Identifying the Data Controllers in the non-legal entity that is a MARAC

SJA Grove made this Freedom of Information request to Police Scotland This request has been closed to new correspondence. Contact us if you think it should be reopened.

The request was refused by Police Scotland.

Dear Police Scotland,

Background to this FOISA 2002 request

A Data Protection Act 2018 Subject Access Request to a local authority Social Work Department and having the good fortune for the council to leave the recorded information un-redacted such as “she said there was a marac last Thursday but does not know the outcome" and headers with the tern “VPD” may be the only way to identify that a Multi-Agency Risk Assessment Conference (MARAC) has been held on a Data Subject, and of course that someone considers that Data Subject to be potentially metaphorically “a mad axe murderer".

Information from Peter Needham the Head of Finance (and Data Protection Officer) for SafeLives, after submitting a Data Protection Act 2018 Subject Access Request with a resulting nil response, is that SafeLives do not record information on a Data Subject after a MARAC. This would appear to suggest that under the Data Protection Act 2018 the charity SafeLives do not consider themselves to be a “Data Controller”.

Interestingly Peter Needham at SafeLives recently directed a Data Subject to the actual MARAC to find information. Given that a MARAC is a non-legal entity and made up of multiple “Data Controllers" as defined by the Data Protection Act 2018 and that a member of the public cannot find out where MARACs are held (because this information is password protected on the SafeLives website) then this could be viewed as a distraction and/or delaying tactic on the part of SafeLives. This matter is now in the capable hands of the Information Commissioner's Office (ICO).

Police Scotland [or at least one Domestic Abuse Liaison Officer (DALO)] should reasonably know that a Data Protection Act 2018 Subject Access Request from Stirling Council on a Data Subject [who had requested the Subject Access Request when they were being prosecuted under Section 39 of the Criminal Justice & Licensing (Scotland) Act 2010] revealed that the interim Vulnerable Persons Database (iVPD) contained information of an erroneous and libellous nature and that this information had come to the attention of a sheriff at Stirling Sheriff Court as part of this Subject Access Request was produced in court. The Judgement of the sheriff detailed that in earlier provision of false information that the accused had been psychotic in the past was libel on the part of a solicitor acting for the complainant.

The Subject Access from Stirling Council, part of which became a Defence Production, had been delayed and this was investigated by the ICO. This might suggest that the local authority was prepared to breach the Data Protection Act 2018 as a way of covering up it's nefarious social work activities.

Police Scotland [or at least one Domestic Abuse Liaison Officer (DALO)] may not know that this Data Protection Act 2018 Subject Access Request from Stirling Council on a Data Subject [who had been prosecuted under Section 39 of the Criminal Justice & Licensing (Scotland) Act 2010] had a number of redactions and that by comparing with an un-redacted Subject Access Request provided by Police Scotland on the information held on that same Data Subject on the iVPD can identify what information Stirling Council actually redacted in the earlier Subject Access Request, part of which became a Defence Production.

This comparison reveals that false information such as “[Data Subject's first name] has mental health issues. Not known where [Data Subject's first name] is staying at present” and “Parents involved in custody dispute, [Data Subject's first name] also warned to stay away from child's mother, previous police involvement including other forces in the UK, [Data Subject's first name] has mental health issues” must have been redacted by Stirling Council.

This would suggest that when a local authority like Stirling Council redacts information and uses the exemption that revealing the personal information in a Data Protection Act 2018 Subject Access request would “prevent future social work activities” that this may be because the local authority does not want information in the public domain that an Independent Domestic Abuse Advocate (IDAA) at a MARAC has “gone rogue” and libelled an innocent Data Subject and created a dangerous narrative about them as a means for enacting Parental Alienation and that these processes are routine within the social work systems across Scotland.

FOISA 2002 Request

Under FOISA 2002 please provide me with the information contained in your records as follows:

When Police Scotland have acted as a Data Controller and passed (false) information onto a local authority social work system via the conduit of the iVPD what is the formal process whereby a Data Subject identifies all of the Data Controllers [who Police Scotland may not have a formal Information Sharing Agreement (ISA) with] who were present at the MARAC when that (false) information was generated?

Yours faithfully,

SJA Grove

Police Scotland

1 Attachment

  • Attachment

    Freedom of Information request Identifying the Data Controllers in the non legal entity that is a MARAC.txt

    6K Download View as HTML

Please accept this message as confirmation that your request has been
received by Police Scotland and will be dealt with under the terms of the
Freedom of Information (Scotland) Act 2002.

Please note, this mailbox is FOI request only.
Further details are below if you wish to request personal information,
road traffic incident or crime reports, or other non-FOI related
enquiries.

