Use of a surveillance camera system must always be for a specified purpose which is in pursuit of a legitimate aim and necessary to meet an identified pressing need.
1. What is the problem you face and have you defined a purpose in trying to solve it? Have you set objectives in a written statement of need?
BWV is used for the purposes of (among other things):
Bringing more offenders to justice by production of evidence
Moderation of offender behaviour
Increase public confidence
Early Guilty Pleas
Reduced use of force
2. What is the lawful basis for your use of surveillance?
The college of Policing states that
"Common law provides the police with the authority to use BWV in the lawful execution of their duties, for the purpose of the prevention and detection of crime"
3. What is your justification for surveillance being necessary and proportionate?
BWV is used to record arrests and when using any policing powers, including stop and search and use of force. BWV is used to primarily to gather evidence. Officers will need to justify any decision not to record. BWV is intended for use by all officers/ employees of both Essex and Kent police forces as directed by the Chief Constables
4. Is the system being used for any other purpose other than those specified? If so please explain.
BWV is also being used in a training environment. This involves officers undertaking hypothetical scenarios while filming these events for learning purposes. BWV footage is also used for various public led panels to increase trust,transparency and boost public confidence in both forces.
5. Have you identified any areas where action is required to conform more fully with the requirements of Principle 1?
The use of a surveillance camera system must take into account its effect on individuals and their privacy, with regular reviews to ensure its use remains justified.
1. Has your organisation paid a registration fee to the Information Commissioner’s Office and informed them of the appointment of a Data Protection Officer (DPO) who reports to the highest management level within the organisation?
2. Are you able to document that any use of automatic facial recognition software or any other biometric characteristic recognition systems is necessary and proportionate in meeting your stated purpose?
3. Have you carried out a data protection impact assessment, and were you and your DPO able to sign off that privacy risks had been mitigated adequately?
Before May 2018 the requirement was to complete a privacy impact assessment; this has been replaced by a data protection impact assessment. There is a surveillance camera specific template on the Surveillance Camera Commissioner’s website:
4. Do you update your data protection impact assessment regularly and whenever fundamental changes are made to your system?
5. How have you documented any decision that a data protection impact assessment is not necessary for your surveillance activities together with the supporting rationale?
6. Have you identified any areas where action is required to conform more fully with the requirements of Principle 2?
Q2 - Not Relevant to Kent and Essex BWV - there is no facial recognition or biometric characteristic recognition used.
There must be as much transparency in the use of a surveillance camera system as possible, including a published contact point for access to information and complaints.
7. Has there been proportionate consultation and engagement with the public and partners to assess whether there is a legitimate aim and a pressing need for the system?
8. Does your Privacy Notice signage highlight the use of a surveillance camera system and the purpose for which it captures images?
9. Does your signage state who operates the system and include a point of contact for further information?
10. If your surveillance camera systems use body worn cameras, do you inform those present that images and sound are being recorded whenever such a camera is activated?
11. What are your procedures for handling any concerns or complaints?
A complaint can be made online, in person,online , in writing or through the Force Control Rooms.
If the complaint needs to be recorded by the Professional Standards Department, it will be allocated to a police officer, normally a sergeant, inspector or member of police staff, who'll either investigate it or resolve it locally.
Full guidance is contained within Full guidance is contained within Kent policy 047 and Essex Policy A900, SOP A901. Further details can be provided on request.
12. Have you identified any areas where action is required to conform more fully with the requirements of Principle 3?
Q8/9 - Q8/9 - Axon BWV cameras in both Kent and Essex have clear Hi Visibility markings on the front of the camera , the cameras are mounted at chest level to further increase visibility and are clearly marked up as "audio and video". When operating, the camera displays clear warning lights ,these indicate Red for recording and Green for buffering. There is also an clearly audible audio alert during filming or on activation of the camera.
Q10 Officers are advised where possible to verbally advise a person that filming is taking place. Operational requirements and immediate decision making, may sometimes not make this announcement possible or possible under the circumstances.
