INDIAN INSTITUTE OF ENGINEERING SCIENCE AND TECHNOLOGY, SHIBPUR

CCTV Policy

1. Policy Statement

1.1. This policy document attempts to ensure that the Close Circuit Television (CCTV) systems, as
used at the Indian Institute of Engineering Science and Technology, Shibpur (IIEST-S) is
operated in compliance with the existing data protection act in India. It also tries to ensure that
the data are handled as per existing privacy laws of India. IIEST-S uses CCTV only where it is
necessary for a specific cause or purpose to the best of the interest of the institute and its
employees and students.
1.2. The primary aim of IIEST-S is to ensure the safety and security of its students and employees.
Hence, IIEST-S deploys CCTV to primarily achieve the following targets:
 Monitoring the safety and security of its premises (including all buildings and other
parts of the campus)
 Assist in the prevention of crime by proper and timely detection
 Assist in the prosecution of offenders through visual image based evidence
 Assist in the investigation of breach of codes by its employees, students, contractors
and any other visitor to its campus
1.3. These policies are to be reviewed by an appropriate committee, consisting of the institute
authorities (to be decided), and the Chief of Securities (for the institute). The committee will
recommend appropriate changes/additions etc, as may be felt from time to time. Such review
may take place as and when required and at least once in five years.
1.4. A dedicated team of personnel, headed by the Chief of Securities of IIEST-S, should be set up.
This team will be responsible for holding and maintaining the "CCTV Operational Requirement
Report,' which contains the operational requirements of the CCTV system.

2. Scope

2.1. This policy applies to CCTV systems, set up in all parts of the IIEST-S campus and all of its
extensions / annexe buildings, halls of residence etc.
2.2. This policy is not applicable to any Webcam systems located in meeting rooms or lecture
rooms operated by any school or department, which are used primarily to assist the use of the
audiovisual equipment.
2.3. This policy applies to all IIEST-S employees, contractors and agents, who operate or supervise
the operation of the CCTV system, including security staff, halls of residence, or any other
establishment under the direct control of IIEST-S, and the Data Protection and Information
Compliance Officer.

3. Roles and Responsibilities

3.1. The Director and the Dean (IPM) have the overall responsibilities for this policy. However, for
running day to day activities, related to the CCTV systems, responsibilities may be handed over
to the staff, identified in this document. These employees must receive appropriate training for
this purpose.
 3.2. The Dean (IPM), along with the Registrar, will have to ensure that the CCTV system, including
specification of its components (such as camera) complies with the law, as stated in clause 1.1.
For new installations, the Dean (IPM) and Registrar will assess whether a privacy impact
assessment is required or not.
3.3. Only the authorised personnel of the organisation, given the responsibility of installing the
CCTV camera and equipments, will be allowed to install and commission such systems.
Similarly, periodic maintenance contract may be signed with the original supplier or any other
suitable firm (following existent financial rules) for the maintenance of such CCTV systems.
Only authorised personnel of such appointed firms will be allowed to repair / maintain such
systems and its supporting components.
3.4. The Chief of Securities of IIEST-S, in consultation with the Dean (IPM), should identify
locations, where live and historical CCTV images can be accessed and viewed via desktop /
laptop PCs using the network software. The list of such locations and the personnel, authorised
to view such images, should be maintained by the Chief of Securities.
3.5. Changes in the use of the CCTV systems of IIEST-S can be implemented only in consultation
with the Chief of Securities of IIEST-S and the legal expert for the institute.

4. System Description

4.1. The CCTV systems installed in and around the IIEST-S campus include (but not limited to)
main entrances, car-parking spaces, courtyards, internal areas such as computer rooms,
laboratories, rooms with high value equipments, server rooms etc.
4.2. CCTV systems are not to be installed in places, where some degree of privacy is expected.
Such places may include (but not limited to) toilet, changing rooms, office-rooms of faculty-
members and administrative officials etc.
4.3. CCTV cameras are to be installed in such a way that they are not hidden from the view. Signs
must be prominently displayed to indicate to the visitors to that place that they are entering a
zone, which is under CCTV surveillance.
4.4. The contact point, indicated on the CCTV signs of IIEST-S, must be available to the public
during normal working hours. Employees staffing the contact numbers must be familiar with
this document and the procedure to be followed in case an access-request is received from a
Data Subject or a third party.

5. Covert Recording (i.e. recording which takes place without the individual's knowledge)

5.1. Such recording may be undertaken, only in exceptional circumstances, to detect an unlawful act
or some serious misconduct, only when no other less intrusive method to detect such deeds or
actions.
5.2. Such recordings will require the authorisation of the Director of IIEST-S, and in his absence the
Director-in-charge, under a request, issued by the Head of any Department or School, or the
Registrar or any Dean.
5.3. While using such recordings, only actions related to the suspected or any other equivalently
serious misconduct is to be stressed upon. Other activities or events, as appearing in the
recording, but of insignificance may be disregarded or deleted, as may be the case.
5.4. Such recordings will only continue for a limited period, as is required for the investigation, and
the recording will not be continued beyond this span of time.
6. Operating Standards

