Prevent/Channel data management

The request was partially successful.

Dear Croydon Borough Council,

This is a request under the Freedom of Information Act.

According to the document CTP-Prevent Policy 2020, released publicly by Counter Terrorism Policing, each local authority and police force should enter into Data Sharing Agreements (DSA) with regards to Prevent and/or Channel. According to legislation, DSA’s should be entered into after a Data Protection Impact Assessment has been carried out. Any data processing should be covered by a Data Processing Contract.

Please release:

1: Any Data Sharing Agreement(s) made with regards to Prevent and/or Channel.

2: Any Data Protection Impact Assessment done in relation to these Data Sharing Agreement(s).

3: Any Data Processing Contract(s) relevant to the Data Sharing Agreement(s).

4: A list of partners without Data Sharing Agreement(s) that you have entered into a Memorandum of Understanding with for the purposes of Prevent and/or Channel implementation.

5: Any information given to persons, or the guardians of said persons, referred to Prevent and/or Channel, including any Privacy Notice.

Additionally, please answer the following questions:

6: Is the Data Sharing Agreement derived from the template Data Sharing Agreement found on the Police CTNet?

7: Are any data relevant to Prevent and/or Channel shared outside of Data Sharing Agreements, such as via Multi Agency Safeguarding Hub emails being copied in to Police?

8: Do invitees to Channel or Police-Led Partnership Panels have to sign Data Sharing or Confidentiality Agreements?

9: If YES to (8) please release a copy of this agreement.

10: Is any data relevant to Prevent stored outside of the Prevent Case Management Database or Channel Management Information System?

11: If YES to (11) please list these databases.

12: Please indicate whether your area is a Prevent priority area (YES/NO)

13: Please indicate whether your area is a Dovetail area (YES/NO)

14: Please list all the persons consulted on the decision to release the above information (only position and organization)

I note that a number of local authorities, including Prevent priority areas, have proactively made public their Information Sharing Agreements and Data Protection Impact Assessments that are attached to Prevent and Channel programmes.

This includes Hampshire County Council, which has released its Information Sharing Agreement; Lincolnshire Police, which has released multiple Information Sharing Agreements signed between itself and public bodies in Lincolnshire; Camden Borough Council, which has released its Data Protection Impact Assessment, and Blackburn and Darwen, which has released its Memorandum of Understanding. London Multi-Agency Data Sharing Agreement for Safeguarding and Promoting the Welfare of Children is also publicly available.

I also note that the Metropolitan Police has made public its National Prevent Referral Form, and has also released the document CTP-Prevent Policy 2020 on using the Prevent Case Management database, which includes information on input, referral, liaison with FIMU. According to this document, Dovetail sites are responsible for updating the Channel Management Information System. This document already places in the public domain the majority of processes for data sharing, including the use of Fixed Intelligence Management Units, the use of the Dynamic Investigation Framework for assessing cases, and the Intelligence Cycle.

Thus there should be little in this request that is not already in the public domain in some form.

I look forward to your reply.

Sam Andrews

croydon@infreemation.co.uk, Croydon Borough Council

Information Team Croydon
Digital Services
Assistant Chief Executive Directorate
Bernard Wetherill House
7th Floor, Zone B
Croydon
CR0 1EA

Contact: Information Team
[Croydon Borough Council request email]

 

NOTE: Please do not edit the subject line when replying to this email. If
you have a processing request, please ensure you quote that reference in
your emails to us.

DEAR Sam Andrews

 

Freedom of information request - FOI/7244

 

Subject: Prevent/Channel data management

Your request is being considered and you will receive a response within
the statutory timescale of 20 working days, subject to the application of
any exemptions. Where consideration is being given to exemptions the 20
working day timescale may be extended to a period considered reasonable
depending on the nature and circumstances of your request. In such cases
you will be notified and, where possible, a revised time-scale will be
indicated. In all cases we shall attempt to deal with your request at the
earliest opportunity.

If we are unable to provide you with the information requested we will
notify you of this together with the reason(s) why, and details of how you
may appeal.

Please note that the directorate team may contact you for further
information where we believe that the request is not significantly clear
for us to respond fully. 

