ESDC Policy Security Video Surveillance Systems

The Security Video Surveillance Systems policy received Portfolio Management Board (PMB) approval on January 21, 2021 and came to effect on April 1^st, 2021.

Review Date: April 1^st, 2024 or upon request by the Chief Security Officer.

The ESDC Policy on Security Video Surveillance Systems is approved by the Chief Security Officer (CSO), who is accountable to the Deputy Minister (DM) for the effective implementation and management of the Security Program within the department.

3.1 This Policy applies to all ESDC employees, including Service Canada, the Labour Program and all other business lines managed within ESDC, as well as every person granted access to the designated workplace, regardless of the type of office.

3.2 This policy applies to all ESDC locations equipped with video surveillance cameras.

4.1 A video monitoring system is designed and intended to televise scenes that are broadcasted only to select receivers for surveillance and assessment purposes related to the monitoring of various buildings.

4.2 Video surveillance systems have proven to serve as psychological deterrents to inappropriate activities and, when linked to video recorders, serve as an aid in security incidents investigations of unauthorized access and unacceptable threatening behaviour.

4.3 Video surveillance cameras improve effectiveness by extending the range of view and together, with electronic-intrusion-detection devices, are used to assess the need for an immediate response to an alarm.

The Policy applies the Privacy Act, Part 4 of the Departmental of Employment and Social Development Act (DESDA), the TBS Policy on Government Security and affiliated legislative instruments, including laws, policies, standards, directives and technical guides ^{Footnote 1}

When deemed necessary, the CSO will refer to the Privacy Act and Canadian Charter of Rights and Freedoms alongside this policy.

• 5.1. Objective

  5.1.1 To provide assurance with regards to safety and security to employees/individuals and departmental assets where ESDC owned security surveillance systems are present.

  5.1.2 Ensure that the department's use of security video surveillance systems is used in accordance with security and privacy-related policies, standards and guidelines as well as applicable legislation and regulations.

  5.1.3 Ensure that all managers and employees are to be advised of the system and where feasible, managers must delegate an employee/individual to manage the system and respect the integrity of its intended use.

  5.1.4 As per the Privacy Act, ESDC shall inform any employees and individuals, from whom the institution collects personal information, of the purpose for which the information is being collected.

• 5.2. Expected results

  5.2.1. Support the role and mandate of the Deputy Head.

  5.2.2. The installation of the system is to act as a standard security control, applied to enhance the safety of individuals and for the protection of departmental premises and other valuable assets.

  5.2.3. The use and purpose of the security video surveillance system (SVSS) must align with departmental security-related standards and policies as well as relevant legislation and regulations.

  5.2.4. The system is not to be used for administrative purposes such as, but not limited to: monitor or record employee's performance; attendance; or other non-security-related matters.

  5.2.5. All individuals who could be recorded by a SVSS must be informed on the collection and use of personal information in accordance with article 6.2.9. of the Government of Canada's Interim Directive on Privacy Practices.

6.1. Personal information is collected under the authority of the Privacy Act, and as required under the Policy on Government Security. The conduct of video monitoring is for a limited range of activities with guidelines and appropriate signage that ensures and respects an individual's expectations of privacy to the greatest extent possible.

6.2. Part II of the Canada Labour Code makes departments responsible for the safety and health of employees at work ^{Footnote 2}

6.3. The use of video monitoring by government institutions may raise important concerns under the Privacy Act and the Canadian Charter of Rights and Freedoms.

6.4. Given that employees and individuals may have a right to a reasonable expectation of privacy in certain areas, all video monitoring and recording technology must be installed in a manner that respects this right.

6.5. No such equipment is to be or will be installed in places where the expectation of privacy is higher, such as washrooms, lunchrooms and locker rooms.

6.6. In addition, signage is to be posted and visibly displayed to inform all individuals of areas subject to video monitoring and recording.

6.7. The vast majority of video data recorded by ESDC is considered to form transitory records and therefore can be destroyed following a minimum retention period (60 days) unless required for a longer period of time (e.g., evidence, following an investigation).

• 7.1. Overt monitoring and recording

  7.1.1. Directors and Managers are invited to discuss the purpose of video monitoring/recording with employees and may wish to consult the Regional Security Office for advice and guidance.

  7.1.2. Video recording will not be used to monitor employees' work-related activities and performance.

  7.1.3. Further, Directors and Managers are encouraged to seek guidance and advice from their Regional Security Office on security systems that involve video monitoring/recording.