6.1. The CCTV operation will be conducted in accordance with this policy-document.
6.2. No unauthorised access to the Security Control Room will be permitted at any instant of time.
6.3. Access to the Security Control Room will be limited to the following category of personnel:
 Security Control Room Staff
 Persons (other than regular security control room staff), authorised by the Chief of
Securities
 Security Supervisor and Security Operations Manager
 Maintenance engineers
 Police officers and other representatives of law-enforcement agencies (with suitable
authorisation document to prove their requirement to access the security control room)
 Any other person with statutory powers of entry

6.4. Monitors should be strategically placed so that they are not visible from outside the Security
Control Room.
6.5. Before allowing any person inside the Security Control Room, the security staff should ensure
that the identity of the visitor is confirmed by suitable documents. The visitor will have to enter
his/her details such as (i) name, (ii) designation, (iii) department, (iv) person signing the
authorisation, (v) entry and exit times etc. In addition, record should also be kept of (vi) the
person, viewing the recorded footage, (vii) time, date and location of the footage being
reviewed, and (viii) purpose of reviewing the footage.
6.6. CCTV images and footages should be displayed only to those, who are authorised to view such
recordings, or to persons who otherwise have a right of access to them. In case such a person is
viewing the images, footages on a remote desktop / laptop PC via network software, care must
be taken to ensure that the footage is not viewed by persons not entitled to view such footages
or images. This may be done by suitably minimising the window or locking the PC etc.
6.7. The quality of the images must be as clear as possible, or at least clear enough for the purpose
intended.
6.8. Recording features, such as location of the camera, date and time etc. must be maintained.
6.9. Cameras must be positioned strategically so that the intended images are only captured in the
most effective fashion.
6.10. Cameras should also be positioned in such a way that they can be protected from acts of
vandalism (e.g. they may be placed a considerable height, well beyond the reach of normally
built persons).
6.11. Due consideration must be given to the physical condition of the location and appropriate
supporting hardware and/or software must be used to make the recording acceptable. For
example, in case there is low light, appropriate lighting arrangement should be provided.
6.12. All equipments for the CCTV systems, including storage systems and computers and cameras,
should be periodically maintained. Clear policies for such maintenance may be framed based on
existing financial and administrative rules of IIEST-S.
6.13. Suitable back up power supplies must be provided to ensure continuous recording and
monitoring (as may be applicable) by the CCTV systems.
6.14. Data are to be retained only for the period, felt necessary. Normally data may be stored for 30
days. Older data may be chronologically deleted.
6.15. In case, there is no special need to retain any data (e.g. for legal proceedings etc.), the data is to
be deleted as per the above cycle.
6.16. All CCTV images must be stored securely and reliably.
7. Data Subject Rights

7.1. Sufficiently clear recorded images are considered to be the personal data of the individuals
(data-subjects), whose images have been recorded by the CCTV systems.
7.2. Data subjects have the right to access their personal data or even have such data modified or
erased under special circumstances. In such cases, the subject(s) may have to acquire a
forwarding authorisation letter from the corresponding Head of the Department with the reason
clearly stated. Such requests may be placed to the Chief Securities Officer, who, in turn, may
discuss the same with the concerned HOD, the Dean (IPM) and/or the Registrar, for taking the
final decision in this regard.
7.3. The period of responding to a request may be extended up to two months. The Chief of
Securities of IIEST-S should inform the data-subject in writing regarding this extension within
one month of receipt of the request, by citing proper reasons.

8. Third Party Access:

8.1. Third party request for accessing the CCTV recordings may be considered for the following
category of applicants:
 Legal representative of the data-subject
 Law enforcement agencies (e.g. police)
 Disclosure by law
 HR staff and Institute authorities (e.g. Dean – student welfare, or Dean-IPM) who are
responsible for the students in case of disciplinary action or investigation is required

8.2. The third party needs to submit a letter, directed to the Dean (IPM) of IIEST Shibpur to act as
the legal representative of the data subject with proper proof of identity and a suitable
authorisation letter from the data subject. Also the reason for requiring access to the CCTV
footage should be clearly mentioned in such application.
8.3. On receiving such an application, the Dean (IPM) may instruct the Chief of Securities of
IIEST-S, who in turn may give access to the required CCTV footage to the third party.
8.4. Such disclosure must be recorded in log book and it should contain: (i) name of the applicant,
(ii) brief details of images disclosed, (iii) crime reference no. (if relevant), (iv) date and time
when such recordings were handed over.
8.5. Requests for access to images / footages for disciplinary action on students must be routed
through the Dean (Students Welfare) of IIEST-S.
8.6. Requests for access to images / footages through RTI must be as per the existing RTI rules.

9. Complaints Procedure:

9.1. Complaints on CCTV systems must be given via e-mail or writing to the Dean (IPM) within 07
days of the date of incident, giving rise to the complaint. Response is to be given to such
complaints within 01 month from the day of receipt of such complaints. Records of such
complaints received and follow-up actions taken must be maintained by the office of the Dean
(IPM) with the help of the Securities Section.
9.2. Complaints regarding the release of images should be addressed to the Dean (IPM) within three
months from the event giving rise to the complaint. If not responded to within 01 month since
the receipt of such complaint, the complaint may be re-send to the office of the Director of
IIEST-S.