Criminal History System and Police National Computer

D McIntyre made this Freedom of Information request to Tayside Police

This request has been closed to new correspondence. Contact us if you think it should be reopened.

Tayside Police did not have the information requested.

Dear Tayside Police,

This request is centred around the Scottish national computer system commonly referred to as the CHS. I understand that the current system in place is referred to as CHS2 and when referring to that system I will use the term CHS2 and when referring to its predecessor I shall refer to it as CHS1. When referring to legislation, this refers to all forms of primary and secondary legislation, i.e. Acts of Parliament as well as Statutory Instruments, etc.

This request makes the assumption that the Criminal History System is the national computer system serving Scottish Police forces whilst the Police National Computer is the national computer system serving English and Welsh Police forces as per the descriptor at the Scottish Police Services Authority (SPSA) which states:

"Following installation and rigorous testing in 1988 the computerised CHS for Scotland became operational. The added advantage was that this provided a link into the Police National Computer (PNC) via an interface (Phoenix Force Interface) allowing officers in Scotland to retrieve information from the Police National Computer. The PNC is the national criminal database for England and Wales."

http://www.spsa.police.uk/services/infor...

Please provide details of UK and/or Scottish legislation
that are relevant in establishing the practice and the policy surrounding the transfer of data (specifically around an individual's criminal record) by Tayside Police to the Police National Computer [PNC]. Please provide all information pertinent to both CHS1 and CHS2.

Yours faithfully,

D McIntyre

FIID (FOI),

1 Attachment

  • Attachment

    Freedom of Information request Criminal History System and Police National Computer.html

    5K Download

NOT PROTECTIVELY MARKED

Our Ref: FOI 418-11

E-Mail: [Tayside Police request email] for all correspondence
relating to FOI requests

Dear Mr. McIntyre,

I refer to your request of 12 August, 2011 for information under the
Freedom of Information (Scotland) Act 2002 (copy attached for the
avoidance of doubt).

Having considered your request in terms of the above Act, I would advise
you that Tayside Police has no record of the details of the legislation
relating to the establishment of the practice and policy surrounding the
transfer of data from CHS1 and CHS2 to the Police National Computer.

As such, in terms of Section 17 of the Freedom of Information (Scotland)
Act 2002, this represents a notice that the information requested is not
held.

By way of explanation, CHS1 and CHS2 are systems used by the Scottish
Police service as a whole and do not pertain specifically to Tayside. Any
relevant legislation taken into account when compiling the policy would
have been considered at a national level in conjunction with the
Association of Chief Police Officers Scotland (ACPOS).

It should be noted that the provision of ICT services (which includes CHS)
to all Scottish Forces falls under the remit of the Scottish Police
Services Authority (SPSA). Should you wish to contact them directly
regarding this matter, then please find the following link through which
they may be contacted:

[1]http://www.spsa.police.uk/foi/how_make_f...

I would also like to take this opportunity of informing you that a
requirement of the above Act is that, in order to validate a request,
applicants must provide their full name within the body of the request. I
would therefore respectfully request that this be borne in mind, should
you wish to submit any further requests in the future.

Further details regarding this requirement are available on the Scottish
Information Commissioner's website via the following link -

[2]http://www.itspublicknowledge.info/FAQ/G...

I trust the enclosed information will be of assistance to you. However,
if you are not satisfied with the way in which your request has been dealt
with, you are entitled, in the first instance, to request a review of the
decision made by the Force. Should you wish to request such a review,
please write to me within 40 days of receiving this communication. I will
arrange for a senior officer, who has not been involved in my decision
making process, to conduct a review as required by the Act.

If, after having been informed of the review panel's decision, you are
still not satisfied, you then have six months in which you are entitled to
apply to the Scottish Information Commissioner for a decision. The
contact details for Mr Dunion, the Scottish Information Commissioner are
Office of the Scottish Information Commissioner, Kinburn Castle,
Doubledykes Road, St Andrews, Fife, KY16 9DS, telephone 01334 464610.

Regards, Norma

Norma Brady
Freedom of Information Officer
Crime & Intelligence Division
Tayside Police
Tel: 01382 596644
Fax: 01382 596048
Email: [Tayside Police request email]

NOT PROTECTIVELY MARKED

This communication is intended for the person(s) or organisation named and
may be in nature, legally priviliged and protected in law.

If you are not the intended recipient please advise us immediately and do
not disclose, copy or distribute the contents to any other person.

Failure to comply with these instructions may constitute a criminal
offence. You should be aware that all Tayside Police email communications
may be subject to disclosure under the Freedom of Information (Scotland)
act 2002.

