University Security Camera Policy: Difference between revisions

From Appalachian State University Policy Manual
(Created page with "Policy 301.6 = Purpose = 1.1 The purpose of this policy is to ensure that individual privacy rights are protected while balancing public safety, investigating criminal activi...")
 
 
(7 intermediate revisions by 3 users not shown)
Line 1: Line 1:
Policy 301.6
Policy 301.6


= Purpose =
== Purpose ==
1.1 The purpose of this policy is to ensure that individual privacy rights are protected while balancing public safety, investigating criminal activity, mitigating institutional risk, as well as monitoring institutional assets and access control systems.
1.1 The purpose of this policy is to ensure that individual privacy rights are protected while balancing public safety, investigating criminal activity, mitigating institutional risk, as well as monitoring institutional assets and access control systems.


= Scope =
== Scope ==
2.1 This policy applies to all University property. All security cameras on Appalachian State University’s campus belong to the State of North Carolina.
2.1 This policy applies to all University property. All security cameras on Appalachian State University’s campus belong to the State of North Carolina.


= Definition =
== Definition ==
:3.1 Security Camera: an installed recording device used for the purpose of enhancing public safety.
=== Security Camera ===
:3.2 Security Camera Recording: a digital or analog recording of the security camera feed.
: An installed recording device used for the purpose of enhancing public safety.
:3.3 Security Camera System: any electronic service, software, or hardware directly supporting or deploying a security camera.
:3.4 Public Areas:  University campus areas that are used by the general public including, but not limited to, campus grounds, parking areas, building exteriors, loading docks, areas of ingress and egress, classrooms, lecture halls, study rooms, lobbies, theaters, libraries, dining halls, gymnasiums, recreation areas, and retail establishments. 
:3.5 Non-public Secure areas: University campus areas restricted to University employees, such as cash handling areas, storage areas, data centers, laboratory areas, building systems and infrastructure areas, and network/wiring closets, where employees should not have a reasonable expectation of privacy.
:3.6 Private Areas: University campus areas in which a person has a reasonable expectation of privacy, including, but not limited to, private offices, non-common areas of residence halls, bathrooms, residence hall bedrooms, shower areas, locker and changing rooms and other areas where a reasonable person might change clothes.  Additionally, areas designed for the personal comfort of University employees or the safeguarding of their possessions, such as lounges and locker rooms, and areas dedicated to medical, physical, or psychological therapy or treatment shall be considered private areas for the purpose of this policy.
:3.7 Data Trustee Executive officers of the University, designated by the Chancellor, who are responsible for data-related strategic planning and have oversight authority of Institutional Data for all organizational units and employees, under their charge, that manage and receive Institutional Data.
:3.8 Data Steward A University employee who both reports to and is designated by the Data Trustee and has the responsibility for protecting Institutional Data in accordance with IT Standards and University policies that are  consistent with directions provided by the Data Trustee. (defined in Data Governance policy)
:3.9 Data Security Officer A University employee, designated by  the Data Steward, who has been assigned operational responsibilities for maintaining technical solutions and enforcing access procedures and IT Standards related to Institutional Data. (defined in Data Governance policy)
:3.10 Information Technology (IT) Standards  Guiding principles that establish requirements and processes that provide a reliable basis for shared expectations on how the University will comply with Information Technology related University policies, as well as federal and state laws and regulations.  (defined in Information Technology Governance policy)


= Policy and Procedure Statements =
=== Security Camera Recording ===
== Security Camera Program ==
: A digital or analog recording of the security camera feed.
 
=== Security Camera System ===
: Any electronic service, software, or hardware directly supporting or deploying a security camera.
 
