11. Data Viewing & Release
- VeriFi EIDOS Secure File Sharing (SFS) in which case the compliance manual is supplied with a 1Tb password protected, encrypted hard drive and 4 x USB Memory Cards. The use of SFS is described in SFS Training Video.
- VeriFi Hard Copy is supplied with a 1Tb password protected, encrypted hard drive, 4 x USB Memory Cards, 5 x Data Viewing Logs, 5 x Data Release Logs. Instruction sheets describing how these logs must be completed are included.
Viewing and release of data requires the following steps to be recorded either by means of the VeriFi paper based documentation or the VeriFi EIDOS SFS platform.
- Site address.
- Data details (type), normally CCTV, Access Control.
- Description of Incident/Activity.
- Purpose of Viewing – eg Police investigation).
- Data Viewed by – the name and address of the requesting organisation name of the person representing it.
- Request Logged by – normally Security
- Viewing Authorised by – normally Facilities or Building Manager
- Description of the data viewed
- Follow up Activity – this normally relates to the release of data in which case the following steps will be required:]
- Type of Media Released
- Data Released to – the name and address of the requesting organisation name of the person signing for receipt.
- Archive Copy – description of how and where the archive copy is stored.
- Routine Archive Copy Review – you should not retain the data for longer than is necessary to achieve the purpose it was required for.
- Erasure/Destruction of Archive – detail who approved the erasure/destruction, who carried this out and date.
- Facilities Manager
- Assistant Facilities Manager
- Centre Manager
- Building Manager
- Operations Manager
As a general rule you should only allow viewing or release of data without a formal data sharing agreement in the case of applications by;-
- Weights Measures.
- Employees of the data controller or data processor involved in security and safety of the premises.
- Individuals making a Data Subject Access Request (refer to 8.1).
- Insurance Companies acting on behalf of an insured where release is via VeriFi Secure File Sharing, otherwise it would be good practice to enter into a formal Data Sharing Agreement.
Viewing and release of data requires the following steps to be recorded either by means of the VeriFi paper based documentation or the VeriFi EIDOS Electronic File Sharing platform.
The extent of retained data should should be no more than the minimum required to achieve the legitimate purpose you set out to achieve.
The period that CCTV data (including Body Worn Cameras and *ANPR) is retained for (archive period) is normally 30 days unless a longer period can be justified.
An archive period of 90 days is reasonable in the case of personal data processed by; Access Control, Visitor Logs, Asset Release Logs etc.,
Archive retention of data relating to incidents that are or may be the subject of investigation shall be until notification by the investigating body that the case is closed or in the absence of such notification for a period not exceeding 6 years.