REPORT
Department of Emergency Management Security Cameras Surveillance Technology Policy
Department of Emergency ManagementSurveillance Oversight Review Dates
COIT Review: Recommended on 3/18/2021
Board of Supervisor Review: Approved on 7/27/2021
The City and County of San Francisco values privacy and protection of San Francisco residents’ civil rights and civil liberties. As required by San Francisco Administrative Code, Section 19B, the Surveillance Technology Policy aims to ensure the responsible use of Department’s Security Camera System itself as well as any associated data, and the protection of City and County of San Francisco residents’ civil rights and liberties.
PURPOSE AND SCOPE
The Surveillance Technology Policy (“Policy”) defines the manner in which the Security Camera System (fixed or mobile) will be used to support department operations.
This Policy applies to all to department personnel that use, plan to use, or plan to secure Security Camera Systems, including employees, contractors, and volunteers. Employees, consultants, volunteers, and vendors while working on behalf of the City with the Department are required to comply with this Policy.
POLICY STATEMENT
City departments using this policy will limit their use of Security Camera to the following authorized use cases and requirements listed in this Policy. A full list of participating departments is available in Appendix A.
Authorized Use(s):
- Live monitoring.
- Recording of video and images in the event of an incident.
- Reviewing camera footage.
- Providing video footage/images to law enforcement or other authorized persons following an incident.
Prohibited use cases include any uses not stated in the Authorized Use Case section.
Further, processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, gender, gender identity, disability status, or an individual person’s sex life or sexual orientation, and the processing of genetic data and/or biometric data for the purpose of uniquely identifying an individual person shall be prohibited.
BUSINESS JUSTIFICATION
Resident Benefits
In support of Department operations, Security Cameras promise to help with:
| Yes or No | Benefit | Description |
|---|---|---|
N | Education | N/A |
N | Community Development | N/A |
Y | Health | Protect safety of staff, patrons, and facilities while promoting an open and welcoming environment. |
N | Environment | N/A |
Y | Criminal Justice | Review video footage after a security incident; provide video evidence to law enforcement or the public upon request by formal process, order, or subpoena. |
N | Jobs | N/A |
N | Housing | N/A |
N | Other | N/A |
Department Benefits
In addition, the following benefits are obtained:
| Yes or No | Benefit | Description |
|---|---|---|
Y | Financial Savings | Department Security Camera Systems will save on building or patrol officers. |
Y | Time Savings | Department Security Camera Systems will run 24/7, thus eliminating building or patrol officer supervision |
Y | Staff Safety | Security cameras help identify violations of Department Patron Code of Conduct and provide assurance that staff safety is emphasized and will be protected at their place of employment. |
Y | Data Quality | Security cameras run 24/7/365 so full-time staffing is not required to subsequently review footage of security incidents. Data resolution can be set by level and is currently set to high resolution. |
POLICY REQUIREMENTS
This Policy defines the responsible data management processes and legally enforceable safeguards required by the Department to ensure transparency, oversight, and accountability measures. Department use of surveillance technology and information collected, retained, processed or shared by surveillance technology must be consistent with this Policy; must comply with all City, State, and Federal laws and regulations; and must protect all state and federal Constitutional guarantees.
Specifications: The software and/or firmware used to operate the surveillance technology must be up to date and maintained.
Data Collection
Data Collection
Department shall only collect data required to execute the authorized use cases. All data collected by the surveillance technology, including PII, shall be classified according to the City's Data Classification Standard.
The surveillance technology collects some or all of the following data type(s):
| Data Type(s) | Format(s) | Classification |
|---|---|---|
Video and Images | MP4, AVI, MPEG | Level 3 |
Date and Time | MP4 or other format | Level 3 |
Geolocation data | TXT, CSV, DOCX | Level 3 |
Notification
Notification
Departments shall notify the public of intended surveillance technology operation at the site of operations through signage in readily viewable public areas. Department notifications shall identify the type of technology being used and the purpose for such collection.