There must be clear responsibility and accountability for all surveillance camera system activities including images and information collected, held and used.
13. What governance arrangements are in place?
BWV principles are strictly adhered to. BWV is only used by specifically trained police officers/staff, who have passed the in-house training, they are also required to complete a mandatory training package (DAMS) which further outlines the legislation and correct retention and categorisation of any captured footage. As part of their ongoing training,they will be aware of their individual and collective responsibilities for the equipment and the information collected with it. Regular auditing, dip sampling and line management intervention are all in place to facilitate this. Kent and Essex police also have policy and procedure in place for the operational use of BWV.
14. Do your governance arrangements include a senior responsible officer?
15. Have you appointed a single point of contact within your governance arrangements, and what steps have you taken to publicise the role and contact details?
This is published on our BWV/DAMS intranet pages.
Digital Asset Management System (DAMS) (SharePoint.com)
Across Essex and Kent there are 4 points of contact published on the DAMS SharePoint page.
16. Are all staff aware of the roles and responsibilities relating to the surveillance camera system, including their own?
17. How do you ensure the lines of responsibility are always followed?
This is reinforced in the BWV training and BWV policy. Police Officers using BWV are under supervision from their line manager(s). Both DAMS tactical advisors and line managers are expected to make periodic dip samples of officers accounts and asset management. There are strict audit trails involved in the procedures and systems that will be used.
This can be reviewed by supervisors, and used to ensure that policy and procedures are being adhered to. DAMS has mandated metadata fields which must be completed by officers when uploading any BWV asset to the system. LPA/Division line managers are expected to inspect and check BWV footage and compliance on a regular basis.
DAMS tactical advisors are expected to inform BWV portfolio holders/leads of any breaches of policy or procedure.
18. If the surveillance camera system is jointly owned or jointly operated, is it clear what each partner organisation is responsible for and what the individual obligations are?
19. Have you identified any areas where action is required to conform more fully with the requirements of Principle 4
Clear rules, policies and procedures must be in place before a surveillance camera system is used, and these must be communicated to all who need to comply with them.
20. Do you have clear policies and procedures in place to support the lawful operation of your surveillance camera system? If so, please specify.
21. Are the rules, policies and procedures part of an induction process for all staff?
22. How do you ensure continued competence of system users especially relating to relevant operational, technical, privacy considerations, policies and procedures?
Training and policy is in place. All new recruits are trained on the use of BWV before they leave training. Policy and guidance is always available on the internal Share point pages for both organisations. Kent and Essex Police conduct reviews of training ,policies and procedures regarding the legitimate and responsible handling of data/information/evidence/assets. DAMS training is mandated for all staff.
23. Have you considered occupational standards relevant to the role of the system users, such as National Occupational Standard for CCTV operations or other similar?
24. If so, how many of your system users have undertaken any occupational standards to date?
DAMS mandated training package must be completed before use of the DAMS/BWV system. All officers are trained on the use of BWV by force trainers.
25. Do you and your system users require Security Industry Authority (SIA) licences?
26. If your system users do not need an SIA licence, how do you ensure they have the necessary skills and knowledge to use or manage the surveillance system?
Please see answer to Q22.
27. If you deploy body worn cameras, what are your written instructions as to when it is appropriate to activate BWV recording and when not?
This is all included in policy and training. A900,A901,A047.
Officers are to operate their BWV cameras in all situations where they are exercising any of their policing powers. Failure to do so must be documented at the earliest opportunity.
Examples are :When exercising any police power;
Use of force situations (where pre planned or likely to occur);
All Stop and search/accounts.
Making an arrest;
When attending domestic incidents;incidents.
The escort of any detainee in police custody or police vehicle;vehicle.
Any other situation that an officer or staff member may feel is of evidential valuevalue.
28. If you deploy surveillance cameras using drones, have you obtained either Standard Permission or Non-Standard Permission from the Civil Aviation Authority and what is your CAA SUA Operator ID Number?
