Privacy Impact Assessment

Transcription

1 Automatic Number Plate Recognition (ANPR) Deployments Review Of ANPR infrastructure February 2018

2 Contents 1. Overview Identifying the need for a (PIA) Screening Questions Provisions for Collection, Use and Deletion of ANPR data Privacy, related risks and evaluating the privacy solutions Consultation.. 7 A. Internal consultation.. 7 B. External consultation Current plans and outcomes Conclusion 8

3 1. Overview The strategic aim for Leicestershire Police is the proportionate use of Automatic Number Plate Recognition (ANPR) at National, Regional and Local levels in order to help detect, deter and disrupt criminality. Where necessary and proportionate to do so, ANPR delivers support to: National Security and Counter Terrorism Serious, Organised and Major Crime Lower level crime Enforcement of legislation relating to motor vehicles and their use Improved road safety Community confidence and reassurance, crime prevention and reduction ANPR also provides both additional lines of enquiry and evidence in the investigation of crime across the United Kingdom. Various parts of the infrastructure will be updated so as to retain and indeed enhance the capability of Leicestershire Police to respond to incidents of Crime and Disorder. New technologies will both reduce cost and improve performance across the Mobile and Static Network. Leicestershire Police in partnership with Leicester City Council, Leicestershire County Borough Council and Highways England install and maintain ANPR across the county (and beyond). Leicestershire Police recognise the need for this technology and understands the potential for collateral privacy intrusion on the public with the recording of the data captured by these cameras. Consideration has been given to Article 8 of the Human Rights Act (legislation.gov.uk. 2016), which is the right to a private and family life. Being a qualified right, public authorities can interfere with the private life of individuals provided that it is in accordance with the law and is necessary for the prevention of disorder or crime, in the interests of public safety or if there is a pressing social need (as is the situation with ANPR). 2. Identifying the need for a (PIA) ANPR technology is used to help detect, deter and disrupt criminality at a Local, Regional and National level tackling those that travel to commit crime as well as Organised Criminals and in support of Counter Terrorism. ANPR is a computerised system that recognises vehicle registration plates and carries out real-time comparisons of indexes against a variety of databases, including police, partnership and commercially based operations. Data stored on servers known as the Back Office Facility (BOF) includes GPS locations and pictures of the vehicle and its number plate. The recording of this personal data represents a level of collateral intrusion upon the privacy of road users. The National ANPR Standards for Policing (NASP) provide details of the criteria for deploying ANPR cameras. Cameras can only be deployed following a strategic assessment that identifies a need for ANPR as above. Where a need is identified, the camera may only be deployed if it is appropriate and proportionate in balancing the protection of the public with the rights and individual expectations of privacy. A PIA is required to show that Leicestershire Police does have a strategic and pressing social need to enhance its coverage of the road network with additional ANPR cameras.

4 3. Screening Questions 1 Will the project involve the collection of new information about individuals? Yes - Vehicle Registration Marks (VRM) will be obtained from locations not previously monitored by ANPR and therefore new information will be obtained from those locations. 2 Will the project compel individuals to provide information about themselves? Yes - The collection of VRM is automatic at the locations and therefore when an individual drives a vehicle at the new locations they could be considered as compelled to provide information as they have no choice. 3 Will information about individuals be disclosed to organisations or people who have not previously had routine access to the information? Yes - Whilst information from new locations will be disclosed it will only be disclosed to those organisations that currently have access to ANPR data in accordance with access permissions appropriate to their role. 4 Are you using information about individuals for a purpose it is not currently used for, or in a way it is not currently used? The new ANPR infrastructure will provide ANPR data for the same purposes as for the data already obtained from ANPR systems. The developments will not alter the way in which it is used. 5 Does the project involve you using new technology that might be perceived as being privacy intrusive? For example biometrics or facial recognition. ANPR is not new technology however the development of new locations increases the ability for monitoring of vehicle movements and therefore although not new technology the provision of increased capability may be perceived as privacy intrusive. 6 Will the project result in you making decisions or taking action against individuals in ways that can have a significant impact on them? Yes -The purpose of the proposed development of infrastructure is in order to detect, deter, and disrupt criminality and therefore impact significantly on those involved in such activity. 7 Is the information about individuals of a kind particularly likely to raise privacy concerns or expectations? For example, health records, criminal records or other information that people would consider to be private. ANPR data is personal data since it can be combined with other information by an LEA to provide data relating to an individual. The collection of ANPR data does raise privacy concerns.