References

Visible links
1. http://www.spsa.police.uk/foi/how_make_f...
http://www.spsa.police.uk/foi/how_make_f...
2. http://www.itspublicknowledge.info/FAQ/G...
http://www.itspublicknowledge.info/FAQ/G...

Dear FIID (FOI),

Thank you for your prompt reply. I'll deal with your points separately.

Firstly, with your statement regarding applicants being required to provide their full name, I must disagree. As per the guidance from the Information Commissioner's Office at page 2/3 of 'Valid request – name and address for correspondence'

http://www.ico.gov.uk/upload/documents/l...

which states:

"What constitutes a real name?

We consider that a relatively informal approach is also appropriate in this context. Therefore, title and/or first name with surname satisfies the requirement for provision of a real name, as does the use by a female applicant of her maiden name. The prime consideration is whether enough of a person’s full name has been provided to give a reasonable indication of that person’s identity.

Example:
Mr Arthur Thomas Roberts could satisfy section 8(1)(b) of the FOIA by stating his name in a request for information as “Arthur Roberts”, “A. T. Roberts”, or “Mr Roberts”, but not by stating his name as “Arthur” or “A.T.R.”

Secondly, The Chief Constable is the data controller (as defined by the Data Protection Act 1998) for Tayside Police (I shall refer to Tayside Police from this point as the data controller to simply matters). One of the Act's main principles is that data must be processed fairly and lawfully. Tayside Police are the Data Controller of data owned by them and recorded on the PNC as per guidance from the NPIA, therefore I would expect Tayside Police to be aware of the legislation that enables them to transfer this data 'fairly and lawfully', therefore I still consider this request to have been unanswered.

My request is simple, please advise me as to what UK and/or Scottish legislation enables Tayside Police (in particular) to transfer data Tayside Police control (as the Data Controller) to the Police National Computer. Alternatively, you can admit that Tayside Police do not have a record of what actually permits them to transfer data to the Police National Computer, they 'just do it'. However I would appreciate that statement or something similar to be recorded in your reply.

Yours sincerely,

D McIntyre

FIID \(FOI\),

NOT PROTECTIVELY MARKED

Our Ref: FOI 418-11
E-Mail: [Tayside Police request email] for all correspondence
relating to FOI.

Dear Mr McIntyre

I acknowledge receipt of your request, received today, seeking a review
of Ms Brady's response.

I write to advise you that I will conduct this review and, under the
terms of the Freedom of Information (Scotland) Act 2002, Tayside Police
now has 20 working days to provide you with a reply.

Regards,

Claire Sturrock
Force Records Manager
Force Crime Intelligence Division
Tayside Police

Tel: 01382 596657
Fax: 01382 596048
email: [email address]

show quoted sections

FIID - Records/FOI Civ Sturrock C,

NOT PROTECTIVELY MARKED

-- Converted from text/plain format -->

Our Ref: FOI 418-11

E-Mail: [Tayside Police request email] for all correspondence
relating to FOI requests

Dear Mr McIntyre,

I understand that you have requested a review of the decision communicated
to you by Ms Norma Brady on 12 August 2011, in respect of your original
request for information also received that day.

Request for Review:

Firstly, with your statement regarding applicants being required to
provide their full name, I must disagree. As per the guidance from the
Information Commissioner's Office at page 2/3 of 'Valid request - name and
address for correspondence' (link) which states:

"What constitutes a real name? We consider that a relatively informal
approach is also appropriate in this context. Therefore, title and/or
first name with surname satisfies the requirement for provision of a real
name, as does the use by a female applicant of her maiden name. The prime
consideration is whether enough of a person's full name has been provided
to give a reasonable indication of that person's identity.

Example: Mr Arthur Thomas Roberts could satisfy section 8(1)(b) of the
FOIA by stating his name in a request for information as "Arthur Roberts",
"A. T. Roberts", or "Mr Roberts", but not by stating his name as "Arthur"
or "A.T.R."

Secondly, the Chief Constable is the data controller (as defined by the
Data Protection Act 1998) for Tayside Police (I shall refer to Tayside
Police from this point as the data controller to simply matters). One of
the Act's main principles is that data must be processed fairly and
lawfully. Tayside Police are the Data Controller of data owned by
them and recorded on the PNC as per guidance from the NPIA, therefore I
would expect Tayside Police to be aware of the legislation that enables
them to transfer this data 'fairly and lawfully', therefore I still
consider this request to have been unanswered.