29. Have you identified any areas where action is required to conform more fully with the requirements of Principle 5?
Q28 not relevant to BWV
No more images and information should be stored than that which is strictly required for the stated purpose of a surveillance camera system, and such images and information should be deleted once their purposes have been discharged.
30. How long is the period for which you routinely retain images and information, and please explain why this period is proportionate to the purpose for which they were captured?
Data collected that is not identified as evidential or meeting a policing purpose will be deleted after 60 days automatically,or 31 days is pending deletion is selected by the owner,via the DAMs system used to store the data. Data that is identified as being evidential or meeting a policing purpose will be marked as such on the system and it will then be retained and categorised accordingly.All data will be retained on a secure Digital Assets Managements (DAMS) system, not accessible by the public,except by FOI application. Sensitive data can also be marked and restricted on the system making it only available to relevant officers in the investigation in question. If an officer marks the footage to be retained, they need to indicate why,ie: the offence type and the retention category is then applied. This follows both DPIA and CPIA principles.
31. What arrangements are in place for the automated deletion of images?
The systemn is configured to automatically delete footage not marked as evidential after 31 days.
32. When it is necessary to retain images for longer than your routine retention period, are those images then subject to regular review?
33. Are there any time constraints in the event of a law enforcement agency not taking advantage of the opportunity to view the retained images?
34. Do you quarantine all relevant information and images relating to a reported incident until such time as the incident is resolved and/or all the information and images have been passed on to the enforcement agencies?
35. Have you identified any areas where action is required to conform more fully with the requirements of Principle 6?
Images/assets are not retained for longer than the necessary retention period. they are either deleted after 31 days manually, or 60 days automatically, This automated process (60 days) takes place if there is no a valid policing reason to keep the asset, or it has not been retained under the appropriate categories as evidential.
Periodic checks are carried out by DAMS tactical advisors and audits by HMICFRS.
Access to retained images and information should be restricted and there must be clearly defined rules on who can gain access and for what purpose such access is granted; the disclosure of images and information should only take place when it is necessary for such a purpose or for law enforcement purposes.
36. How do you decide who has access to the images and information retained by your surveillance camera system?
Access to the system is strictly controlled by role and DAMS access .Footage cannot be viewed or shared outside of this system, unless by an approved partner such as CPS/Coroners office. In this case the footage is shared via a secure link which allows the partner agency limited access to only the footage relevant and not all. Information can only be shared with approved partners and only for legal or audit purposes. Detailed audit logs are available for every asset that is shared of viewed from DAMs.
37. Do you have a written policy on the disclosure of information to any third party?
38. How do your procedures for disclosure of information guard against cyber security risks?
The protection of information stored in manual and electronic systems is essential to the operation of the organisation and Kent Police must demonstrate compliance with National Policing Information Risk Management Team (NPIRMT) and Community Security Policy (CSP) for any existing or proposed information processing, regardless of where it comes from.
Other industry standards are also used where appropriate to ensure the protection of personal information is a priority, FIPS-140, ISO/27001, NIST, COBIT-5 and National Cyber Security Centre standards.Electronic and digital security for new or existing systems which use or manage police information adhere to the Kent Police Baseline Security Requirement.
Organisational policy and procedures ensure the protection of police information and the controlled access to it. The design, operation, use and management of the technology must comply with statutory, regulatory, and contractual security requirements.
Technical safeguards are enforced within the Kent and Essex Police infrastructure such as firewalls, data encryption, end point detection and response solutions, protective monitoring , vulnerability detection software, segregation of data and role based authorised system access.
39. What are your procedures for Subject Access Requests where a data subject asks for copies of any images in which they appear?
Privacy Notice on Force website details show how Subject Access requests are dealt with via the Public Disclosure Team.
40. Do your procedures include publication of information about how to make a Subject Access Request, and include privacy masking capability in the event that any third party is recognisable in the images which are released to your data subject?
41. What procedures do you have to document decisions about the sharing of information with a third party and what checks do you have in place to ensure that the disclosure policy is followed?
