or property or to maintain public safety. This means that no less intrusive method can reasonably meet the requirements of the program or activity.

If the original purpose for which a CCTV system was approved is no longer applicable or the system no longer meets the above criteria, it must be discontinued.

4    Approval

All new CCTV systems, or material changes or expansion to existing CCTV systems, must be approved in advance by the Chief Librarian.

5    Installation and Placement

Installation and placement of cameras must minimize any potential invasion of privacy. In particular, the following considerations must guide the installation and placement of video monitoring equipment:

a)    Cameras must be installed in such a way that they only monitor those areas that have been identified as requiring video monitoring.
b)    Adjustment of camera positions and field of view must be restricted, if possible, to ensure only designated areas are being monitored.
c)    Video monitoring must be restricted to those time periods when the system is serving its intended purpose, as set out in the Privacy Impact Assessment.
d)    Where operationally feasible, access to areas in which video systems may be monitored must be restricted to authorized employees.

6    Use and Disclosure

Information recorded by a CCTV system may only be used or disclosed for the purpose for which it was collected or as otherwise authorized by law.

Access requests must be made in writing to the Privacy Officer. Only the Privacy Officer, Chief Librarian or delegate may authorize disclosure of information recorded by a CCTV system. In order to enable a proper audit trail, logs must be kept of any such instance of disclosure.

The Library will not disclose personal information to third parties except in accordance with its Protection of Privacy Policy and FIPPA.

FIPPA recognizes that there are occasional circumstances where a disclosure of personal information to third parties is in accordance with an enactment of British Columbia, other than FIPPA, that authorizes or requires its disclosure and that is necessary for the protection of the health or safety of an employee or a member of the public.

Recorded information may be viewed by the Privacy Officer or delegate for the purpose of processing Freedom of Information requests under FIPPA.

Unauthorized access to, use of, or disclosure of information from a CCTV system that collects personal information is a breach of this policy.

7    Logs and audits

For each CCTV system that collects or may collect personal information, the log must also record all instances of personal information being viewed in a CCTV video recording, the start and end times viewed in the recording, the date and time of viewing, and identities of those present, and the location of the cameras.

Audits of systems that collect personal information will be conducted by the Privacy Officer on a regular basis in order to confirm compliance with FIPPA and adherence to this policy and the associated procedures. Those viewing a CCTV system must be made aware that each system is subject to random auditing and that they may be called upon to justify the method and details of use of the system.

8    Service Providers

The Director, Corporate Services and Facilities is responsible for ensuring the service provider engaged to work on a Library CCTV system is made aware of this policy and any applicable procedure and agrees to be bound by them. Service providers should also be aware of the statutory obligations imposed on service providers to public bodies.

9    System Security

The Library is responsible for securing all CCTV systems and all personal information they collect, to protect against risks such as unauthorized access, collection, use, disclosure or disposal of any personal information.

10    Reporting

The Privacy Officer will report in writing to the Library Board immediately following the investigation of any significant breaches of this policy which could materially impact an individual or the Library.

11    Data Sharing

The Library may enter into agreements to share live feeds of CCTV system video with other governmental agencies, as guided by the Protection of Privacy Policy, with prior approval of the Privacy Officer or Chief Librarian, provided that it be a condition of such an agreement that the other governmental agency not be permitted to record the CCTV system video.

12    Joint Operations

For shared facilities, the Library may share CCTV system video with third parties that participate in the operation of the facility, with prior approval of the Privacy Officer or the Chief Librarian, where a disclosure of personal information is in accordance with its Protection of Privacy Policy, FIPPA, or an enactment of British Columbia, other than FIPPA, that authorizes or requires its disclosure.

13    CCTV System Procedures

The Director, Corporate Services and Facilities, the Privacy Officer or the Chief Librarian may make and amend procedures in furtherance of and not inconsistent with this policy.

All CCTV recordings must be retained for a period of no shorter than 65 days and destroyed at the end of this retention period unless:

a)    the recorded information reveals an incident that contains personal information about an individual and the Library uses this information to make a decision that directly affects the individual, in which case the CCTV records must be retained for one year after the decision is made in accordance with the FIPPA;
 
b)    a request is made by the City of Vancouver’s Legal Services Department, Risk Management Department, Corporate Protective Services, Access to Information Department or Vancouver Police Department to preserve the recorded information on the basis that the recorded information is relevant to contemplated or current litigation, in which case the CCTV records must be retained until:

(i)    10 days after the expiry of the applicable limitation period for the commencement of a legal action, where a legal action is contemplated but no legal action is commenced;

(ii)    10 days after the expiry of the applicable appeal period, where a legal action has been commenced, the matter has been adjudicated upon by the Court or an administrative tribunal, and no appeal has been filed; or

(iii)    10 days after the settlement or other resolution of the litigation;   

c)    the Library requires the CCTV recordings to be preserved for an additional period of time in order to complete the business purpose for which the CCTV recordings were created, and the Privacy Officer or Chief Librarian has approved the written request for preservation;

d)    the Library requires the CCTV recordings to be preserved for an additional period of time in order to complete the purpose for which a disclosure of personal information to third parties was made in accordance with an enactment of British Columbia, other than FIPPA; or

e)    an individual requests access to recordings that contain their personal information, under FIPPA.

14    Breach of Policy

Complaints about breach of this policy must be made Privacy Officer who will give notice of the complaint to the Director, Corporate Services and Facilities and the Chief Librarian. The Director, or their delegate, will carry out an investigation. Where it is alleged that the breach was by an employee of the Library and an investigation is to take place, Human Resources will be notified in advance of the investigation.

After the investigation, the investigator will prepare a written report appropriate to the degree of the alleged breach.

A copy of the report will be provided to the Privacy Officer to determine the course of action in consultation with the Director, Corporate Services and Facilities and Chief Librarian.

In an appropriate case, the report may contain finding of facts, and recommendations aimed at ensuring that the policy or procedure will be followed in future.

Consequences flowing from a contravention of this Policy will be determined on a case by case basis, taking into account the relevant circumstances. However, in general:

1. Library employees who contravene this Policy may be subject to discipline up to and including termination of employment.
2. Contractors performing work or providing services on behalf of the Library who contravene this policy may be subject to termination of their contract.

Breach of this policy or of any procedure created pursuant to it by any person may result in legal proceedings, including criminal prosecution.

• Code of Conduct
• Protection of Privacy