DESC DPIA and supporting information

The request was successful.

Dear Scottish Police Authority,

It is now well over a year since it was announced in the press that the Wcottish Government would bring in a new digital Evidence platform (DESC) based on Axon Technology, which sits on the Microsoft Azure Public cloud.

I would be grateful if you would provide me with the following information relating to this project and its current status from your orgnsiations perspective as a listed participant:

1 - A copy of the Data Protection Impact Assessment(s) conducted on the AXON 'Evidence.com' and digital evidence management cloud services under the terms of s64 of the Data Protection Act 2018, to include any and all of the following families of Axon services in use or planned for deployment for DESC.

Please note:
A DPIA should not in general contain any specific information of security measures requiring redaction before release, but I am aware that some Policing and Justice organisations do include this information in their DPIAs.
Reasonable redaction of such information strictly to the extent necessary to maintain the security of Police or Justice operations (if this is included in the DPIA) is acceptable.
General redaction of core information relating to relevant DPIA content required to evidence achievement against statutory obligations would however be unacceptable and should be unnecessary since its release is obviously and materially in the public interest and confirmation that public and citizen interests will be suitably protected under the law is the core function of a DPIA.

2 - A copy of the specific terms of service applied within the contract between Axon and the Authority relating to Data Protection Act Part 3; or confirmation that their standard Terms of Service have been applied without modification.

3 - Details of any sub-processor engaged by Axon as part of their DESC service delivery and the countries in which data shall or may be processed.

If element 4a below is not in place please apply element 4b - one of them should be applicable, but both cannot be:

4a - Copies of any specific diligence material, contractual terms or other undertakings from Axon and their sub-processors that they will not transfer any personal data processed for a Law Enforcement purpose by the Authority outside of the UK without the Authorities prior written and specific approval in each instance, as required under S59(7) go the Act;

OR -

4b - Copies of the guidance issued by the Authority to any officers and staff relating to the steps and procedures required by the Authority (under DPA 2018 s.77) before the upload of personal data processed for a Law Enforcement purpose to any Axon cloud services where an undertaking not to transfer the data outside of UK has not been given in contract.

5 - Copies of the communications between the authority and the ICO, and/or other professional or advisors, which informed the creation of the DPIA and/or supported decisions around the procurement or use of the Axon evidence.com related products for the processing of personal data for a Law Enforcement purpose by the Authority.

Yours faithfully,

Owen Sayers

SPA FOI, Scottish Police Authority

1 Attachment

OFFICIAL

Good morning

 

Please find attached an acknowledgement letter in regard to your FOI
request.

 

Kind regards

 

Corporate Management Team

Scottish Police Authority / Ùghdarras Poilis na h-Alba

1 Pacific Quay

Glasgow

G51 1DZ

 

Website / Làrach-lìn:  [1]www.spa.police.uk

Twitter:  @ScotPolAuth

 

show quoted sections

SPA FOI, Scottish Police Authority

2 Attachments

OFFICIAL

Good afternoon

 

Please find attached the response to your request under the Freedom of
Information (Scotland) Act 2002.

 

Kind regards

 

Corporate Management Team

Scottish Police Authority / Ùghdarras Poilis na h-Alba

1 Pacific Quay

Glasgow

G51 1DZ

 

Website / Làrach-lìn:  [1]www.spa.police.uk

Twitter:  @ScotPolAuth

 

show quoted sections

Dear SPA FOI,

Thank you for openly and fully responding to this FOI.

It is a model of transparency that others would do well to follow and I am grateful for the material provided.

You have fully and fairly met the request and I consider it wholly fulfilled. Many thanks.

Yours sincerely,

Owen Sayers