  7.1.4. Directors/Managers are required to consult with the Regional Security Office for any such installation and/or removal of its equipment.

  7.1.5. Under no circumstances may any videotape/media be disclosed to anyone unless authorized by the appropriate authority on Security, and Access to Information and Privacy units, or as required by law (Refer to the Standard Operating Procedures for Security Video Surveillance Footage posted on the Departmental Security page of iService).

  7.1.6. All disclosures (request or otherwise) must be reviewed and approved under the provisions of the DESDA and/or Access to Information Act by the Regional Security Office, the Chief Security Officer (CSO) unless ordered by a court or tribunal or required by law.

  7.1.7. As can be appreciated, these matters are sensitive from a privacy perspective and may lead to inquiries at the regional level.  For any questions regarding Privacy and Access considerations, contact the regional Access to Information and Privacy (ATIP) coordinator.  For any questions/concerns regarding the use of this system, requests for viewing, or for technical assistance, contact the Regional Security Office.

8.1. This policy aligns with the requirements set forth by the Treasury Board Secretariats (TBS) Policy on Government Security (PGS) and the Directive on Security Management (Appendix C, Physical Security Control).

8.2. This policy meets the Office of the Privacy Commissioners (OPC) recommendations when collecting, recording and/or storing personal information.

8.3. Appropriate signage must be compliant to the Federal Identity Program (FIP) and posted accordingly to advise individuals of the existence of the system in place.

8.4. A link to a website shall be included in the signage advising individuals where they can go to review the Privacy Notice Statement created for the department's use for the system.

• 9.1. Authorized Employee(s)/Individual(s)

  9.1.1. In accordance with security procedures, the system is not to be removed, relocated or serviced without the acknowledgement and consent of the Regional Security Office.

  9.1.2. The employee(s)/individual(s) assigned to manage the system must conduct regular checks on the equipment and software to ensure its integrity and it remains in continuous operational mode as programmed to do so.

  9.1.3. Report any issues/malfunction of the system to the Manager immediately upon discovery.

  9.1.4. Ensure to respect the need-to-know / need-to-access principle as it pertains to the purpose and use of the system as per Section 5 of this policy.

  9.1.5. Develop and maintain a Monitoring Log to record any actions/issues identified with the system and store the Log in a secure location with restricted access to only those who are required to operate the equipment (e.g. authorized employees, Regional Security Office, etc.) of those who are authorized to access, view, copy or destroy any such recordings.

• 9.2. Managers

  9.2.1. Ensure that the authorized employee(s)/individual(s) receive and maintain appropriate training to qualify on how to operate, care and manage the system and send the name(s) to the Regional Security Office for record-keeping/trouble-shooting.

  9.2.2. Ensure that the authorized employee(s)/individual(s) are advised that the recordings constitute Protected B information and aware of their roles and responsibilities for the handling, use and care of the system for the level designated.

  9.2.3. Consult with the authorized employee(s)/individual(s) to ensure that regular checks on the system, including its equipment and software, are being conducted to ensure its integrity and functionality.

  9.2.4. Ensure that any issues/malfunctions detected with the system are reported immediately to the Regional Security Office.

  9.2.5. Ensure that any requests received from third party's (e.g. law enforcement agencies, etc.), for viewing/copying of images captured on the system are reported to the Regional Security Office and the Regional Access to Information and Privacy Unit prior to any viewing or release ^{Footnote 3}

  9.2.6. Ensure that the system, and its equipment, is not dismantled/relocated, redesigned and/or removed, without consultation with, and the written authorization of, the Regional Security Office.

• 9.3 Regional Security Office

  9.3.1. Ensure that when tendering for the system, that the technician(s) holds and maintains a valid security screening level.

  9.3.2. Ensure that the terms and conditions of the contract meet the security requirements as those identified within the Interior Design Standard, Part E, Physical Security.

  9.3.3. Unless otherwise pertains to investigations or required for evidence in a court of law, ensure that the retention period of images captured does not exceed 60 days.

  9.3.4. Ensure that when the system is installed and operational, tests are conducted on all equipment and software to ensure functionality as well as to ensure that the appropriate design and placement of the camera(s) are sufficient to cover the selected area(s) intended for monitoring.

  9.3.5. Consult with site-management and obtain written confirmation from the company's technician that the system is operating as designed and that the authorized employee(s) has received appropriate training to manage the system, its equipment and software.