Kind Regard

Information Management Team

 

Croydon Digital Services

Assistant Chief Executive Directorate

 

7th Floor, Zone B

Bernard Weatherill House

8 Mint Walk

Croydon CR0 1EA

croydon@infreemation.co.uk, Croydon Borough Council

Information Team Croydon
Digital Services
Assistant Chief Executive Directorate
Bernard Wetherill House
7th Floor, Zone B
Croydon
CR0 1EA

Contact: Information Team
[Croydon Borough Council request email]

 

Dear Sam Andrews

 

Request: FOI/7244

 

We are writing to advise you that the time limit for responding to your
request for information needs to be extended.

 

As per ICO guidelines, it is occasionally necessary to extend the 20
working day time limit for issuing a response. In the case of your
request, we must extend the time limit because the information requested
must be considered under one of the exemptions to which the public
interest test applies, specifically Section 24 of the FOIA. This extra
time is needed in order to make a determination as to the public interest
in relation to the consideration of National Security.

 

Therefore, we will provide our response by no later than 22/05/23. If you
do not receive our response or further information by then, please contact
us and we will investigate the matter. Please remember to quote the
reference number above in any future communications.

 

Kind regards,

Information Management Team

 

croydon@infreemation.co.uk, Croydon Borough Council

2 Attachments

Information Team Croydon
Digital Services
Assistant Chief Executive Directorate
Bernard Wetherill House
7th Floor, Zone B
Croydon
CR0 1EA

Contact: Information Team
[Croydon Borough Council request email]

 

Dear Sam Andrews

Request FOI/7244

Further to your request received on 23/03/2023, I confirm that the Council
has now considered your request under the Freedom of Information Act 2000
(FOIA). For ease of reference, I will now address each of your questions
in turn. 

This is a request under the Freedom of Information Act.

According to the document CTP-Prevent Policy 2020, released publicly by
Counter Terrorism Policing, each local authority and police force should
enter into Data Sharing Agreements (DSA) with regards to Prevent and/or
Channel. According to legislation, DSA’s should be entered into after a
Data Protection Impact Assessment has been carried out. Any data
processing should be covered by a Data Processing Contract.

Please release:

1: Any Data Sharing Agreement(s) made with regards to Prevent and/or
Channel.

2: Any Data Protection Impact Assessment done in relation to these Data
Sharing Agreement(s). 

3: Any Data Processing Contract(s) relevant to the Data Sharing
Agreement(s).

 

For Questions 1-3, the Council considers the information requested to
be exempt under Section 24 (National Security) of the FOIA, which states:

 

(1) Information which does not fall within section 23(1) is exempt
information if exemption from section 1(1)(b) is required for the purposes
of safeguarding national security.

(2) The duty to confirm or deny does not arise if, or to the extent that,
exemption from section 1(1)(a) is required for the purposes of
safeguarding national security.

(3) A certificate signed by a Minister of the Crown certifying that
exemption from section 1(1)(b), or from section 1(1)(a) and (b), is, or at
any time was, required for the purpose of safeguarding national security
shall, subject to section 60, be conclusive evidence of that fact.

(4) A certificate under subsection (3) may identify the information to
which it applies by means of a general description and may be expressed to
have prospective effect.

 

This acts as an exemption notice. Subsection (1) means that if the
requested information is not already exempt under section 23, then it is
exempt under this section, if disclosure of the information would have an
adverse effect on national security.

This is a qualified exemption and requires the consideration of a public
interest test. In this case we have considered that the public interest
favours non-disclosure. This is because releasing data sharing/processing
contracts and agreements to the wider public pertaining to how we hold,
process and secure data could reveal how such data and the wider
Prevent/Channel scheme can be exploited, and thus jeopardise issues
relating to national security. 

As part of wider Counter Terrorism efforts, the Government employs a range
of programmes to safeguard susceptible individuals and the public.  The
nature of these programmes means that there is sometimes limited
information about them in the public domain.  Data protection documents
contain detailed descriptions of the purposes for which information is
being stored and used.  Disclosing detailed operational information about
certain intervention programmes, including information contained in data
protection documents, would provide detailed information on how they
operate and could undermine their effectiveness.