Requesting personal information held by Police Scotland
Applications must be made under GDPR/Data Protection Act 2018. Please
follow this link -
[1]http://www.scotland.police.uk/access-to-...

Road traffic incident or crime report relating to property which has been
damaged and/or stolen
Please click on this link -
[2]http://www.scotland.police.uk/about-us/f....

Non FOI related queries
Please phone 101 or refer to this link -
[3]http://www.scotland.police.uk/contact-us

Kind regards

FOI Team
Police Scotland

References

Visible links
1. http://www.scotland.police.uk/access-to-...
2. http://www.scotland.police.uk/about-us/f...
3. http://www.scotland.police.uk/contact-us

FOI, Dundee, Police Scotland

1 Attachment

OFFICIAL

 

Good Afternoon,

Please find attached our response to your recent request for information.

Kind Regards,

FOI Team

show quoted sections

Dear FOI, Dundee,

Police Scotland are thanked for providing the information on GDPR/DPA 2018.

GDPR Article 15 (1) (g) states that:

where the personal data are not collected from the data subject, any available information as to their source.

It is hoped that Police Scotland will provide the source Data Controller where false information is obtained by Police Scotland, either after a Data Protection Act 2018 Subject Access Request Internal Review or after a complaint investigation by the Information Commissioner's Office (ICO).

Yours sincerely,

SJA Grove

Dear Police Scotland,

Please pass this on to the person who conducts Freedom of Information reviews.

I am writing to request an internal review of Police Scotland's handling of my FOI request 'Identifying the Data Controllers in the non-legal entity that is a MARAC'.

Police Scotland are thanked for providing the information under the General Data Protection Regulations (GDPR) that pertains to the where Police Scotland sends information/data on a Data Subject. As pointed out before GDPR Article 15 (1) (g) states that:

where the personal data are not collected from the data subject, any available information as to their source.

As a Data Controller Police Scotland should be keeping accurate records as to the source of information that is sourced at a Multi-Agency Risk Assessment Conference (MARAC) which then populates the interim Vulnerable Persons Database (iVPD) and is then shared with a Local Authority Social Work Department e.g. Childrens Services.

The reasons for recording the Data Controllers providing information to Police Scotland should be obvious to Police Scotland but for the avoidance of doubt and to place these reasons in the public domain they include but are not limited to:

1. An Independent Domestic Abuse Advocate (IDAA) is a separate Data Controller (as defined by the Data Protection Act 2018) and therefore if it is identified that false information is sourced from them and recorded on the iVPD then a Data Subject has a Right to Rectification under GDPR and therefore they will need to know the identity of the IDAA or the Data Controller organisation they are employed by and Police Scotland should be able to provide this to the Data Subject.

2. An IDAA may file a false police report which would likely be a crime under the Criminal Law (Consolidation) (Scotland) Act 1995 and Police Scotland should keep accurate records in case this happens.

3. An IDAA may file a false police report which would likely be a “hate crime” as described by the former iVPD Information Asset Owner (IAO) ACC Gillian MacDonald in the Facebook video of 19 March 2018. Were such an incident to occur then the irony should not be lost on Police Scotland that they themselves and the iVPD IAO in particular would be guilty of a hate crime by allowing and not investigating a malicious false police report (which then gets shared with social work).

4. An IDAA may file a false police report and were this report (which is recorded on the iVPD) to not be passed onto the COPFS then this could potentially be viewed as Police Scotland colluding with a Crown witness to cover up the crime of defeating the ends of justice (perjury).

5. An IDAA may file a false police report which gets recorded on the iVPD and then this information is not revealed to the COPFS. This would then be a potential crime on the part of the Police Scotland Reporting Officer (RO) in a prosecution case (or the police officer who recorded the false information on the iVPD or the police officer who has responsibility of informing the RO of the information on the iVPD) under Section 142 of the Criminal Justice & Licensing (Scotland) Act 2010. Were this to occur Police Scotland officers could find themselves reported to the Criminal Allegations Against the Police Division (CAAPD) of the COPFS.
For the five reasons above the information on Data Controllers present at MARACs who provide Police Scotland with Special Category Data (as defined by the GDPR) must have been detailed in the Data Protection Impact Assessment (DPIA) document that ACC Gillian MacDonald is reported to have provided the Scottish Government.

As an Internal Review please provide another Section 17(1) exemption or a copy of the DPIA on the iVPD that details the way in which Police Scotland records Data Controllers at MARACs.

A full history of my FOI request and all correspondence is available on the Internet at this address: https://www.whatdotheyknow.com/request/i...