=== Public Areas ===
: University campus areas that are used by the general public including, but not limited to, campus grounds, parking areas, building exteriors, loading docks, areas of ingress and egress, classrooms, lecture halls, study rooms, lobbies, theaters, libraries, dining halls, gymnasiums, recreation areas, and retail establishments. 
=== Non-public Secure areas ===
: University campus areas restricted to University employees, such as cash handling areas, storage areas, data centers, laboratory areas, building systems and infrastructure areas, and network/wiring closets, where employees should not have a reasonable expectation of privacy.
=== Private Areas ===
: University campus areas in which a person has a reasonable expectation of privacy, including, but not limited to, private offices, non-common areas of residence halls, bathrooms, residence hall bedrooms, shower areas, locker and changing rooms and other areas where a reasonable person might change clothes.  Additionally, areas designed for the personal comfort of University employees or the safeguarding of their possessions, such as lounges and locker rooms, and areas dedicated to medical, physical, or psychological therapy or treatment shall be considered private areas for the purpose of this policy.
=== Data Trustee Executive ===
: Officers of the University, designated by the Chancellor, who are responsible for data-related strategic planning and have oversight authority of Institutional Data for all organizational units and employees, under their charge, that manage and receive Institutional Data.
=== Data Steward ===
: A University employee who both reports to and is designated by the Data Trustee and has the responsibility for protecting Institutional Data in accordance with IT Standards and University policies that are consistent with directions provided by the Data Trustee. (defined in Data Governance policy)
=== Data Security Officer ===
: A University employee, designated by  the Data Steward, who has been assigned operational responsibilities for maintaining technical solutions and enforcing access procedures and IT Standards related to Institutional Data. (defined in Data Governance policy)
=== Information Technology (IT) Standards ===
: Guiding principles that establish requirements and processes that provide a reliable basis for shared expectations on how the University will comply with Information Technology related University policies, as well as federal and state laws and regulations.  (defined in Information Technology Governance policy)
 
== Policy and Procedure Statements ==
=== Security Camera Program ===
:4.1.1 The Security Camera Program includes the formation of a Security Camera Oversight Committee (SCOC) and procedures and standards for security camera acquisition, registration, placement, and access to recordings. All procedures and standards must be approved by SCOC.
:4.1.1 The Security Camera Program includes the formation of a Security Camera Oversight Committee (SCOC) and procedures and standards for security camera acquisition, registration, placement, and access to recordings. All procedures and standards must be approved by SCOC.
:4.1.2 The Appalachian State University Police Chief shall have the authority to oversee and manage the Security Camera Program.  The University Police Chief is also the University Data Trustee for security camera recordings.  Information Technology Services may be delegated with the authority and responsibility to design, implement, and manage the security camera system in accordance with campus needs.
:4.1.2 The Appalachian State University Police Chief shall have the authority to oversee and manage the Security Camera Program.  The University Police Chief is also the University Data Trustee for security camera recordings.  Information Technology Services may be delegated with the authority and responsibility to design, implement, and manage the security camera system in accordance with campus needs.


== Security Camera Oversight Committee ==
=== Security Camera Oversight Committee ===
:4.2.1 The University Police Chief or designee shall serve as chairperson for the Security Camera Oversight Committee (SCOC). The chairperson shall invite Faculty, Staff, and Students to serve on this committee. The SCOC shall not exceed eleven (11) members at any given time.  
:4.2.1 The University Police Chief or designee shall serve as chairperson for the Security Camera Oversight Committee (SCOC). The chairperson shall invite Faculty, Staff, and Students to serve on this committee. The SCOC shall not exceed eleven (11) members at any given time.  
:4.2.2 The SCOC shall be responsible for:
:4.2.2 The SCOC shall be responsible for:
Line 31: Line 44:
:# Providing annual updates to the IT Executive Council (as defined in the University Information Technology Governance Policy) on the status of the Security Camera Program.
:# Providing annual updates to the IT Executive Council (as defined in the University Information Technology Governance Policy) on the status of the Security Camera Program.


== Security Camera Program Requirements ==
=== Security Camera Program Requirements ===
:4.3.1 Security Cameras must comply with expectation of privacy mandates and will only be used in Public and Non-public secure areas.  Security cameras must not be installed in or have a capability to view Private Areas.  
:4.3.1 Security Cameras must comply with expectation of privacy mandates and will only be used in Public and Non-public secure areas.  Security cameras must not be installed in or have a capability to view Private Areas.  
:4.3.2 Security Cameras must be used in a professional and ethical manner in accordance with University policy and applicable laws and shall not include audio monitoring or audio recording.  
:4.3.2 Security Cameras must be used in a professional and ethical manner in accordance with University policy and applicable laws and shall not include audio monitoring or audio recording.  
Line 38: Line 51:
:4.3.5 Security camera recordings shall only be released outside of Appalachian State University when authorized by the Chief of Police and the Office of General Counsel, and pursuant to State and Local laws.
:4.3.5 Security camera recordings shall only be released outside of Appalachian State University when authorized by the Chief of Police and the Office of General Counsel, and pursuant to State and Local laws.


== Exceptions ==
=== Exceptions ===
4.4.1 Exceptions to this policy must be approved by the University Police Chief and the Office of General Counsel.
:4.4.1 Exceptions to this policy must be approved by the University Police Chief and the Office of General Counsel.


= Related University Policies =
== Related University Policies ==
# [[Data Governance | Data Governance Policy]]
# [[Data Governance | Data Governance Policy]]
# [[Information Technology Governance Policy]]
# [[Information Technology Governance Policy]]
Line 47: Line 60:
# [[Records Retention Policy]]
# [[Records Retention Policy]]
# [[Policy Statement on the Family Educational Rights and Privacy Act of 1974, as Amended]]
# [[Policy Statement on the Family Educational Rights and Privacy Act of 1974, as Amended]]
# [[University Archives|University Archives Policy]]
# [https://security.appstate.edu/sites/security.appstate.edu/files/datamanagementstandard.pdf Data Management Standard]
# [https://security.appstate.edu/sites/security.appstate.edu/files/datamanagementstandard.pdf Data Management Standard]
# [https://security.appstate.edu/sites/security.appstate.edu/files/secure_data_handling_standard_-_v1.1_final.pdf Secure Data Handling Standard]
# [https://its.appstate.edu/sites/default/files/secure_data_handling_standard_-_v1.1_final_updated_min_sec_0.pdf Secure Data Handling Standard]
# [https://security.appstate.edu/sites/security.appstate.edu/files/riskmanagementstandard.pdf Information Security Risk Management Standard]
# [https://security.appstate.edu/sites/security.appstate.edu/files/riskmanagementstandard.pdf Information Security Risk Management Standard]
# [https://its.appstate.edu/it-governance/it-policy-standards-guidelines IT Policy, Standards and Guidelines Website]
# [https://its.appstate.edu/it-governance/it-policy-standards-guidelines IT Policy, Standards and Guidelines Website]


= Administrative Unit Contact =
== Administrative Unit Contact ==


Appalachian State University Police | 828-262-2150 | [https://police.appstate.edu/ Appalachian Police Department]
Appalachian State University Police | 828-262-2150 | [https://police.appstate.edu/ Appalachian Police Department]

Latest revision as of 14:40, 6 March 2023

Policy 301.6

Purpose

1.1 The purpose of this policy is to ensure that individual privacy rights are protected while balancing public safety, investigating criminal activity, mitigating institutional risk, as well as monitoring institutional assets and access control systems.

Scope

2.1 This policy applies to all University property. All security cameras on Appalachian State University’s campus belong to the State of North Carolina.

Definition

Security Camera

An installed recording device used for the purpose of enhancing public safety.

Security Camera Recording

A digital or analog recording of the security camera feed.

Security Camera System

Any electronic service, software, or hardware directly supporting or deploying a security camera.

Public Areas

University campus areas that are used by the general public including, but not limited to, campus grounds, parking areas, building exteriors, loading docks, areas of ingress and egress, classrooms, lecture halls, study rooms, lobbies, theaters, libraries, dining halls, gymnasiums, recreation areas, and retail establishments.

Non-public Secure areas

University campus areas restricted to University employees, such as cash handling areas, storage areas, data centers, laboratory areas, building systems and infrastructure areas, and network/wiring closets, where employees should not have a reasonable expectation of privacy.