For example, this information could be used by individuals or groups to
devise counter strategies to these programmes, weakening their
effectiveness and expose susceptible individuals to a greater risk of
being drawn into terrorism.  If more people are drawn into terrorism this
would increase the national security threat to the UK.  There is a serious
terrorism threat to the United Kingdom and the Information Commissioner
recognises that terrorists are highly motivated and will go to great
lengths to achieve their goals.

Finally, whilst some local authorities may see fit to disclose this
information, the fact that other public authorities choose to disclose
this information does not set a precedent for every public authority to do
the same.  Each request and response must be considered individually, and
the risks identified by the Council in this case do not change simply
because another Council has taken a different approach.

In summary, whilst disclosing the requested information may be in the
interests of increased transparency, it is felt that due to serious
terrorist threats against the United Kingdom, disclosing this information
into the public domain could put national security at risk by
undermining or negating the Government’s efforts to prevent acts of
terrorism and terrorist related crime. Therefore we consider the requested
information to be exempt under the FOIA.

 

4: A list of partners without Data Sharing Agreement(s) that you have
entered into a Memorandum of Understanding with for the purposes of
Prevent and/or Channel implementation.

This information is in the public domain and is therefore exempt from
Croydon Council under Section 21 of the Freedom of Information Act 2000,
‘Information reasonably accessible to the applicant by other means’.

Section 21 is an absolute exemption and therefore does not require the
public interests balancing test to be applied.  The council can confirm
that the requested information can be accessed through the following link
to the Annex B Channel Duty Guidance:

[1]Channel Duty Guidance: Protecting people vulnerable to being drawn into
terrorism (publishing.service.gov.uk)

 

5: Any information given to persons, or the guardians of said persons,
referred to Prevent and/or Channel, including any Privacy Notice.

Please find attached the “Croydon Consent Form” and also see link to the
Home Office Data Protection Privacy Notice:

[2]https://www.gov.uk/government/publicatio...

 

Additionally, please answer the following questions:

6: Is the Data Sharing Agreement derived from the template Data Sharing
Agreement found on the Police CTNet?

This information is not recorded.

 

7: Are any data relevant to Prevent and/or Channel shared outside of Data
Sharing Agreements, such as via Multi Agency Safeguarding Hub emails being
copied in to Police?

Information is only shared in-line with the data sharing agreement.

 

8: Do invitees to Channel or Police-Led Partnership Panels have to sign
Data Sharing or Confidentiality Agreements?

Yes 

 

9: If YES to (8) please release a copy of this agreement.

Please find the a blank copy of the confidentiality sheet attached.

 

10: Is any data relevant to Prevent stored outside of the Prevent Case
Management Database or Channel Management Information System?

Yes 

 

11: If YES to (11) please list these databases.

In response to Question 11, this information is not provided as the use of
exemption available under Section 31 (Law Enforcement) and Section 24
(National Security) of the Freedom of Information Act. This is a qualified
exemption and thus requires the Council to consider public interest issues
in withholding the information vs the public interest in disclosing the
information.

While there is an obvious public interest in both issues of transparency
and also in understanding how the Council manages and secures its IT, this
has to be balanced against the need to ensure that the security of this
infrastructure remains secure, so that it can be used by the Council to
assist it in providing reliable services to the public. It has been deemed
that providing this information would potentially leave the Council at
risk by those who would wish to subject the Council to ‘cyber attacks’.

As outlined in our response for Qs 1-3, and advice taken from the Home
Office, there is a serious terrorism threat to the United Kingdom and the
Information Commissioner recognises that terrorists are highly motivated
and will go to great lengths to achieve their goals. To list the databases
where information pertaining to Prevent/Channel data is stored, could
allow groups or individuals to study the weaknesses of said platforms and
devise counter strategies to compromise them, thereby potentially exposing
the wider council to a breach of confidentiality and other such
technological and legal concerns. 

Ultimately, to provide the requested information could undermine the
Council’s ability to operate and provide services for the public and tax
payers if such databases we compromised. Therefore after taking the above
issue into account, we will not be providing you with the requested
information.

