Automatic Number Plate Recognition (ANPR) ANPR Strategy Infrastructure Development

Similar documents
Privacy Impact Assessment

Automatic Number Plate Recognition System (ANPR)

PRIVACY IMPACT ASSESSMENT CONDUCTING A PRIVACY IMPACT ASSESSMENT ON SURVEILLANCE CAMERA SYSTEMS (CCTV)

Cardiff University Security & Portering Services (SECTY) CCTV Code of Practice

This procedure sets out the usage of mobile CCTV units within Arhag.

National ANPR Standards for Policing: Part 1 Data Standards

National ANPR Standards for Policing Part 2 Infrastructure Standards

IDENTITY ASSURANCE PRINCIPLES

FIRE REDUCTION STRATEGY. Fire & Emergency Services Authority GOVERNMENT OF SAMOA April 2017

PS Mailing Services Ltd Data Protection Policy May 2018

PRIVACY IMPACT ASSESSMENT CONDUCTING A PRIVACY IMPACT ASSESSMENT ON SURVEILLANCE CAMERA SYSTEMS (CCTV)

CCTV Privacy Impact Assessment

The University of Sheffield CCTV and Body worn cameras (BWC) Privacy Impact Assessment

Policing our Roads Together

PRIVACY IMPACT ASSESSMENT CONDUCTING A PRIVACY IMPACT ASSESSMENT ON SURVEILLANCE CAMERA SYSTEMS (CCTV)

Protecting information across government

The City of Mississauga may install Closed Circuit Television (CCTV) Traffic Monitoring System cameras within the Municipal Road Allowance.

Use of Personal Mobile Phone Whilst on Duty

The University of Sheffield CCTV Privacy Impact Assessment

Audit Report. Mineral Products Qualifications Council (MPQC) 31 March 2014

Level 5 Diploma in Crime Prevention Designing Out Crime

Access to personal accounts and lawful business monitoring

OPINION ON THE DEVELOPMENT OF SIS II

Regulating Cyber: the UK s plans for the NIS Directive

NDIS Quality and Safeguards Commission. Incident Management System Guidance

ΚΕΝΤΡΟ ΜΕΛΕΤΩΝ ΑΣΦΑΛΕΙΑΣ CENTER FOR SECURITY STUDIES

INFORMATION SECURITY PRINCIPLES OF THE UNIVERSITY OF JYVÄSKYLÄ

TransLink Video Surveillance & Audio Recording Privacy Statement

GMSS Information Governance & Cyber Security Incident Reporting Procedure. February 2017

APF!submission!!draft!Mandatory!data!breach!notification! in!the!ehealth!record!system!guide.!

NATIONAL GUIDELINES ON CLOUD COMPUTING FOR GOVERNMENT, MINISTRIES, DEPARTMENTS AND AGENCIES

Grid Security Policy

Policy Title; Business Continuity Management Policy. Date Published/Reviewed; February 2018

Cyber Security Strategy

1. To provide an update on the development of the SPA Assurance Map.

Directive on Security of Network and Information Systems

MNsure Privacy Program Strategic Plan FY

INFORMATION SECURITY AND RISK POLICY

Guiding principles on the Global Alliance against child sexual abuse online

how to manage risks in those rare cases where existing mitigation mechanisms are insufficient or impractical.

Architecture and Standards Development Lifecycle

Privacy Policy. England Athletics Limited commitment to Privacy. Introduction. The information we collect about you. The information provided to us

Commercial Vehicle Mobile ANPR Policy

Audit Report. Chartered Management Institute (CMI)

NIS Directive : Call for Proposals

GRAMPIAN SCG PUBLIC COMMUNICATIONS PLAN

Level 2 Award in Understanding the Criminal Justice System (QCF) Qualification Specification

Complaints and Compliments Policy. Date Approved: 28 September Approved By: Governing Body. Ownership: Corporate Development

REPORT 2015/149 INTERNAL AUDIT DIVISION

THE STRATEGIC POLICING REQUIREMENT. July 2012

Level 3 Award in Introduction to Crime Prevention

keeping executives safe

ENISA s Position on the NIS Directive

CYBER INCIDENT REPORTING GUIDANCE. Industry Reporting Arrangements for Incident Response

Serious Organised Crime Agency Collaborative Partnership s Work! Howard Lamb SOCA e-crime

