REPORT
Rent Arbitration Board: Security Camera Surveillance Technology Policy
Committee on Information Technology (COIT)PUBLIC MEETING REVIEW DATES
COIT Meeting Date(s): March 18, 2021
BOS Approval Date: August 4, 2021
The City and County of San Francisco values the privacy and protection of San Francisco residents’ civil rights and civil liberties. As required by San Francisco Administrative Code, Section 19B, the Surveillance Technology Policy aims to ensure the responsible use of the Department’s Security Camera System itself, as well as any associated data, and the protection of members of the public who visit the Rent Board and all those who work at the Rent Board.
PURPOSE AND SCOPE
The Surveillance Technology Policy ("Policy") defines the manner in which the Security Camera System (fixed or mobile) will be used to support department operations.
This Policy applies to all department personnel that use, plan to use, or plan to secure Security Camera Systems, including employees, contractors, and volunteers. Employees, consultants, volunteers, and vendors while working on behalf of the City with the Department are required to comply with this Policy.
POLICY STATEMENT
City departments will limit their use of Security Camera to the following authorized use cases and requirements listed in this Policy.
Authorized Use(s):
- Live monitoring.
- Recording of video and images.
- Reviewing camera footage in the event of an incident.
- Providing video footage/ images to law enforcement or other authorized persons following an incident or upon request.
Prohibited use cases include any uses not stated in the Authorized Use Case section.
Departments may use information collected from security cameras only for legally authorized purposes, and may not use that information to unlawfully discriminate against people based on race, ethnicity, political opinions, religious or philosophical beliefs, trade union membership, gender, gender identity, disability status, sexual orientation or activity, or genetic and/or biometric data. Additionally, department may not use automated systems to scan footage and identify individuals based on any of the categories listed in the preceding sentence.
All data collected by surveillance cameras is the exclusive property of the City and County of San Francisco. Under no circumstance shall collected data be sold to another entity.
BUSINESS JUSTIFICATION
In support of Department operations, Security Cameras promise to help with:
| Yes or No | Benefit | Description |
N | Education | N/A |
N | Community Development | N/A |
Y | Health | Protect safety of staff, patrons, and facilities while promoting an open and welcoming environment. |
N | Environment | N/A |
Y | Criminal Justice | Review video footage after a security incident; provide video evidence to law enforcement or the public upon request by formal process, order, or subpoena. |
N | Jobs | N/A |
N | Housing | N/A |
Y | Other | Better management of city assets by leveraging remote condition assessment. Improvement of overall situational awareness. |
In addition, the following benefits are obtained:
| Yes or No | Benefit | Description |
|---|---|---|
Y | Financial Savings | Department Security Camera Systems will save on building or patrol officers. |
Y | Time Savings | Department Security Camera Systems will run 24/7, thus decreasing or eliminating building or patrol officer supervision. |
Y | Staff Safety | Security cameras help identify violations of City Employee’s Code of Conduct, Building Rules and Regulations, and City, State and Federal law and provide assurance that staff safety is emphasized and will be protected at their place of employment. |
Y | Data Quality | Security cameras run 24/7/365 so full-time staffing is not required to subsequently review footage of security incidents. Data resolution can be set by level and is currently set to high resolution. |
Y | Service Levels | Security cameras will enhance effectiveness of incident response and result in improved level of service. |
POLICY REQUIREMENTS
This Policy defines the responsible data management processes and legally enforceable safeguards required by the Department to ensure transparency, oversight, and accountability measures. Department use of surveillance technology and information collected, retained, processed or shared by surveillance technology must be consistent with this Policy; must comply with all City, State, and Federal laws and regulations; and must protect all state and federal Constitutional guarantees.
Specifications: The software and/or firmware used to operate the surveillance technology must be up to date and maintained.
Data Collection
Department shall only collect data required to execute the authorized use cases. All data collected by the surveillance technology, including PII, shall be classified according to the City's Data Classification Standard.