We are also not minded to disclose these details under the 8^th Principle
of the Data Protection Act, as to do so as a data controller would be
putting the security of our data under an increased level of being
compromised, which is not appropriate or lawful for a data controller to
knowingly do.

 

12: Please indicate whether your area is a Prevent priority area (YES/NO)

Yes

 

13: Please indicate whether your area is a Dovetail area (YES/NO)

Yes 

 

14: Please list all the persons consulted on the decision to release the
above information (only position and organization)

Information which identifies individuals is considered personal data as
defined by the Data Protection Act 2018, which falls within the exemption
in Section 40 (2) (a) (i) (Personal Information) of the Freedom of
Information Act 2000.  By disclosing two identifiers (organisation and
position within it) any individuals who have been consulted could be
identified.  Therefore this aspect of your request is therefore exempt
from disclosure by virtue of Section 40(2)(a)(i) of the Freedom of
Information Act 2000.

It is important to remember that when information is released under the
Freedom of Information Act 2000, it is considered released to the wider
public. The First data protection principle states processing of data must
be fair and lawful and thus in this case we have decided to withhold
personal names. Any such disclosure of personal information would not be
compliant with the provisions of the Data Protection Act 2018 and the
First data protection principle. Section 40(2) is an absolute exemption,
which does not require a public interest test.

 

Furthermore,  we cannot name the individuals consulted as this would also
engage Section 38 of the FOIA (Health and Safety). Once again, it is
important to remember that when information is released under the Freedom
of Information Act 2000, it is considered released to the wider public. In
deciding whether to apply this exemption the Council is expected to
balance the public interest test in withholding the information against
the public interest in disclosing the information.

Although the release of this information would be in the interest of
transparency, the information is considered, by the Council, to
potentially lead to the breach of Health and Safety measures in that the
disclosing of the information could potentially endanger the safety of
such individuals.

This is because Prevent is part of the Government’s Counter Terrorism
Strategy and those involved with it are engaged in reducing the terrorist
threat to the UK.  There is a risk that individuals or groups seeking to
undermine the UK’s counter terror strategy could target people who were
consulted in answering this FOI, as anyone who is consulted would have
some responsibility for delivering Prevent.  An additional concern is that
if individuals know that they could potentially be identified by
information released via FOI, this would negatively impact their mental
wellbeing. Therefore we have determined that the public interest in
knowing the names of consultees is outweighed by the risk of harm
to officers involved with the Prevent scheme and thus this aspect of your
request is exempt from disclosure by virtue of Section 38 of the Freedom
of Information Act 2000.

 

The Council publishes Access to Information requests and responses on its
online Disclosure Log. (Any request included within this log will be
anonymised appropriately)

To view the Council’s Disclosure Log, please visit our website available
here:

[3]The Freedom of Information (FOI) Act | Croydon Council
(disclosure-log.co.uk)

 

If you are dissatisfied with the way the Council has handled your request
under the Freedom of Information Act, you may ask for an internal review.
This should be submitted to us within 40 working days of this response.
You can do this by outlining the details of your complaint by:

 

Email:        [4][Croydon Borough Council request email]

 

Writing:     Information Team

London Borough of Croydon

Bernard Weatherill House

Floor 7 - Zone B

8 Mint Walk

Croydon, CR0 1EA

 

Any requests received after the 40 working day time limit will be
considered only at the discretion of the council.

 

If you are not content with the outcome of the internal review, you have
the right to apply directly to the Information Commissioner for a
decision. The Information Commissioner can be contacted at:

 

Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire, SK9 5AF

 

Yours sincerely,

 

Information Team

Croydon Digital Services

Assistant Chief Executive Directorate

Bernard Wetherill House,

Mint Walk,

Croydon,

CR0 1EA

 

 

[5][Croydon Borough Council request email]

[6][email address]

 

References

Visible links
1. https://assets.publishing.service.gov.uk...
2. https://www.gov.uk/government/publicatio...
3. https://croydon.disclosure-log.co.uk/
4. mailto:[Croydon Borough Council request email]
5. mailto:[Croydon Borough Council request email]
6. mailto:[email address]