5 8 Will the project require you to contact individuals in ways that they may find intrusive? There is no requirement to contact individuals as a result of the collection of ANPR data, however it may result in later contact in the course of an investigation. 4. Provisions for Collection, Use and Deletion of ANPR data As a vehicle passes an ANPR camera, its registration number (Vehicle Registration Mark or VRM) is read and forwarded to a local database where it is instantly checked against database records of vehicles of interest and stored to enable later research. If the number is for a vehicle of interest (VOI) details can be passed to Police Officers who can intercept and stop a vehicle, check it for evidence and, where necessary, make arrests. In addition to the read data images of the number plate (Plate Patch), and overview of the front of the car is obtained and forwarded to the local database. In addition a copy of the read data together with the plate patch is forwarded electronically to the National ANPR Data Centre (NADC) where details are also stored to enable later research. The VRM read by the ANPR camera is also checked against lists of VOI that have been placed on the NADC by other Law Enforcement Agencies (LEA). If the VRM is matched against any of those lists then the LEA submitting the list is also provided with details of the VRM read together with the time and location of the read. Data held both locally and on the NADC may be researched for investigation purposes by following clear rules described within National ANPR Standards for Policing (NASP). NASP also includes requirements for audit of access to data. These rules include user defined permissions to access data based upon a person s role and requirements for prior authorisation of searches based on the type of investigation being undertaken and the length of time that has passed since the collection of data. ANPR data is retained both locally and nationally for a period of one year before it is deleted. Rules and procedures are in place to ensure compliance with the data access and audit requirements of NASP. 5. Privacy, related risks and evaluating the privacy solutions It is accepted that ANPR data is personal data within the meaning of the Data Protection Act (DPA) 1998 (National Police Chiefs Council. 2016d). A VRM is not in itself personal data however as LEA s can access data that can link a person to a vehicle, such as the name of the registered keeper (RK), this is the personal data referred to within the meaning of the DPA. Where a vehicle is registered to a company rather than an individual, LEA s cannot directly access the personal data of a driver until an offence has been committed. Only then can the RK be required to provide details of the driver at the time off the alleged offence. Below are potential solutions to risks related to the collection of ANPR data: Solution Result Evaluation The deployment of ANPR at a location is not proportionate Assessment of Pressing Need supported by a detailed strategic assessment, decisions taken A robust assessment process for infrastructure development provides a proportionate response to the aims of the

6 following consultation and consideration of all issues. project taking account of any privacy concerns. Individuals not involved in criminal activity consider the new ANPR deployments as unjustified intrusion on their privacy. Transparency in regard to ANPR with provision of information concerning why it is needed, how it is used provide via Internet sites, written communication and trough appropriate signage. Increased awareness of how ANPR is used and the controls in place to prevent misuse will reduce concerns. Access controls in place in accordance with NASP Action taken as a result of ANPR hits from a camera may be seen as disproportionate, or the VRM may have been mis-read. Management controls in place to ensure use is in accordance with NASP. Robust process for managing lists of vehicles of interest to ensure that data for circulated vehicles remains accurate and relevant. Efficient business process will reduce the likelihood of inaccurate data and compliance with policy on use will ensure that use is proportionate. Ensure compliance with NASP for system performance. Inappropriate disclosure of data Data is only shared and accessed in accordance with NASP. Provisions for monitoring and audit of data access and use in place. Compliance with business rules provides safeguards to prevent misuse and enable the benefits from the development to be realised. Excessive data is collected ANPR is only deployed where a pressing need has been identified. The continued requirement will be reviewed in accordance with NASP. Retention and disposal of data is in accordance with NASP. eliminated Compliance with NASP ensures that data is collected and managed in accordance with agreed national standards. This should be measured against the success criteria identified at the outset, pressing need should also be kept under review Data is retained longer than necessary Compliance with NASP regarding retention and disposal of data eliminated Compliance with NASP ensures that data is collected and managed in accordance with agreed national standards.