The surveillance technology collects some or all of the following data type(s):
| Data Type(s) | Format(s) | Classification |
|---|---|---|
Video and Images | MP4, AVI, MPEG | Level 3 |
Date and Time | MP4 or other format | Level 3 |
Geolocation data | TXT, CSV, DOCX | Level 3 |
Notification
Departments shall notify the public of intended surveillance technology operation at the site of operations through signage in readily viewable public areas. Department notifications shall identify the type of technology being used and the purpose for such collection.
Department includes the following items in its public notice:
| Yes or No | Category Included |
|---|---|
Y | Information on the surveillance technology |
Y | Description of the authorized use |
N | Type of data collected |
N | Data retention |
Y | Department identification |
Y | Contact information |
N | Persons individually identified |
Access
Prior to accessing or using data, authorized individuals receive training in system access and operation, and instruction regarding authorized and prohibited uses.
Access to live views and recorded footage is restricted to specific trained personnel. Recorded footage is accessed only in response to an incident.
Details on department staff and specific access are available in Appendix A.
Data Security
Department shall secure PII against unauthorized or unlawful processing or disclosure; unwarranted access, manipulation or misuse; and accidental loss, destruction, or damage. Surveillance technology data collected and retained by the Department shall be protected by the safeguards appropriate for its classification level(s) as defined by the National Institute of Standards and Technology (NIST) security framework 800-53, or equivalent requirements from other major cybersecurity frameworks selected by the department.
Department shall, at minimum, apply the following safeguards to protect surveillance technology information from unauthorized access and control, included misuse:
- Encryption: Data retained by the Department will be encrypted. Raw data may be retained by the Department only for the authorized use case of sharing with law enforcement or the public.
- Storage: Any use of a third-party service provider must meet City’s cyber security requirements.
- Audits: A data access log will be maintained by the Department for all Security Camera data that is processed and utilized. This log will include but is not limited to the following: date/time data was originally obtained/collected, reasons/intended use for data, department requesting data, date/time of access of raw data, outcome of data processing, as well as date processed data was delivered to users.
Data Sharing
For internal and externally shared data, shared data shall not be accessed, used, or processed by the recipient in a manner incompatible with the authorized use cases stated in this Policy. Department will endeavor to ensure that other agencies or departments that may receive data collected by their own Security Camera Systems will act in conformity with this Surveillance Technology Policy.
Department shall ensure proper administrative, technical, and physical safeguards are in place before sharing data with other CCSF departments, outside government entities, and third-party providers or vendors.
Each department that believes another agency or department receives or may receive data collected from its use of Security Cameras should consult with its assigned Deputy City Attorney regarding their response.
Before sharing data with any recipients, the Department will use the following procedure to ensure appropriate data protections are in place:
- Confirm the purpose of the data sharing aligns with the department's mission.
- Consider alternative methods other than sharing data that can accomplish the same purpose.
- Redact names, scrub faces, and ensure all PII is removed in accordance with the department's data policies.
- Review of all existing safeguards to ensure shared data does not increase the risk of potential civil rights and liberties impacts on residents.
- Evaluation of what data can be permissibly shared with members of the public should a request be made in accordance with the San Francisco's Sunshine Ordinance.
- Ensure data will be shared in a cost-efficient manner and exported in a clean, machine-readable format.
Department will comply with the California Public Records Act, the San Francisco Sunshine Ordinance, the requirements of the federal and State Constitutions, and federal and State civil procedure laws and rules.
The Department may share Security Camera footage with the following entities:
A. Internal Data Sharing:
In the event of an incident, Security Camera images may be live-streamed or shared by alternative methods to the following agencies:
- Within the operating Department
- Police
- City Attorney
- District Attorney
- Sheriff
- On request following an incident
Data sharing occurs at the following frequency:
- As needed
B. External Data Sharing:
- Other local law enforcement agencies
Data sharing occurs at the following frequency:
- As needed
Data Retention
Department may store and retain raw PII data only as long as necessary to accomplish a lawful and authorized purpose. Department data retention standards should align with how the department prepares its financial records and should be consistent with any relevant Federal Emergency Management Agency (FEMA) or California Office of Emergency Services (Cal OES) sections.