  9.3.6. Ensure that appropriate signage is affixed to and in evidence on main entry doors prior to any new system being made officially operational, and where systems are already in operations. Ensure that no camera(s) is installed in areas where there is an expectation of privacy (e.g. washrooms, lunchrooms, locker rooms, etc.).

  9.3.7. Ensure that any request made to view video data, is in written format and meets the Operational Guidelines processes and protocols. (Note: It is not permitted to access or view video data without the written consent/authorization of the Regional Security Office, and regional Privacy and Access to Information division.

• 10.1. Chief Security Officer

  10.1.1. The Chief Security Officer (CSO) position is the delegated authority under the Deputy Minister of ESDC for the complete security program as pertains to the Treasury Board Secretariat, Policy on Government Security (TBS, PGS).

  10.1.2. The CSO is responsible for providing security advice, guidance and direction to branches, regions and programs and establishing policies, directives, standards, best practices and guidelines to foster a secure environment that is safe for employees, clients and visitors as well as for the protection of departmental information holdings, premises and other valuable assets.

Monitoring and compliance of the requirements under this policy will be conducted on an annual basis, or sooner, to ensure that the use and integrity of this security control maintain its objective and meets and or exceeds requirements set forth by related policies, standards, guidelines, legislation and regulations.

• 12.1. Legislation

  • Access to Information Act
  • Canada Occupational Health and Safety Regulations
  • Canadian Charter of Rights and Freedoms Act
  • Criminal Code of Canada
  • Defence Production Act (DPA)
  • Departmental of Employment and Social Development Act
  • Emergency Management Act
  • Financial Administration Act (FAA)
  • Government of Canada Interim Directive on Privacy Practices
  • Labour Code Part II
  • National Archives Act
  • Office of the Privacy Commissioners
  • Official Languages Act
  • Privacy Act
  • Public Service Employment Act (PSEA)
• 12.2. Security Policies, Standards and Guidelines

  • Departmental Policy and Procedures Manual - ESDC
  • Interior Design Standards – ESDC
  • RCMP Guides: G1-024 Control of Access / G1-025 – Protection, Detection and Response
  • TBS – Policy on Government Security

Administrative Purpose

The use of personal information about an individual in a decision-making process that directly affects that individual (as defined in section 3 of the Privacy Act).

Authorized Employee/Individual

An ESDC employee/individual who has been trained on, and qualified to operate the video monitoring and recording equipment in use at an ESDC office.

Camera

Any device used to view or record light or thermal images.

Employees

All persons employed by ESDC including Service Canada and the Labour Program.

Security Incident

Any occurrence that may reasonably be expected to require further action by ESDC or that may reasonably be expected to go to court and that justifies reviewing video data. An event/security incident may include, but is not limited to, the following: assault on or hindering an employee, altercations between or involving members of the public, theft, break and enters, etc.

Individual

A person, other than an ESDC employee.(e.g. Corp of Commissionaire, technician, consultant, visitor etc.).

Investigation

A formal mandated fact-gathering process, enquiry/examination, to establish accurate information/evidence in support of an allegation made or action taken (e.g., criminal behaviour, such as, but not limited to, break and enters, threats of violence, etc.).

Monitor

Watch or electronically capture, and further defined (in the context of this policy), as a screen connected to a camera or cameras for the purpose of viewing and/or supervising ESDC operations either live or with the use of electronic assistance.

Overt Monitoring and recording

Refers to the use of cameras and recording devices that are plainly and clearly announced and/or are visible in their placement or use.

Personal information

Information, alone or in combination with other information, about an identifiable individual that is recorded in any forms defined in Section 3 of the Privacy Act.

Public

Any persons who enter into ESDC premises designed for the purpose of assisting and/or providing services in support of ESDC programs/benefits for Canadians.

Record

Any material on which video data is recorded or marked and which is capable of being read or understood by a person, a computer system or other device, regardless of medium or form meaning (as defined in section 2 of National Archives of Canada Act).

Recording

Video data that is being, or has been, captured in a record and to which may be viewed at any time following its creation, until the time of its disposal.

Transitory Record

Video records that have no enduring value to the department. They are records that are required only for a limited time to ensure the completion of a routine action or the preparation of a subsequent record but do not include records that are required to control, support or document the delivery of programs, to carry out operations, to make decisions, or to account for activities of government (as defined by Library and Archives Canada).

Video Monitoring and Recording Technology

Any device, recording medium and related technology that is used, by itself or as a unit, to view and/or record images.