Requests for CCTV Images
Public Space CCTV footage is automatically deleted after 31 days unless a request under Section 35, Data Protection Act 1998 or Subject Access Request has been made. If you have been involved in an incident (e.g. involved in a road traffic collision) within the last 31 days and wish to make a request, you will need to agree to the CCTV disclaimer and make a request under either of the following:
- Section 35 of the Data Protection Act 1998 – Requests relating to investigations and legal proceeding by Insurance Companies and Solicitors only.
- Subject Access Request – Requests by individuals for their own data (other images on CCTV footage will be obscured, to only show the requesting person). Under GDPR the £10 Subject Access Request no longer applies but reasonable fees can be charged for manifestly unfounded or excessive request.
From 1 April 2017 for Section 35, Data Protection Act 1998 requests there will be a Search and Release fee:
- Search fee: £204 +VAT
- Release fee: Up to 1 hour - £228.00 +VAT; Up to 1.5 hours - £282.00 +VAT; 2 to 8 hours - £336.00 +VAT
There are two payment processes available:
Requests are processed from point of payment, for credit card payments this will be an automatic process. BAC’s payment requests will be invoiced and a search will be undertaken upon receipt of payment. If the request is time critical please email [email protected], with the subject header ‘Urgent BAC’s payment request and your reference number’. We will contact you to confirm if a search can be conducted in advance of payment. Once you have completed the BAC’s payment process, you are committed to this request and no confirmation or acknowledgement of available footage will be confirmed until the correct fees have been received.
Section 35, Data Protection Act 1998
Persons or companies making requests under Section 35, Data Protection Act 1998 become the Data Handlers for that data once transferred. As the original data handlers and copyright owners we have a responsibility under the Data Protection Act 1998 to ensure those requesting the data are fully aware of their responsibilities under the Data Protection Act 1998 as Data Handlers and the request is justified under Section 35.
For this reason all persons or companies making request under Section 35, are required to confirm their understanding of their obligations as a Data Handler and to confirm this is a justified request under Section 35 Data Protection Act 1998, by completing a disclaimer at the end of either the online or BAC’s payment process. Failure to do so will prohibit the processing of your request. Should you wish to discuss this in advance of submitting a request, please email [email protected] with any concerns or questions and a member of staff will contact you to discuss.
Section 35, Data Protection Act 1998 permits the following:
Disclosures required by law or made in connection with legal proceedings etc.:
- Personal data are exempt from non-disclosure provisions where the disclosure is required by or under any enactment, by any rule of law or by the order of a court.
- Personal data are exempt from the non-disclosure provisions where the disclosure is necessary -
- (a) for the purpose of, or in connection with, any legal proceedings (including prospective legal proceedings), or
- (b) for the purpose of obtaining legal advice
Or is otherwise necessary for the purposes of establishing, exercising or defending legal rights.
Requesters will need to sign a disclaimer confirming they understand their responsibilities as a data handler, and provide the following incident details: date, time, location, make, model and registration of vehicles involved.
Please allow three days to process your request. Requests made 28 or more days after the incident may not be processed before the footage is automatically deleted.
Subject Access Requests
The Data Protection Act 1998 is designed to protect personal data about living individuals (data subjects). The act also places obligations on those organisations that process personal data (data controllers). As a data controller, the Royal Borough of Kingston is committed to complying with the legislation by applying the principles of good information handling across all its services.