The Department's data retention period and justification are as follows:
- Security Camera data will be stored for one (1) year to be available to authorized staff for operational necessity and ready reference. If data is associated with an incident, it may be kept for longer than the standard retention period
- Justification: This retention period conforms with the available server system storage space and allows for ample time for security staff to review footage related to security incidents and/or external requests for records
Data may be stored in the following location:
| Yes or No | Storage Type |
Y | Local storage (e.g., local server, storage area network (SAN), network attached storage (NAS), backup tapes, etc.) |
Y | Department of Technology Data Center |
Y | Software as a Service Product |
Y | Cloud Storage Provider |
Data Disposal
Upon completion of the data retention period, Department shall dispose of data in the following manner:
- Automatic overwrite of all existing files when standard data retention period ends. This may take the form of a delete/reformat, wipe, overwrite of existing data, or degaussing
Training
To reduce the possibility that surveillance technology or its associated data will be misused or used contrary to its authorized use, all individuals requiring access must receive training on data security policies and procedures.
- Annual cybersecurity training (COIT Policy Link)
COMPLIANCE
Department Compliance
Department shall oversee and enforce compliance with this Policy according to the respective memorandum of understanding of employees and their respective labor union agreement.
If a Department is alleged to have violated the Ordinance under San Francisco Administrative Code Chapter 19B, Department shall post a notice on the Department’s website that generally describes any corrective measure taken to address such allegation.
Department is subject to enforcement procedures, as outlined in San Francisco Administrative Code Section 19B.8.
DEFINITIONS
- Personally Identifiable Information: Information that can be used to distinguish or trace an individual's identity, either alone or when combined with other personal or identifying information that is linked or linkable to a specific individual.
- Sensitive Data: Data intended for release on a need-to-know basis. Data regulated by privacy laws or regulations or restricted by a regulatory agency or contract, grant, or other agreement terms and conditions.
AUTHORIZATION
Section 19B.4 of the City's Administrative Code states, "It is the policy of the Board of Supervisors that it will approve a Surveillance Technology Policy ordinance only if it determines that the benefits the Surveillance Technology ordinance authorizes outweigh its costs, that the Surveillance Technology Policy ordinance will safeguard civil liberties and civil rights, and that the uses and deployments of the Surveillance Technology under the ordinance will not be based upon discriminatory or viewpoint-based factors or have a disparate impact on any community or Protected Class."
Appendix A: Department Specific Responses
1. A description of the product, including vendor and general location of technology.
The CIC system records video of the Rent Board’s lobby and entrance. In the event of an incident of theft of vandalism, RNT staff will review the recorded video to determine if it has captured the incident.
Q-See QT454-This DVR uses high-performance video processing chips and an embedded Linux operating system for quality image recording and ease of use. It utilizes numerous advanced technologies including the industry-standard H.264 codec to deliver high-quality, smooth videos and dual stream capability for remote viewing. A SATA hard-drive interface offers upgradability and VGA output allows users to connect to any standard TV or monitor for viewing.
The Lobby Cameras are used to protect against harassment, theft, safety or vandalism of the Rent Board’s lobby area, which includes publicly accessible computers and other City owned assets.
2. The specific categories and titles of individuals who are authorized by the Department to access or use the collected information
- 0961 – Department Head
3. What procedures will be put in place by which members of the public can register complaints or concerns, or submit questions about the deployment or use of a specific Surveillance Technology, and how the Department will ensure each question and complaint is responded to in a timely manner.
- The Department of Human Resources Employee Handbook addresses Employee Use of City Resources and City Computers and Data Information Systems. The Department of Technology defines CIC as a City resource.
4. Specific details on where data will be stored (local, DT, SaaS, Cloud Storage) including name of vendor and retention period.
- All data is stored locally.
5. Is a subpoena required before sharing with law enforcement?
- No