11. Data Viewing & Release
- VeriFi EIDOS Secure File Sharing (SFS) in which case the compliance manual is supplied with a 1Tb password protected, encrypted hard drive and 4 x USB Memory Cards. The use of SFS is described in SFS Training Video.
- VeriFi Hard Copy is supplied with a 1Tb password protected, encrypted hard drive, 4 x USB Memory Cards, 10 x Data Viewing & Release Management Record sheets. Instruction sheets describing how these must be completed are included.
- Legacy VeriFi Hard Copy this includes a supply of DVDs for downloading evidence and management records that will become redundant when replaced as above on the next annual site visit.
Viewing and release of data requires the following steps to be recorded either by means of the VeriFi paper based documentation or the VeriFi EIDOS SFS platform.
- Site address
- Data details (type), normally CCTV, Access Control
- Description of Incident/Activity
- Purpose of Viewing – eg Police investigation
- Data Viewed by – the name and address of the requesting organisation and the name of the person representing it
- Request Logged by – normally Security
- Viewing Authorised by – normally Facilities or Building Manager
- Description of the data viewed
- Follow up Activity – this normally relates to the release of data in which case the following steps will be required:
i. Type of Media Released
ii. Data Released to – the name and address of the requesting organisation and the name of the person signing for receipt.
iii. Archive Copy – description of how and where the archive copy is stored.
iv. Routine Archive Copy Review – you should not retain the data for longer than is necessary to achieve the purpose it was required for.
v. Erasure/Destruction of Archive – detail who approved the erasure/destruction, who carried this out and date.
- Facilities Manager
- Assistant Facilities Manager
- Centre Manager
- Building Manager
- Operations Manager
As a general rule you should only allow viewing or release of data without a formal data sharing agreement in the case of applications by:
- Police
- HSE
- HMRC
- Weights Measures (Trading Standards)
- Employees of the data controller or data processor involved in security and safety of the premises
- Individuals making a Data Subject Access Request (refer to 8.1)
- Insurance Companies acting on behalf of an insured where release is via VeriFi Secure File Sharing, otherwise it would be good practice to enter into a formal Data Sharing Agreement
The extent of retained data should should be no more than the minimum required to achieve the legitimate purpose you set out to achieve.
The period that CCTV data (including Body Worn Cameras and *ANPR) is retained for (archive period) is normally 30 days unless a longer period can be justified.
An archive period of 90 days is reasonable in the case of personal data processed by; Access Control, Visitor Logs, Asset Release Logs etc.,
At the expiry of the archive period, data that is held on portable media must be physically destroyed. In the case of electronically held data, it must be irrevocably deleted (as far as is practicable).
Archive retention of data relating to incidents that are or may be the subject of investigation shall be until notification by the investigating body that the case is closed or in the absence of such notification for a period not exceeding 7 years.
Retained data must be subject to routine review to ensure that it is not held longer than is necessary.