Kent and Essex police have an overarching Information Security Policy
• Policy W1000 – Information Management. There are a number of underpinning procedures, including Information Sharing
• W1014 Procedure/SOP – Information Sharing Agreements
• W6003 Procedure/SOP – Sharing of DAMS Digital Assets.
All assets in DAMs are subject to stringent asset tracking and asset management. Breaches and unauthorised sharing are limited by the security measures in place as well as physical checks conducted by tactical advisors.
42. Have you identified any areas where action is required to conform more fully with the requirements of Principle 7?
Surveillance camera system operators should consider any approved operational, technical and competency standards relevant to a system and its purpose and work to meet and maintain those standards.
43. What approved operational, technical and competency standards relevant to a surveillance system and its purpose does your system meet?
The Axon BWV system has gone through our internal Technical Design Authority (TDA) which have also considered the BWV standards as set out by the Home Office.
44. How do you ensure that these standards are met from the moment of commissioning your system and maintained appropriately?
These standards were considered when going through the business requirements and the procurement of the system. Where we do not fully meet the requirement, e.g. having a display screen for PACE complaint interviews - this is being looked at as a immediate development by Kent and Essex. Constant research and engagement with partner forces .NPCC ,Axon make sure that we are fully complaint and up to date with the latest legislation and best practice.
45. Have you gained independent third-party certification against the approved standards?
46. Have you identified any areas where action is required to conform more fully with the requirements of Principle 8?
Q45 National Office of Biometrics certification 2022-2023
Surveillance camera system images and information should be subject to appropriate security measures to safeguard against unauthorised access and use.
47. What security safeguards exist to ensure the integrity of images and information?
All data collected by BWV is transferred on to a secure system (DAMS), which is hosted in the cloud in Microsoft Azure and is only accessible by authorised Kent and Essex employees. The public do not have any access to this system. Any access to data is recorded in an audit trail recorded by the system. It is also possible to limit access to the data (RESTRICT) to only officers identified as being involved in the investigation in question. Footage can also be sensitive or confidential.
This system is only available to police staff and is password protected, on approved police computers , not accessible by the public.
This is covered by force policy, and non compliance would be a breach of regulations and DPIA.
48. If the system is connected across an organisational network or intranet, do sufficient controls and safeguards exist?
49. How do your security systems guard against cyber security threats?
BWV is contracted to a third party supplier (Axon) who are required to implement protective monitoring to safeguard Kent and Essex Police information assets. At a local level Kent Police collaboratively share a protective monitoring facility with Essex Police which provides protection to the infrastructure and the services embedded within each Force.
50. What documented procedures, instructions and/or guidelines are in place regarding the storage, use and access of surveillance camera system images and information?
The BWV system has been accredited/assured by our information security department. This assurance included documents to be in place such as; policy, Technicals designs and Security and System operation procedures.
51. In the event of a drone mounted camera being lost from sight, what capability does the pilot have to reformat the memory storage or protect against cyber attack by remote activation?
52. In the event of a body worn camera being lost or stolen, what capability exists to ensure data cannot be viewed or exported by unauthorised persons?
The data on the cameras can only be uploaded on a Kent Police or Essex Police networked docking station and cannot be viewed by anyone without access to the system. The data stored within the camera is contained within an encrypted hard drive and cannot be extracted other than from an approved Axon Docking station. The cameras can be charged via a USB type C cable, but any activation would enable the on board GPS mapping system. To date several cameras have been stolen/lost but recovered with no data loss due to the inbuilt safeguards and non commercially available docking hardware and software.
53. In reviewing your responses to Principle 9, have you identified any areas where action is required to conform more fully with the requirements? If so, please list them below.
There should be effective review and audit mechanisms to ensure legal requirements, policies and standards are complied with in practice, and regular reports should be published.
54. How do you review your system to ensure it remains necessary and proportionate in meeting its stated purpose?
The DAMs system requires meta data to be entered to ensure that any footage retained, is only kept when lawfully required for a policing purpose. If the footage is deemed as no longer required, the category can be changed and the footage deleted. Otherwise, it will remain available for the time period assigned as per CPIA or locally agreed guidelines.
