protect people's safety, for example from the risk of unsafe care or treatment
keep premises and property secure
help people stay safe without restricting their activities.
Open surveillance Care services are more likely to use surveillance openly (overt surveillance). Which requires the provider to tell everyone that it affects. You can do this by talking to them before you start using surveillance or by putting up clear notices. In some circumstances, you may need their consent.
Covert surveillance This is when you use hidden cameras or microphones people are not aware of. This is only likely to be appropriate in rare circumstances, if you have a pressing reason and only plan to use it for a short time. For example, you might decide to use it to identify a specific incident or allegation.
Regulations If the provider uses surveillance to help keep people safe or monitor their wellbeing, CQC will treat it as part of their care. This means it must meet the regulations under the Health and Social Care Act. But any recordings made of people also count as information about them. Collecting information about people is regulated by the Information Commissioner's Office (ICO).
Things to be carried out before commencing surveillance Before they start providers must be able to identify the purpose for using surveillance – the thing you want to achieve. The provider should:
Carry out an initial assessment
Check the right regulations
Fill in a data protection impact assessment
Carry out a needs assessment
What you should record
Records to be kept by the provider The provider must keep a record of:
your purpose for using surveillance, including how it supports people’s needs
your initial assessment
your DPIA, if you’ve completed one
what alternatives to surveillance you’ve considered.
Consultation The provider should tell people:
why they are considering surveillance (your purpose)
what type of surveillance they are thinking about using
where they are considering using it
what information they will collect
where and how they will store the information
who will have access to the information and how long will they keep it. It's best to keep a record of the process when people are consulted, along with their responses. Providers are reminded that initial consultation with people is not the same as getting consent.
People raising concerns People who use your service or their families may raise concerns about privacy. If they do, the provider must take steps to address them. The aim is to make the impact on people's privacy as small as possible.
Equipment and staff training When choosing equipment, the provider must ensure it's fit for purpose. For example, it may need to capture video at a high enough resolution that you can recognise people.
Staff training and record keeping Staff must be properly trained in handling information gathered by surveillance. To protect people’s information providers must make sure:
staff are properly trained in handling information gathered by surveillance
they have clear policies and procedures for when people ask for access to recordings, about sharing information and for complaints about surveillance
they keep a record of who has had access to the information, when and why
they have a clear policy about keeping information and recordings secure, how long you keep them for, and when and how you destroy them
if someone else (like a security company) is handling personal data on their behalf, their contract with them must set out clear rules on how they process it.