CERTIFICATION BODY (CB) APPROVAL REQUIREMENTS FOR THE IFFO RESPONSIBLE SUPPLY (IFFO RS) AUDITS AND CERTIFICATION

The GDPR and NIS Directive: Risk-based security measures and incident notification requirements

Rules for LNE Certification of Management Systems

European Code of Conduct on Data Centre Energy Efficiency

Australian/New Zealand Standard

National Business Crime Partnership Association

Post-accreditation monitoring report: British Computer Society (BCS) September 2006 QCA/06/2926

Pathways CIC Privacy Policy. Date Issued: May Date to be Reviewed: May Issued by Yvonne Clarke

Red ALERT Apparent Breach of an Unidentified Pharmacy Related Database

This Policy has been prepared with due regard to the General Data Protection Regulation (EU Regulation 2016/679) ( GDPR ).

IQ Level 4 Award in Understanding the External Quality Assurance of Assessment Processes and Practice (QCF) Specification

Stopsley Community Primary School. Data Breach Policy

Use Of Mobile Communication Devices Within Healthcare Premises Policy

Sussex Police Business Crime Strategy

Helping to Counter the Terrorist Threat using Face Recognition: Forensic Media Analysis Integrated with Live Surveillance Matching

Postal Inspection Service Mail Covers Program

OFFICIAL COMMISSIONING OF SECURITY SYSTEMS AND INFRASTRUCTURE

Information Security Strategy

COUNCIL OF THE EUROPEAN UNION. Brussels, 24 May /13. Interinstitutional File: 2013/0027 (COD)

Project Better Energy Limited s registered office is Witan Gate House, Witan Gate West, Milton Keynes, Buckinghamshire, MK9 1SH

SCHOOL SUPPLIERS. What schools should be asking!

CERTIFICATE SCHEME THE MATERIAL HEALTH CERTIFICATE PROGRAM. Version 1.1. April 2015

Ministry of Government and Consumer Services. ServiceOntario. Figure 1: Summary Status of Actions Recommended in June 2016 Committee Report

Data Protection System of Georgia. Nina Sarishvili Head of International Relations Department

Connected & Automated Vehicle Activities

THE CYBER SECURITY ENVIRONMENT IN LITHUANIA

Commercial transformation, procurement and R&D

Site Builder Privacy and Data Protection Policy

Director, Major Projects and Resilience. To: Planning and Performance Committee 6 November 2014

QCTO CERT 002/15 QCTO Certification Policy Page 2 of 14

GDPR and the Privacy Shield

THE BERKSHIRE ARCHERY COACHING GROUP PRIVACY NOTICE

PROGRAM 1 MANAGEMENT, COMMUNICATION & OPERATIONS ACTION STEPS RESPONSIBLE FREQUENCY per year

World Wide Jobs Ltd t/a Findmyexpert.com Privacy Policy 12 th April 2018

SECURE INFORMATION EXCHANGE: REFERENCE ARCHITECTURE

EUROPEAN COMMISSION DIRECTORATE-GENERAL INFORMATION SOCIETY AND MEDIA

PRIOR LEARNING ASSESSMENT AND RECOGNITION (PLAR)

STAFF REPORT. January 26, Audit Committee. Information Security Framework. Purpose:

As set out in the Hong Kong ID card, or any relevant identification document referred to in 1(g) above.

Information Technology Paul Kronberger, Chief Information Officer

Mitigation Framework Leadership Group (MitFLG) Charter DRAFT

Review of ANPR Infrastructure

MANAGEMENT ACTION FILE NOTES STANDARD OPERATING PROCEDURE (SOP)

Exam Contingency Plan

Rights of Individuals under the General Data Protection Regulation

Transcription:

Automatic Number Plate Recognition (ANPR) ANPR Strategy 2016-2020 Infrastructure Development Version 1 July 2017

Document Control Change Control Version Date Change Author 0.1 1 June 2016 Initial draft version Bill Mandeville 0.2 22 June 2016 Minor revisions Bill Mandeville 0.3 18 August 2016 Updated following consultation with ICO Bill Mandeville and RUG Chair. 0.4 13 Dec 2016 Clarification of Service Management Bill Mandeville team role in infrastructure development. 0.5 18 July 2017 Minor revisions re data controller (3.5) and Service Management responsibility (3.6) Bill Mandeville 1.0 25 July 2017 Document as approved by Strategy Board on 25.7.17 Bill Mandeville 2