55. Have you identified any camera locations or integrated surveillance technologies that do not remain justified in meeting the stated purpose(s)?
56. Have you conducted an evaluation in order to compare alternative interventions to surveillance cameras? (If so please provide brief details)
57. How do your system maintenance arrangements ensure that it remains effective in meeting its stated purpose?
The system requires data to be entered to ensure that any footage retained, is only kept when lawfully required for a policing purpose. If the footage is deemed as no longer required, the category can be changed and the footage deleted. Otherwise, it will remain available for the time period assigned as per CPIA guidelines. Periodic checks are carried out against this framework and to ensure compliance.
58. Have you identified any areas where action is required to conform more fully with the requirements of Principle 10?
When the use of a surveillance camera system is in pursuit of a legitimate aim, and there is a pressing need for its use, it should then be used in the most effective way to support public safety and law enforcement with the aim of processing images and information of evidential value.
59. Are the images and information produced by your system of a suitable quality to meet requirements for use as evidence?
60. During the production of the operational requirement for your system, what stakeholder engagement was carried out or guidance followed to ensure exported data would meet the quality requirements for evidential purposes?
Staff were consulted from all levels of the appropriate departments, from operational front line users to Chief Officers, including Police federation and Human resources. Testing was carried out prior to the devices being purchased to ensure they were adequate. Tests were also carried out to judge the standard of competing products. Field testing has begun on replacement or alternative devices for expected delivery in 2024-2025.
61. Do you have safeguards in place to ensure the forensic integrity of the images and information, including a complete audit trail?
62. Is the information in a format that is easily exportable?
63. Does the storage ensure the integrity and quality of the original recording and of the meta-data?
64. Have you identified any areas where action is required to conform more fully with the requirements of Principle 11?
Any information used to support a surveillance camera system which compares against a reference database for matching purposes should be accurate and kept up to date.
65. What use do you make of integrated surveillance technology such as automatic number plate recognition or automatic facial recognition software?
This is not integrated with the BWV solution
66. How do you decide when and whether a vehicle or individual should be included in a reference database?
Force Policy for Kent and Essex states BWV should be used to record in the following circumstances -
You are required to start recording when it may provide evidential value or transparency in any encounter, provided it is lawful and appropriate in the circumstances.
You are required to record the following encounters:
When exercising any policing power
Use of force situations
Stop and search / account
Making an arrest
When attending domestic incidents
If you are unable to record during any of these encounters, or do not deem it appropriate in the circumstances, your rationale must be documented in your notebook or other record of the incident.
You should also consider using BWV:
If you believe you are going to be the subject of a complaint
When seizing high value items
Where damage to property may be disputed
During initial scene capture
Footage that is retained from BWV will use a reference that will be any of the following:
Stop and search reference
Storm CAD reference
In addition to the above , any person suspected or arrested for or on suspicion of committing a criminal offence will most likely have footage captured of the offence or arrest. This footage/evidence will be retained in line with CPIA/DAMS, local policy for the appropriate offence retention period and so retained within DAMS .
67. Do you have a policy in place to ensure that the information contained on your database is accurate and up to date?
68. What policies are in place to determine how long information remains in the reference database?
DAMS/CPIA/DPIA guidance as per Q54
W6004 Procedure/SOP – Review, Retention and Disposal of DAMS Digital Assets Policy W1000 – Information Management W1012 Procedure/SOP – Records Review, Retention and Disposal
69. Are all staff aware of when surveillance becomes covert surveillance under the Regulation of Investigatory Powers Act (RIPA) 2000?
70. Have you identified any areas where action is required to conform more fully with the requirements of Principle 12?
Q69 - not relevant BWV is not/should not be used for covert surveillance.
Essex and Kent Axon BWV cameras are clearly marked using high visibility front facing stickers. The use of high visibility light rings for recording and an audible recording beep also make the cameras very overt in nature.