Yours faithfully,

SJA Grove

Police Scotland

1 Attachment

  • Attachment

    Internal review of Freedom of Information request Identifying the Data Controllers in the non legal entity that is a MARAC.txt

    5K Download View as HTML

Please accept this message as confirmation that your request has been
received by Police Scotland and will be dealt with under the terms of the
Freedom of Information (Scotland) Act 2002.

Please note, this mailbox is FOI request only.
Further details are below if you wish to request personal information,
road traffic incident or crime reports, or other non-FOI related
enquiries.

Requesting personal information held by Police Scotland
Applications must be made under GDPR/Data Protection Act 2018. Please
follow this link -
[1]http://www.scotland.police.uk/access-to-...

Road traffic incident or crime report relating to property which has been
damaged and/or stolen
Please click on this link -
[2]http://www.scotland.police.uk/about-us/f....

Non FOI related queries
Please phone 101 or refer to this link -
[3]http://www.scotland.police.uk/contact-us

Kind regards

FOI Team
Police Scotland

References

Visible links
1. http://www.scotland.police.uk/access-to-...
2. http://www.scotland.police.uk/about-us/f...
3. http://www.scotland.police.uk/contact-us

Dear Police Scotland,

Apologies there was a typographical error in the Internal Review which should have read Section 164 of the Criminal Justice and Licensing (Scotland) Act 2010 as this is the Code of Practice relating to the Revelation of exculpatory evidence to the Crown Office & Procurator Fiscal Office (COPFS) who then have a duty of Disclosure under the same section of the same Act.

For further clarification the information requested cannot be subject to a Section 17(1) exemption under the FOISA 2002 as the identification of Data Controllers passing Special Category Personal Data (as defined by the GDPR) to Police Scotland would have been covered in a Data Protection Impact Assessment (DPIA) and information in the public domain from Police Scotland's ACC Gillian MacDonald identifies that such a DPIA has been sent to the Scottish Government and the ICO.

Yours faithfully,

SJA Grove

Police Scotland

1 Attachment

  • Attachment

    Re Freedom of Information request Identifying the Data Controllers in the non legal entity that is a MARAC.txt

    3K Download View as HTML

Please accept this message as confirmation that your request has been
received by Police Scotland and will be dealt with under the terms of the
Freedom of Information (Scotland) Act 2002.

Please note, this mailbox is FOI request only.
Further details are below if you wish to request personal information,
road traffic incident or crime reports, or other non-FOI related
enquiries.

Requesting personal information held by Police Scotland
Applications must be made under GDPR/Data Protection Act 2018. Please
follow this link -
[1]http://www.scotland.police.uk/access-to-...

Road traffic incident or crime report relating to property which has been
damaged and/or stolen
Please click on this link -
[2]http://www.scotland.police.uk/about-us/f....

Non FOI related queries
Please phone 101 or refer to this link -
[3]http://www.scotland.police.uk/contact-us

Kind regards

FOI Team
Police Scotland

References

Visible links
1. http://www.scotland.police.uk/access-to-...
2. http://www.scotland.police.uk/about-us/f...
3. http://www.scotland.police.uk/contact-us

FOI, Dundee, Police Scotland

1 Attachment

OFFICIAL

Dear applicant,

 

Please find attached our response to your request for a review of FOI
20-1987.

 

Regards,

 

Claire Sturrock
Disclosure Manager - North
Information Management

(Currently working from home Monday to Friday)

show quoted sections

Dear FOI, Dundee,

Police Scotland are thanked for providing the Section 17(1) exemption however in so doing it would appear that Police Scotland are formally acknowledging that they are breaching the General Data Protection Regulations (GDPR) by not having transparent data sharing processes in operation.

Police Scotland should reasonably know that a Data Protection Act 2018 Subject Access Request required an Internal Review to identify the seven digit identifiers of the Police Scotland officers who recorded the false Special Category Personal Data (as defined by the GDPR) on the interim Vulnerable Persons Database (iVPD) and that Police Scotland do not detail the source of this false information that a Data Subject could reasonably expect under Article 15 (g) of the GDPR. This SAR has been reported to the ICO.

It would appear that Police Scotland have implemented extremely dubious data sharing arrangements with Third Sector organisations and these data sharing arrangements may allow breaches of Section 164 of the Criminal Justice and Licensing (Scotland) Act 2010 and potentially of equal gravity allowing a system whereby Crown witnesses can commit perjury/defeat the ends of justice with impunity.

This request is being closed as a refusal until the Scottish Information Commissioner gives their judgement on an appeal, when this request could be closed as not having the information requested.

Yours sincerely,

SJA Grove