Department includes the following items in its public notice:
| Yes or No | Category Included |
|---|---|
Y | Information on the surveillance technology |
Y | Description of the authorized use |
N | Type of data collected |
N | Will persons be individually identified |
N | Data retention |
N | Department identification |
Y | Contact information |
Access
Prior to accessing or using data, authorized individuals receive training in system access and operation, and instruction regarding authorized and prohibited uses.
Access to live views and recorded footage is restricted to specific trained Security and IT personnel. Recorded footage is accessed only in response to an incident.
Details on department staff and specific access are available in Appendix B.
Data Security
Department shall secure PII against unauthorized or unlawful processing or disclosure; unwarranted access, manipulation or misuse; and accidental loss, destruction, or damage. Surveillance technology data collected and retained by the Department shall be protected by the safeguards appropriate for its classification level(s) as defined by the National Institute of Standards and Technology (NIST) security framework 800-53, or equivalent requirements from other major cybersecurity framework selected by the department.
Departments shall, at minimum, apply the following safeguards to protect surveillance technology information from unauthorized access and control, including misuse:
- Encryption: Data retained by the Department will be encrypted. Raw data may be retained by the Department only for the authorized use case of sharing with law enforcement or the public.
- Audits: A data access log will be maintained by the Department for all Security Camera data that is processed and utilized. This log will include but is not limited to the following: date/time data was originally obtained/collected, reasons/intended use for data, Department requesting data, date/time of access of raw data, outcome of data processing, as well as date processed data was delivered to users.
Data Sharing
For internal and externally shared data, shared data shall not be accessed, used, or processed by the recipient in a manner incompatible with the authorized use cases stated in this Policy. Department will endeavor to ensure that other agencies or departments that may receive data collected by their own Security Camera Systems will act in conformity with this Surveillance Technology Policy.
Department shall ensure proper administrative, technical, and physical safeguards are in place before sharing data with other CCSF departments, outside government entities, and third-party providers or vendors.
Each department that believes another agency or department receives or may receive data collected from its use of Security Cameras should consult with its assigned deputy city attorney regarding their response.
Before sharing data with any recipients, the Department will use the following procedure to ensure appropriate data protections are in place:
- Confirm the purpose of the data sharing aligns with the department's mission.
- Consider alternative methods other than sharing data that can accomplish the same purpose.
- Redact names, scrub faces, and ensure all PII is removed in accordance with the department's data policies.
- Review of all existing safeguards to ensure shared data does not increase the risk of potential civil rights and liberties impacts on residents.
- Evaluation of what data can be permissibly shared with members of the public should a request be made in accordance with the San Francisco's Sunshine Ordinance.
- Ensure data will be shared in a cost-efficient manner and exported in a clean, machine-readable format.
Department will comply with the California Public Records Act, the San Francisco Sunshine Ordinance, the requirements of the federal and State Constitutions, and federal and State civil procedure laws and rules.
The Department may share Security Camera footage with the following entities:
A. Internal Data Sharing:
In the event of an incident, Security Camera images may be live-streamed or shared by alternative methods to the following agencies:
- Within the operating Department (see Appendix A for a list of departments subject to this policy)
- Police
- City Attorney
- District Attorney
- Sheriff
Data sharing occurs at the following frequency:
- As needed.
B. External Data Sharing:
- Other local police departments
Data sharing occurs at the following frequency:
- As needed.
Data Retention
Department may store and retain raw PII data only as long as necessary to accomplish a lawful and authorized purpose. Department data retention standards should be align with how the department prepares its financial records and should be consistent with any relevant Federal Emergency Management Agency (FEMA) or California Office of Emergency Services (Cal OES) sections.
The Department’s data retention period and justification are as follows:
- Security Camera data will be stored for a minimum of one (1) year to be available to authorized staff for operational necessity and ready reference. If data is associated with an incident, it may be kept for longer than the standard retention period.
