Body Worn Camera Privacy Notice

The purpose of processing audio and video data, via use of BWC devices, is to promote the safety of patients, staff and others who may access our unit and to provide an accurate account of an untoward event that may require review or investigation.

All personal data will be processed lawfully, fairly and in a transparent manner as set out in Article 6 and Article 9 of the UK-GDPR.
The lawful basis for processing is Article 6(1)(f) UK GDPR as processing is considered necessary for the purposes of the legitimate interests being pursued by the Trust.
A Legitimate Interests Assessment has been completed as part of the Trust’s preparations for the BWC pilot. The following are noted as legitimate interests:

• Protect and enhance the experience of patients, staff and others who access the ED unit by helping provide a safer and calmer environment;
• Enhance the security and the protection of Trust property/assets;
• Influence behaviour by acting as a deterrent to acts of violence and aggression and aid to de-escalate of situations should they arise;
• Enhance staff education and learning on Management and Prevention of Aggression;
• Record an independent account of what happened should adverse events arise and have footage captured with evidential value to any review or investigative process;
• Support relevant authorities in the apprehension and prosecution of offenders by enhancing the type and quality of discoverable evidence should criminal or civil action be brought.

Data obtained through the use of BWC devices will be shared, when necessary, to promote the safety and security of all patients, staff and others accessing the ED. There may be occasions where your information can be shared with other organisations without your consent, but this will only happen when it is:

• Required by law;
• Required by a court order;
• Necessary to detect or prevent crime, including allegations or suspicions of fraud;
• Necessary to protect the public from serious harm, e.g. the protection of vulnerable adults.

Where necessary, the Trust will anonymise data before sharing with others.

Data obtained with the activation of BWC devices will not be kept for longer than it is needed. This will be in accordance with the Department of Health (DoH) Good Management, Good Records Disposal Schedule 2017 (last updated 18 May 2022), which Trusts in the region follow and is a document that is accessible via the DoH website: https://www.health-ni.gov.uk/sites/default/files/publications/health/gmgr-disposal-schedule.pdf

• Data captured due to accidental activation and/or training will be marked for immediate deletion
• Data not marked for retention or where there has been no Subject Access Request, Incident or Complaint, will automatically delete after 28 calendar days (as aligned to purge of CCTV data from Trust servers).
• Data relating to an adverse incident (A2 & Evidence under N1) or Complaint (B2) will be retained for 10 years from date of last action.
• Data relating to a serious adverse incident (A4) will be retained for 20 years from date of last action.

Where an incident has resulted in litigation, records relating to the litigation will be managed as per GMGR Section on litigation (I1).

Records will be maintained for 6 years from the date of the last action on the file or settlement of the case, whichever is the later and as advised by legal advisors. NB: cases where the proceedings relate to a minor (i.e. anyone under the age of 18) records should be maintained until their 25th birthday. In cases involving a person under a disability (see definition in Part 1) records should be retained.

When it is deemed there are valuable lessons for wider team learning and development around the de-escalation of aggression and violence, BWC data may be held separately and retained for training and education purposes. In such circumstances, data will be held for a period of 8 years following the delivery of the training (J58) and the identity of the subjects captured will be masked, where possible.

The Trust take privacy seriously. Staff will only access information on a strict ‘need to know’ basis or when they are involved with you/your family during your period of care. All staff have a legal duty to keep your information safe and confidential, as does anyone who receives information about you from the Trust. In line with legislation, the Trust has a range of measures and strict standards to protect paper and electronically held information. We will not transfer your data to other countries outside the UK without an appropriate lawful basis for doing so and for there being organisation and technical security measures in place to safeguarding data in transit and at rest. As part of our risk assessments, an ICT Security and Technical Assessment was completed.

Data Protection legislation gives you the right to request copies of the personal information the Trust holds about you and a right to take action to correct any factually inaccurate information. You also have a right to take action if you feel you have suffered damage and distress due to the Trust’s use of your information. See the ICO website (link provided below) for more information about your rights under the UK General Data Protection Regulation (UK-GDPR)

You have the right to object to some or all of the information being shared with other agencies. Contact the Data Controller or Data Protection Officer as identified at the front of this document.

Under the UK-GDPR you can request access to your personal data. If you want to see the information we hold about you or ask about how we use it, you can speak to the staff currently involved with you/your family or you can request a copy of your information. Please contact the Data Controller or Data Protection Officer as identified at the start of this document to obtain further information. Requests will be responded to as quickly as possible and usually within one month; however, the UK-GDPR allows up to 3 months for providing a response to requests that may be considered complex. Generally there is no charge for copies of records except where the request is manifestly unfounded or excessive or is a repeat request. Any footage relating to a third party, may be exempt in the absence of a lawful basis to share.

If you have any concerns or queries on how your personal data is being processed you can contact the Data Controller or Data Protection Officer.
If you have further concerns about how your personal data is processed and are not satisfied with our response or believe we are not processing your personal data in accordance with the law, you can contact the Information Commissioners Office.

Information Commissioner’s Office,
Wycliffe House,
Water Lane,
Wilmslow, Cheshire, SK9 5AF
Tel: 0303 1 23 1113 or 01625 545 745
Web: https://ico.org.uk/