1 Introduction 1.1 Strategic Objectives within the ANPR Strategy 2016-2020 (ANPR Strategy) that relate to Infrastructure Development include an intention to establish support to consistent development of infrastructure at a national level. 1.2 Important elements of the ANPR Strategy include provisions for a review of, and support to, the development of national infrastructure to: ensure that current deployments are consistent between LEA, identify any potential duplication of capability arising as a consequence of integrating local systems into a single national system, with proposals for mitigation, identify any gaps in infrastructure provision that may be mitigated by deployment of additional ANPR capability 1.3 The strategy also includes a requirement for a review of the criteria for infrastructure development to be conducted and for consideration to be given to the establishing of provisions for national approval of fixed site NRD deployments that will be in place for 1 year or more. 1.4 Consideration has been given to establishing a requirement for approval of fixed site NRD deployments that will be in place for over 1 year, with a conclusion that national approval is inappropriate but the national support to achieve the aims at 1.2 above is required. 1.5 The criteria for infrastructure development will be described within this document together with the provisions to support the development and review of long term fixed NRD deployments. 2 Criteria for Infrastructure Development 2.1 National ANPR Standards for Policing (NASP) (Part 2 Section 7) include standards to support infrastructure development. The standards provide that: ANPR NRD may only be deployed, or an LEA receive data, from ANPR systems operated by other organisations for submission to the NAS, at locations identified following a strategic assessment that identifies a need for ANPR at that location for national security or counter terrorism purposes or in order to detect, deter, and disrupt offending. Where a need is identified consideration of whether the deployment, or the receipt of ANPR data, is appropriate and proportionate in balancing protection of the public with the rights and legitimate expectations of individual privacy is also required. Strategic assessment should take account of the following factors: National Security and Counter Terrorism, Serious, Organised and Major Crime 3

Local Crime, Community Confidence and Reassurance, Crime Prevention and Reduction. 2.2 NASP also requires that a Privacy Impact Assessment (PIA) is conducted for all new planned infrastructure development with the extent of consultation, forming part of that assessment, being determined in the context of each proposal. Consultation should include all persons and organisations with a reasonable interest in the proposed development unless that would be contrary to the purpose of the development, or the deployment is covert and authorised within provisions of the Regulation of Investigatory Powers Act 2000 (RIPA). 2.3 NASP includes a requirement for the need for a Number Plate Reading (NRD) device (NRD) to be deployed at a location to be monitored and the device removed should the justification for deployment at a location cease. In addition all deployments must be reviewed at least annually taking account of the criteria at 2.1 above. 2.4 The criteria for infrastructure development detailed within NASP were developed in consultation with the Information Commissioners Office. They have been reviewed and remain appropriate to support consistency of deployment and management of infrastructure. 2.5 Whilst the criteria remain appropriate it is recognised that transparency in the application of those criteria is required to maintain public confidence and support to the use of ANPR by Law Enforcement Agencies (LEA). The factors relevant to identifying the necessity for ANPR are clearly identified (2.1 above) however guidance on the assessment of privacy considerations are not provided in the context of NRD deployments including how these should impact on assessment of the proportionality of a deployment. 2.6 Article 8(1) of the European Convention on Human Rights (ECHR) guarantees the right to respect for private and family life, home and correspondence. Under Article 8(2), interference with the right by a public authority which includes LEA must be justified as being in accordance with the law and necessary in furtherance of one or more of certain legitimate aims, which will include those listed at 2.1 above. 2.7 The use of ANPR does not generally result in the obtaining of private information. Registration plate detail is not in itself private information. A vehicle registration number plate (VRM) is a deliberately overtly displayed marker, which can be seen, and is intended to be seen. Every person who drives a car voluntarily accepts that they are likely to be capable of being linked to a particular vehicle by reference to the VRM in the context of other data, and that ANPR technology on the roads will allow LEA to determine presence of a vehicle at a location. In general road users have no reasonable expectation of privacy in relation to ANPR being able to determine their presence on the road. 2.8 Whilst in general road users have no reasonable expectation of privacy in relation of their use of a vehicle on a road, private life considerations are likely to arise if 4

