A public body that collects personal information in accordance with Section 26 of the Act using a video surveillance system is obligated to notify individuals affected under Section 27(2) of the Act, which states:
27(2) A public body must tell an individual from whom it collects personal information:The following is suggested wording for use in building signage:
(a) the purpose for collecting it
(b) the legal authority for collecting it, and
(c) the title, business address and business telephone number of an officer or employee of the public body who can answer the individual's questions about the collection.
"This area is monitored by video surveillance cameras. For furtherAlthough Section 27(2) sets out requirements to notify individuals of the collection of personal information, there are instances where notification would defeat the purpose for which the information is being collected (e.g., investigation of criminal activities). The only exceptions to the requirement set out under Section 27(2) to notify individuals of the presence and purpose of a video surveillance system are noted in Section 27(3) of the Act, which states:
Contact Telephone Number."
27(3) Subsection (2) does not apply if:
(a) the information is about law enforcement or anything referred to in section 15(1) or (2), or
(b) the minister responsible for this Act excuses a public body from complying with it because doing so would
(i) result in the collection of inaccurate information, or
(ii) defeat the purpose or prejudice the use for which the information is collected.
11. Implementing video surveillance systems
Section 69 of the Act states that it is mandatory for a ministry to conduct a PIA on any existing or planned video surveillance system:
69(1) In this section :A public body that implements a video surveillance system to deter crime, protect the safety of members of the public and employees, or meet operational requirements must conduct a Privacy Impact Assessment to evaluate the privacy implications of the proposed video surveillance system and to ensure that security requirements are met in the least intrusive manner possible. A public body that is intending to implement a video surveillance system should contact either the director or manager of information and privacy or the Privacy and Legislation Branch, Ministry of Management Services for assistance and guidance in conducting the Privacy Impact Assessment.
Privacy impact assessment means an assessment that is conducted to determine if a new enactment, system, project or program meets the requirements of Part 3 of this Act.
The head of a ministry must conduct a privacy impact assessment and prepare an information sharing agreement in accordance with the directions of the minister responsible for this Act.
The decision on whether a video surveillance system is appropriate for the security requirements of a public body is based on a Security Threat and Risk Assessment (STRA). Contact the Risk Management Branch, Ministry of Finance for more information on conducting an STRA. Public bodies should consult Treasury Board's Government Management Operating Policy (GMOP) Chapter 10 - Security, for more information on developing a security management program.
12. Camera location, operation and control
Public bodies should ensure that the location, operation and control of any video surveillance system meet their security requirements. In addition, public bodies should restrict the collection of personal information in surveillance to those purposes identified in Section 26 of the Act. Within the appropriate context of those purposes, public bodies should also take into consideration whether the surveillance is a necessary and viable deterrent. Access to the operation and control of any video surveillance system should be restricted to designated staff only.
13. Operational times
In cases where video surveillance has been put in place to deal with a threat to security of individuals, assets and property, public bodies might consider the appropriateness of filming only at times when there is a higher likelihood of a threat of security to individuals, assets and property.
14. Audits and reviews
Public bodies should conduct follow-up privacy impact assessments on their use of video surveillance on a regular basis in order to confirm adherence to policies and procedures and compliance with the Act. Public bodies must advise all camera operators that the system is subject to audit and that they may be called upon to justify the method of surveillance to a member of the public or an employee of the public body.
Public bodies must be aware that, under the authority of Section 42(1)(a) of the Act, the Office of the Information and Privacy Commissioner may conduct periodic audits of the public body's video surveillance system.
Public bodies that are using video surveillance technology are required to comply with the provisions of the Act. Consultation should take place with the public body's security officers and directors or managers of information and privacy prior to implementing and administering a video surveillance system. The director or manager of information and privacy will be able to provide assistance and guidance to ensure the requirements of the Act are being met. The Privacy and Legislation Branch (the central agency responsible for freedom of information and protection of privacy) is also available to provide corporate policy advice and interpretation of the provisions under the Act.