7 Deployment will be considered disproportionate and subject to complaint to Information Commissioners Office (ICO). Compliance with national guidance for the development of ANPR infrastructure. Decisions taken following strategic assessment taking account of identified privacy concerns identified through timely consultations with appropriate groups and individuals. accepted Decisions regarding deployment are taken following proper assessment, nonetheless it is recognised that some may disagree with the decisions and the opportunity for review by the ICO is an essential safeguard. ICO may determine that deployment is inappropriate leading to sanctions. Compliance with national guidance for the development of ANPR infrastructure. Decisions taken following strategic assessment taking account of identified privacy concerns identified through timely consultations with appropriate groups and individuals. A robust development and review process reduces the likelihood of ICO review concluding that the deployment of infrastructure at a location is inappropriate. 6. Consultation Although consultation will be an ongoing part of the ANPR infrastructure process, Leicestershire Police are committed to consulting both internally and externally with our Partners and the Local Community that we serve. a. Internal consultation The ANPR Delivery Group was created by Leicestershire Police to direct, support and monitor the progress of ANPR improvements within the Force area. This aims to improve the ANPR capacity through refresh of the infrastructure and enhance its capabilities through exploitation and continuous development (including collaboration). The Delivery Group meets regularly to discuss ongoing matters relating to both Financial and Development opportunities with Leicestershire. This Group is made up the ANPR Manager, members of Information Communication Technology, analysists, Finance specialists and practical users of the systems. Meetings between the ANPR Manager and the Finance Department have ensured that the procurement of systems and services have been delivered within time, on budget and to specification. Products from various approved suppliers have also been tested to ensure that the best product is delivered within constraints applicable to the Project. Media consultation is in place and ongoing communications regarding incorporating the Leicestershire Police website will allow for further consultation with the public to acknowledge their concerns. b. External consultation To determine future sites for both permanent and mobile ANPR cameras, it is advantageous to utilise crime pattern analysis. Assessing road traffic collisions and analysing hot spots of crime and disorder may help to identify key routes and significant time periods, leading to a more accurate deployment of ANPR. Any deployment should be consistent with NASP (College of Policing. 2013).

8 Leicestershire has previously received considerable community engagement as a pre-requisite to the ongoing placement of CCTV cameras across the area. In accordance with ICO guidelines, certain areas already have CCTV signs across the major routes for public information purposes. Where applicable, consultation will have taken place at Local Policing level with interested parties and these may include Community Safety Partnerships formed out of both professional staff (such as Council, Police and Health), as well as others from the communities from which they serve. The latter has contained interested residents, representation from religious parties and those from the relevant community associations. Through such consultation, Leicestershire Police has ensured that ANPR is utilised in a way that is proportionate to the problem faced and that any potential local opposition can be identified at the outset and mitigated accordingly. It is accepted that any consultation will not eliminate every individual objection, but the process offers transparent rebuttal of any disingenuous complaint. Ongoing public engagement is welcome and the partnership will take account of any concerns raised. Leicestershire Police have amended the ANPR area of the Force s website to provide more information about ANPR and to allow for public queries and comments on our service. There are also throughout the year, community questionnaires where feedback can be given directly to the Police. 7. Current plans and outcomes The initial phase to the ANPR infrastructure will include will the upgrading of the current fixed site infrastructure with the addition of a number of new locations, Leicestershire Police currently has 176 cameras across the County. The way that we have determined the best locations for these sites is outlined within this PIA. The addition of fixed sites in Leicestershire will be proportionate in terms of the nature, size and geography of the area. Later phases of the ANPR will include a refresh of the mobile fleet of ANPR. Leicestershire Police will periodically review the placement and use of ANPR cameras in accordance with ICO guidelines and the National ANPR Standards for Policing (NASP). If deployments are no longer deemed proportionate then they will be withdrawn. 8. Conclusion PIAs are not a legal requirement of the DPA; however they are a recommended tool that will help an organisation to comply with DPA obligations and to identify and reduce the privacy risks of a project (Information Commissioner s Office. 2016). This PIA is being conducted as part of the upgrade to the ANPR infrastructure as the refresh will have an impact upon the privacy of road users. Leicestershire Police will not be using ANPR in a new way or using information in any other way than it is already used - we will only be collecting data from more locations than we currently do. ANPR is used to help detect, deter and disrupt criminality within Leicestershire and as such its primary and intended impact will be upon those involved in such activity. Access to the data recorded by ANPR is available to the police on a national level; however data protection laws and national guidelines on the use of such data are the underlying factors taken into consideration when any person requests access to the data. Information is not accessed unless there is a lawful search requirement and the use of ANPR is audited to ensure that these national guidelines are adhered to at all times. Leicestershire Police is committed to completing a PIA for any new camera locations within this Force area. These will be held internally within the Organisation due to the locations possibly being disclosed.