several records are to be analysed together in order to establish, for example, a pattern of behaviour, or if one or more pieces of information are obtained for the purpose of making a permanent record about a person or for subsequent data processing to generate further information. The retention of read ANPR to enable later research does therefore have the potential to impact on privacy. 2.9 The attached framework is provided to assist LEA to assess the proportionality of deployment of NRD at a location taking account of privacy. (Appendix A) It is proposed that detailed guidance on the development and review of ANPR infrastructure is revised to include this matrix. 3 National Infrastructure 3.1 The ANPR Strategy includes provisions for review of and support to the development of national infrastructure and for a review to be conducted to: ensure that current deployments are consistent between LEA, identify any potential duplication of capability arising as a consequence of integrating local systems into a single national system, with proposals for mitigation, Identify any gaps in infrastructure provision that may be mitigated by deployment of additional ANPR capability. 3.2 The National ANPR Service (NAS) enables LEA and significantly police services to access data from NRD outside the boundaries of their own force area for all users in accordance with their access provisions. Access to national data was previously limited to staff who were authorised to access the National ANPR Data Centre (NADC). The NADC did not support live time matching of vehicle of interest (VOI) lists for operational response purposes. The access to NRD from outside of a force geographical boundary presents opportunity to review deployments of NRD. 3.3 Part 2 NASP (section 7.1) requires that the locations for NRD must be reviewed annually to ensure that the deployment, or receipt of data from that location remains appropriate and proportionate. The review process will be utilised to support a review of national infrastructure. 3.4 The ANPR Strategy also requires consideration to be given to national approval of deployment of NRD at a fixed site for a period of greater than 1 year. 3.5 The data controller for a NRD is the chief officer for the LEA that owns or controls the NRD that initially captures the read data, or receives data where it is using shared collection equipment, and submits the data to the National ANPR Service; it is therefore appropriate that guidance is provided to support decisions by that data controller but not for deployment to be subject to national approval. 3.6 Responsibility for managing the extent of national infrastructure and in provision of guidance to support decisions by data controllers regarding the deployment of 5

fixed site infrastructure for periods of greater than 1 year rests with Home Office ANPR Service Management. 3.7 In order for the Service Management team to meet that responsibility LEA will submit a form (Appendix B) for each current and proposed fixed site NRD that is, or is intended to be, deployed for greater than 1 year. 3.8 This will apply for all new NRD deployments that are intended to be in place for over 1 year and for others that have been deployed since 1 st April 2016, that are in place for 1 year or more. The Service Management team will advise the data controller of any information that is relevant to their decision for the deployment or continued deployment of a NRD. This will include relevant information from any national oversight arrangements and regulators. 3.9 The Service Management team will maintain an overview of fixed site NRD deployments and advise the NPCC Policing lead for ANPR of any apparent duplication in deployments, or of any deployment for which the deployment may be inconsistent with the decisions of data controllers in other LEA. 3.10 The Service Management team will identify any potential gaps in the strategic ANPR network and liaise with relevant LEA to confirm whether a pressing need for ANPR consistent with the criteria in section 2 above, arises in those that has not been previously met. 3.11 The Service Management team will support LEA in the identification of opportunities for collaboration between LEAs and with other public and private sector operators of ANPR and will assist in exploring and opportunities that are identified, as appropriate. This approach will reduce the overall number of NRDs that are deployed in some locations and reduce the costs of establishing ANPR infrastructure at those locations where it is necessary and proportionate to do so. 6

Appendix A Privacy Assessment Matrix Motorways National Security/ Counter Terrorism Serious, Organised and Major Crime Local Crime Crime Prevention and Reduction Community Confidence and Reassurance Highways England, Transport Scotland or Welsh Government managed Roads Local Authority managed Major Rural Roads Local Authority managed Major Urban Roads Local Authority managed Minor Rural Roads Local Authority managed Minor Urban Roads Crowded places eg Regional shopping centres Private car parks Code Deployment very likely to be justified Deployment likely to be justified in most cases Deployment likely to be justified in exceptional cases only 7

Appendix B Name of Law Enforcement Agency: Location of current/ Proposed NRD: Reason for Deployment Overview of Pressing Need National Security/ Counter Terrorism Serious, Organised and Major Crime Local Crime Crime Prevention and Reduction Community Confidence and Reassurance (Indicate all that apply) Summary of Strategic Assessment justifying deployment. Assessment of Privacy Impact: (Indicate extent and outcome of consultation: Description of the location including road type) Form Completed by: Date: Send to anpr@homeoffice.gsi.gov.uk with subject Infrastructure Development when complete Home Office Service Management Assessment: Deployment is appropriate within National Infrastructure - No further consideration required. Yes/No (If No data controller is to be advised of information to assist a review of new or continued deployment.) Date of Assessment: Date LEA advised: 8

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback