CCTV Policy Statement

Video Information Processing Device Operation and Management Policy

1. Introduction

Mason Korea (hereinafter referred to as "MK") has established this Video Information Processing Device Operation and Management Policy in compliance with the Personal Information Protection Act (PIPA) of South Korea. This policy outlines the purposes, methods, and management practices for MK's processing of video information.

2. Basis and Purpose of Installation

In accordance with Article 25, Paragraph 1 of PIPA, MK installs and operates video information processing equipment for the following specific purposes:

  1. Facility Safety and Fire Prevention
    1. Monitor critical areas for potential safety hazards or fire risks
    2. Aid in emergency response and evacuation procedures
  2. Crime Prevention
    1. Deter potential criminal activities on campus
    2. Assist in investigations of reported incidents
  3. Protection of Property
    1. Prevent theft or damage to furniture and other property
    2. Monitor access to restricted areas
  4. Parking Lot Management
    1. Video cameras in parking areas are under the control of Incheon Global Campus (IGC)

3. Installation Details

As of September 30, 2024:

Location Number of CCTVs Scope of Recording
B1F to 7F Public Areas 63 Common areas, corridors
B1F to 7F Stairways 16 Stairway entrances and landings
Restricted Areas 3 Entry points to sensitive locations

4. Management and Access Authorization

Category Name Title Contact
Chief Privacy Officer Jeonghwan (Adrian) Kim IT Director 032.626.5300
Manager Youngmin Park IT Manager 032.626.5300

 5. Data Collection, Retention, and Processing

Recording Time Retention Period Storage Location
24 hours (motion-activated) 3 months 7F (ITS Server Room)
  • Justification for Retention Period: The 3-month retention period is necessary to allow sufficient time for incident reporting and investigation, balancing security needs with data minimization principles.
  • Processing Method:
    • All access to video information is logged, including purpose, date, and time.
    • After the retention period, data is permanently deleted using secure erasure methods.
    • Physical records, if any, are securely shredded or incinerated.

6. Data Subject Rights and Access Procedures

Individuals have the right to:

  • Access their personal video information
  • Request correction or deletion of their data
  • Object to the processing of their data
  • Data portability (where technically feasible)

To exercise these rights:

  • Contact the IT Manager (contact details in Section 4)
  • Provide identification and specify the date, time, and location of the requested footage
  • Requests will be processed within 10 working days
  • Viewing hours: 09:00 AM - 05:00 PM (weekdays). Access outside these hours is available for urgent or investigative needs.

Note: Access may be limited to protect the privacy rights of other individuals captured in the footage.

7. Security Measures

Encryption of stored video data
Access controls based on job roles and responsibilities

  • Regular security audits and vulnerability assessments
  • Physical security measures for server rooms
  • Employee training on data protection and PIPA compliance

8. Third-Party Access and International Transfers

  • Law enforcement agencies may request access to footage for legitimate investigations, subject to proper legal procedures.
  • No regular international transfers of CCTV data occur. In exceptional circumstances where transfer might be necessary, it will comply with PIPA requirements for overseas transfers of personal data.

9. Notice and Consent

Clear signage is displayed at all CCTV-monitored areas, indicating:

  • The presence of CCTV
  • The purpose of surveillance
  • Contact information for the data controller

10. Automated Decision Making

MK does not currently employ any automated decision-making processes (such as facial recognition) on CCTV footage. Any future implementation of such technologies will be subject to a Data Protection Impact Assessment and explicitly communicated to data subjects.

11. Data Protection Impact Assessment

MK conducts a Data Protection Impact Assessment (DPIA) for its CCTV system annually, or when significant changes are made to the system. The DPIA considers:

  • Necessity and proportionality of data collection
  • Risks to individuals' rights and freedoms
  • Measures to address identified risks

12. Incident Response and Breach Notification

In the event of a data breach involving CCTV footage:

  • The incident will be immediately reported to the Chief Privacy Officer.
  • Affected individuals will be notified within 24 hours if the breach is likely to result in a high risk to their rights and freedoms.
  • The incident will be reported to the Personal Information Protection Commission as required by law.

13. Regular Audits and Policy Review

  • Internal audits of CCTV operations are conducted quarterly.
  • This policy is reviewed annually or when significant changes occur in relevant laws or MK's CCTV practices.

14. Compliance & Review

Information Technology Services, Mason Korea