My request is simple, please advise me as to what UK and/or Scottish
legislation enables Tayside Police (in particular) to transfer data
Tayside Police control (as the Data Controller) to the Police National
Computer. Alternatively, you can admit that Tayside Police do not have a
record of what actually permits them to transfer data to the Police
National Computer, they 'just do it'. However I would appreciate that
statement or something similar to be recorded in your reply.

Original Request:

Please provide details of UK and/or Scottish legislation that are relevant
in establishing the practice and the policy surrounding the transfer of
data (specifically around an individual's criminal record) by Tayside
Police to the Police National Computer [PNC]. Please provide all
information pertinent to both CHS1 and CHS2.

My role is to consider the request and the decision, review the whole
process and either uphold or amend the decision depending on my
conclusions which I set out below.

As part of the review, I am also required to consider the quality of the
administrative process applied to your request and I am pleased to record
that I find no deficiency in that regard.

First of all, in relation to your comments regarding Ms Brady's advice
that you provide your full name in any future requests, I would advise you
that the guidance you quote above is not relevant in Scotland as it was
issued by the UK Information Commissioner and is based on the legislation
for England and Wales.

The advice provided by Ms Brady was based on equivalent guidance from the
Scottish Information Commissioner and is in line with the Scottish
Legislation.

A request without a full name is not considered to be valid in terms of
Section 8 of the Freedom of Information (Scotland) Act 2002.

On this occasion however, to be of assistance and given that a response
could be issued immediately, Ms Brady decided to treat your request as
valid and to provide you with some advice for future reference.

In reviewing Ms Brady's response I have studied all documentation relevant
to the request including her response which stated:

"I would advise you that Tayside Police has no record of the details of
the legislation relating to the establishment of the practice and policy
surrounding the transfer of data from CHS1 and CHS2 to the Police National
Computer. As such, in terms of Section 17 of the Freedom of Information
(Scotland) Act 2002, this represents a notice that the information
requested is not held."

In my opinion, this statement makes the Tayside Police position clear - no
information is held by the Force which relates to the establishment of the
policy surrounding the transfer of data from CHS to PNC.

As Ms Brady correctly stated in her response, CHS is used by the Scottish
Police service as a whole and not just Tayside Police.

As such, the consideration of any relevant legislation at the time of
developing the policy would have been at a national level.

Records relating to this process are not held by Tayside Police and the
Freedom of Information (Scotland) Act 2002 deals with the provision of
recorded information only.

I therefore conclude that the reasoning behind Ms Brady's application of
Section 17 of the Freedom of Information (Scotland) Act 2002 was sound and
I fully support her decision to apply this exemption and state that the
information requested was not held by Tayside Police and to direct you
instead to the Scottish Police Services Authority (SPSA).

You go on to pose an additional question in your request for review:

"Please advise me as to what UK and/or Scottish legislation enables
Tayside Police (in particular) to transfer data Tayside Police control (as
the Data Controller) to the Police National Computer."

In response to this question, I would advise you that Tayside Police does
not, in general terms, `transfer data to PNC'.

Information is transferred from CHS to PNC via an electronic interface and
the decision as to what offences are transferable is currently taken by
the SPSA Criminal Justice Service Desk.

I note that the SPSA has provided you with further details around this
process in their response to your FOI request which is available on the
What Do They Know website -

[1]http://www.whatdotheyknow.com/request/82...

To be of assistance, and following consultation with relevant experts in
this area, I can confirm that the legal authority in Scotland to hold
criminal information on a central register is Section 47 of the Police
(Scotland) Act 1967 -

[2]http://www.legislation.gov.uk/ukpga/1967...

If you remain dissatisfied following my review of this case, you then have
six months in which you may appeal to the Scottish Information
Commissioner who can be contacted as follows:

Mr Kevin Dunion

Scottish Information Commissioner

Kinburn Castle

Doubledykes Road

St Andrews

Fife

FK16 9DS

Telephone: 01334 464610

email: [3][email address]

Regards,

Claire Sturrock
Force Records Manager
Force Crime Intelligence Division
Tayside Police

Tel: 01382 596657
Fax: 01382 596048
email: [4][email address]

NOT PROTECTIVELY MARKED

This communication is intended for the person(s) or organisation named and
may be in nature, legally privileged and protected in law.

If you are not the intended recipient please advise us immediately and do
not disclose, copy or distribute the contents to any other person.

Failure to comply with these instructions may constitute a criminal
offence. You should be aware that all Tayside Police email communications
may be subject to disclosure under the Freedom of Information (Scotland)
act 2002.

References

Visible links
1. http://www.whatdotheyknow.com/request/82...
2. http://www.legislation.gov.uk/ukpga/1967...
3. mailto:[email address]
4. mailto:[email address]