Private Areas

University campus areas in which a person has a reasonable expectation of privacy, including, but not limited to, private offices, non-common areas of residence halls, bathrooms, residence hall bedrooms, shower areas, locker and changing rooms and other areas where a reasonable person might change clothes. Additionally, areas designed for the personal comfort of University employees or the safeguarding of their possessions, such as lounges and locker rooms, and areas dedicated to medical, physical, or psychological therapy or treatment shall be considered private areas for the purpose of this policy.

Data Trustee Executive

Officers of the University, designated by the Chancellor, who are responsible for data-related strategic planning and have oversight authority of Institutional Data for all organizational units and employees, under their charge, that manage and receive Institutional Data.

Data Steward

A University employee who both reports to and is designated by the Data Trustee and has the responsibility for protecting Institutional Data in accordance with IT Standards and University policies that are consistent with directions provided by the Data Trustee. (defined in Data Governance policy)

Data Security Officer

A University employee, designated by the Data Steward, who has been assigned operational responsibilities for maintaining technical solutions and enforcing access procedures and IT Standards related to Institutional Data. (defined in Data Governance policy)

Information Technology (IT) Standards

Guiding principles that establish requirements and processes that provide a reliable basis for shared expectations on how the University will comply with Information Technology related University policies, as well as federal and state laws and regulations. (defined in Information Technology Governance policy)

Policy and Procedure Statements

Security Camera Program

4.1.1 The Security Camera Program includes the formation of a Security Camera Oversight Committee (SCOC) and procedures and standards for security camera acquisition, registration, placement, and access to recordings. All procedures and standards must be approved by SCOC.
4.1.2 The Appalachian State University Police Chief shall have the authority to oversee and manage the Security Camera Program. The University Police Chief is also the University Data Trustee for security camera recordings. Information Technology Services may be delegated with the authority and responsibility to design, implement, and manage the security camera system in accordance with campus needs.

Security Camera Oversight Committee

4.2.1 The University Police Chief or designee shall serve as chairperson for the Security Camera Oversight Committee (SCOC). The chairperson shall invite Faculty, Staff, and Students to serve on this committee. The SCOC shall not exceed eleven (11) members at any given time.
4.2.2 The SCOC shall be responsible for:
  1. Approving and maintaining any security camera standard(s) and procedures.
  2. Conducting outreach activities and responding to campus feedback regarding the Security Camera Program.
  3. Providing annual updates to the IT Executive Council (as defined in the University Information Technology Governance Policy) on the status of the Security Camera Program.

Security Camera Program Requirements

4.3.1 Security Cameras must comply with expectation of privacy mandates and will only be used in Public and Non-public secure areas. Security cameras must not be installed in or have a capability to view Private Areas.
4.3.2 Security Cameras must be used in a professional and ethical manner in accordance with University policy and applicable laws and shall not include audio monitoring or audio recording.
4.3.3 All Security Cameras must be registered and comply with the Security Camera Program.
4.3.4 The Data Steward and Data Security Officer(s) shall make all decisions on requests to review Security Camera Recordings based on security camera procedures and standards. Security Camera Recordings shall not be analyzed or evaluated based on classifications protected by the University’s Non-Discrimination Policy.
4.3.5 Security camera recordings shall only be released outside of Appalachian State University when authorized by the Chief of Police and the Office of General Counsel, and pursuant to State and Local laws.

Exceptions

4.4.1 Exceptions to this policy must be approved by the University Police Chief and the Office of General Counsel.

Related University Policies

  1. Data Governance Policy
  2. Information Technology Governance Policy
  3. Information Security Policy
  4. Records Retention Policy
  5. Policy Statement on the Family Educational Rights and Privacy Act of 1974, as Amended
  6. Data Management Standard
  7. Secure Data Handling Standard
  8. Information Security Risk Management Standard
  9. IT Policy, Standards and Guidelines Website

Administrative Unit Contact

Appalachian State University Police | 828-262-2150 | Appalachian Police Department