ICO Data Protection Audit

The request was partially successful.

Dear Sirs,

FREEDOM OF INFORMATION (SCOTLAND) ACT 2002
REQUEST FOR INFORMATION

Pursuant to the general right of access to information contained in the Freedom of Information (Scotland) Act 2002 I request from the Chief Constable of the Police Service of Scotland the following information:

(a) the full content of the ICO's report following their recent consensual data protection audit of the Police Service of Scotland; and
(b) the full content of any action plans (or similar) that have been produced by the Police Service of Scotland pertaining to any issues identified within the ICO's report.

I look forward to receiving a substantive response on behalf of the Chief Constable within the statutory twenty working days.

Yours faithfully,

Alistair P Sloan

FOI, Police Scotland

NOT PROTECTIVELY MARKED
Good Afternoon.

Your request has been received and a response should be issued within 20 working days.

Thank you.

Steven.

show quoted sections

FOI Glasgow, Police Scotland

NOT PROTECTIVELY MARKED
Good afternoon

I would advise that Police Scotland are unable to provide you with the requested information within the statutory timescale. The information you have requested is currently being collated from business areas.

I can assure you that every effort will be made to ensure that an approriate response will be made as soon as possible.

If you have any queries, please contact me at the number below.

Kind regards

Information Management
Police Scotland
Clyde Gateway
2 French Street
Dalmarnock
Glasgow
G40 4EH

01786 895867

show quoted sections

Dear Sirs,

FREEDOM OF INFORMATION (SCOTLAND) ACT 2002
REQUIREMENT FOR REVIEW

I refer to my request for information dated 21 December 2016 concerning the ICO's data protection audit of the Police Service of Scotland. It would appear that I have yet to receive a response to that request for information and note that 34 working days have now elapsed since the request for information was recieved by the Police Service of Scotland. I therefore now require that the Chief Constable of the Police Service of Scotland conducts an internal review of its handling of the request for information and provides me with a response to my request for information in terms of Section 21(4)(c) of the Freedom of Information (Scotland) Act 2002.

I look forward to receiving the review response on behalf of the Chief Constable of the Police Service of Scotland.

Yours faithfully,
Alistair P Sloan

Dawn McCrea, Police Scotland

NOT PROTECTIVELY MARKED

Good morning

 

I would like to confirm we have received your request for a review  of FOI
2016-2891

 

You will receive a response within 20 working days.

 

Kind Regards

 

 

Information Management

Police Scotland, Clyde Gateway
2 French Street
Dalmarnock
Glasgow
G40 4EH

01786 895867

 

 

 

show quoted sections

FOI Glasgow, Police Scotland

3 Attachments

NOT PROTECTIVELY MARKED
Good afternoon

Attached is the Service response to your information request.

Kind Regards
Information Management
Police Scotland, Clyde Gateway
2 French Street
Dalmarnock
Glasgow
G40 4EH
01786 895867

show quoted sections

Doug Paulley left an annotation ()

On Tuesday, March 21, 2017 the Police Force contacted WhatDoTheyKnow to note that their attempted redaction of the ICO data protection audit report had been technically deficient such that the redacted names could be retrieved by copying and pasting. They requested that the document be removed from our website.

On behalf of WhatDoTheyKnow, I asked for details as to why our continued publication of this information is problematic. I/we were unconvinced that it was problematic for us to continue to publish the document and so refused to do so.

On 22nd May, the ICO emailed WhatDoTheyKnow to state that they considered our continued publication of this document was contrary to our obligations under the Data Protection Act. We objected, noting that the names, and roles, in question are the Head of Information Management at Police Scotland, the Lead Auditors and Auditor Managers at the ICO and the police's records/information managers and a Chief Inspector responsible for Information Management. We stated that we do not believe that these individuals had a legitimate expectation that their names would not be released, that the integrity of the communications and the report are important and that we therefore requested the ICO retract their request.

Following repeated emails back and forth to discuss the issue, the ICO conducted a case review. They finally responded on 17th August to say:

"We have considered the points you have raised and, having reviewed the matter, we accept that the fact a disclosure is made inadvertently by a public authority is not automatically a determining factor which will mean the publication of the information by WDTK breaches the DPA. It is instead appropriate to consider the nature of the particular personal data, and whether WDTK is complying with the data protection principles where it decides to continue to publish it after being made aware it had been disclosed inadvertently.

"In this particular case the personal data constitutes the names and job titles of ICO staff involved in the audit in addition to those of Police Scotland’s contact points. We are satisfied that the disclosure of the personal data in this case is likely to be fair and not unwarranted in terms of prejudice to the data subjects’ rights and freedoms. We have reached this view in light of the fact the information only relates to the data subjects in the context of their professional roles, some of which are senior, and about which they would have reasonable expectations of varying degrees of accountability and scrutiny.

"For these reasons we have amended our assessment in this case and our conclusion is that WDTK’s processing of the personal data complies with the DPA. Therefore the ICO will not be taking further steps in this particular case."

We are glad that our interpretation of our obligations in this matter has ultimately been determined to be correct.
--
Doug - volunteer, WhatDoTheyKnow.com