- Justification: This retention period conforms with the available server system storage space and allows for ample time for security staff to review footage related to security incidents and/or external requests for records.
Data Storage
Data will be stored in the following location:
| Yes or No | Category Included |
|---|---|
Y | Local storage (e.g., local server, storage area network (SAN), network-attached storage (NAS), backup tapes, etc.) |
Y | Department of Technology Data Center |
N | Software as a Service Product |
N | Cloud Storage Provider |
Data Disposal
Upon completion of the data retention period, Department shall dispose of data in the following manner:
- Automatic overwrite of all existing files when standard data retention period ends. This may take the form of a delete/reformat, wipe, overwrite of existing data, or degaussing.
Training
To reduce the possibility that surveillance technology or its associated data will be misused or used contrary to its authorized use, all individuals requiring access must receive training on data security policies and procedures.
- Annual cybersecurity training (COIT Policy Link)
COMPLIANCE
Department shall oversee and enforce compliance with this Policy according to the respective memorandum of understanding of employees and their respective labor union agreement.
If a Department is alleged to have violated the Ordinance under San Francisco Administrative Code Chapter 19B, Department shall post a notice on the Department’s website that generally describes any corrective measure taken to address such allegation.
Department is subject to enforcement procedures, as outlined in San Francisco Administrative Code Section 19B.8.
DEFINITIONS
- Personally Identifiable Information: Information that can be used to distinguish or trace an individual's identity, either alone or when combined with other personal or identifying information that is linked or linkable to a specific individual.
- Exigent Circumstances: An emergency involving imminent danger of death or serious physical injury to any person that requires the immediate use of Surveillance Technology or the information it provides.
AUTHORIZATION
Section 19B.4 of the City's Administrative Code states, "It is the policy of the Board of Supervisors that it will approve a Surveillance Technology Policy ordinance only if it determines that the benefits the Surveillance Technology ordinance authorizes outweigh its costs, that the Surveillance Technology Policy ordinance will safeguard civil liberties and civil rights, and that the uses and deployments of the Surveillance Technology under the ordinance will not be based upon discriminatory or viewpoint-based factors or have a disparate impact on any community or Protected Class."
Appendix A: Department Specific Responses
- A description of the product, including vendor and general location of technology.
Cameras are deployed at all entry/exit points for the Combined Emergency Communications Center Building at 1011 Turk St. These include entry points and drive paths to underground parking garage, balcony space to the east face of the building, along the walkway of the west face of the building that is along Turk St, and side space area in the buffer protection zone adjacent to the REC facilities.
2. The specific categories and titles of individuals who are authorized by the Department to access or use the collected information
- 8300 SFSD, Cadet
- 8304 or 8504, SFSD Deputies
- 8306 SFSD Sr. Deputy
- 8308 SFSD, Sergeant
- 1842 DEM, Facility Manager
- 1093 DEM IT Administrator
Access to the system is through designated PC workstations with the appropriate manufacturer proprietary client software. The software requires an assigned User ID and Credential/password before accessing the video. Permissions to export the video are provided on individual account settings.
3. What procedures will be put in place by which members of the public can register complaints or concerns, or submit questions about the deployment or use of a specific Surveillance Technology, and how the Department will ensure each question and complaint is responded to in a timely manner.
DEM has the Custodian of Records function that allows the public to seek access to the cameras, or to register complaints or concerns. DEM’s external affairs divisions handles public questions or concerns, including Sunshine Requests.
4. Specific details on where data will be stored (local, DT, SaaS, Cloud Storage) including name of vendor and retention period.
There is currently a total of 28 cameras which most of them are fix point focus and 6 pan-tilt-zoom (PTZ) cameras. The video is recorded across two on-premise video servers converting the analog video to digital file format utilizing video management software from Exacqvision.
5. Is a subpoena required before sharing with law enforcement?
- No