Final
Animal Welfare Information Sharing Agreement
Between
Police Service of Northern Ireland and
Western Region Fermanagh & Omagh District Council, (Regional Lead Council) - Derry City & Strabane District Council and Mid Ulster District Council
Belfast City Council
Eastern Region - Lisburn & Castlereagh City Council and Ards & North Down Borough Council
Northern Region - Mid & East Antrim Borough Council, Causeway Coast & Glens Borough Council and Antrim & Newtownabbey Borough Council
Southern Region - Armagh City, Banbridge & Craigavon Borough Council and Newry, Mourne & Down District Council
1 Final
Document Ref: 17-144129
Purpose: The purpose of this agreement is to formalise information sharing arrangements between the listed Regional Council’s and the Police Service of Northern Ireland to further the investigation and enforcement under the Welfare of Animals Act (NI) 2011.
Partners: All signatories are listed at the rear of this document.
Date Agreement comes into force:
Date for Review of Agreement:
Agreement Lead:
Agreement drawn up by:
Location of the Original Agreement:
2 Final
VERSION RECORD
Version No Amendments Made Authorisation
Vo 1
Vo 1.1
Vo 1.2
Vo 1.3
Vo 1.4
Vo 1.5
Vo 1.6
3 Final
Index
Section 1 Introduction Page 5
Section 2 Purpose of the Agreement Pages 6 – 9
Section 3 Key Contact Information Page 10
Section 4 Legal Basis Pages 11 – 12
Section 5 Data to be Shared Pages 13 – 14
Section 6 Security, Data Handling & Management Pages 15 – 16
Section 7 SAR, FOIA & EIR Page 17
Section 8 Breaches Page 18
Section 9 Training Page 19
Section 10 Complaints Page 20
Section 11 Retention & Review Page 21
Section 12 Withdrawal Page 22
Section 13 Signatories Pages 23 – 24
Appendix 1 Leads and Liaison Officers Page 25
Seven Golden Rules for Information Appendix 2 Page 26 Sharing
Appendix 3 Glossary of Terms Page 27
Appendix 4 The Data Protection Principles Page 28
Appendix 5 Secure Handling of PSNI Data Pages 29 – 34
Request for Disclosure of Personal Appendix 6 Pages 35 – 40 Data from the PSNI
4 Final
1. Introduction
1. This Agreement is between the Police Service of Northern Ireland and Fermanagh & Omagh District Council, the latter is designated by Councils as the Regional Lead Council in relation to the enforcement of the Welfare of Animals Act (NI) 2011.
2. The Regional Lead Council has a co-ordinating role with all Councils for matters relating to this agreement and all work arising from it. The Regional Lead Council representative at official level will be the co-signatory of this Information Sharing Agreement (ISA) in conjunction with the Head of Department Legacy and Justice Branch Police Service of Northern Ireland (PSNI), when the content is agreed.
3. Sub-regional Lead Councils means the specific Councils as designated by Councils, to be the Lead Council with regards to the Welfare of Animals Act (NI) 2011.
5 Final
2. Purpose of the Agreement
1. The Lead Councils and the Police Service of Northern Ireland (PSNI) are committed to working together and when necessary, to share information that will enhance the investigation and enforcement of Animal Welfare cases that they have a statutory responsibility to conduct.
2. The purpose of this agreement is to outline the basis upon which the PSNI and the Lead Councils will share person and non-personal data for the investigation and enforcement of Animal Welfare under the Welfare of Animals Act (NI) 2011.
3. The agreement will enable the legitimate and secure sharing of personal data between Lead Councils and PSNI. It is also to enable Councils to benefit from the PSNI’s statutory support.
4. The types of support required from the PSNI in relation to cases being investigated by Lead Councils in relation to Animal Welfare include:-
The protection of Animal Welfare officer in the performance of his/her functions under Welfare of Animals Act (NI) 2011.
The provision of assistance in connection with the enforcement of Welfare of Animals Act (NI) 2011 e.g. or entry under warrant, seizure of animals as may be necessary to perform its functions under Welfare of Animals Act (NI) 2011.
5. The success of this agreement hinges on effective, timely information sharing and it is accepted that the organisations working separately may hold incomplete information when endeavouring to address the issues associated with the investigation and enforcement of Animal Welfare.
6 Final
6. The lead body for the development, implementation and review of this Information Sharing Agreement (ISA) is Fermanagh and Omagh District Council.
7. This Information Sharing Agreement (ISA) has been devised using guidance from the Information Commissioner’s Office (ICO) Data Sharing; Code of Practice and the seven “golden rules” for information sharing are included in this Agreement (Appendix 2).
8. The commitments of the Councils and PSNI are as follows:
To only share proportionate and relevant information relating to preventing and reducing criminal activity in respect of animal welfare cases;
To comply with all relevant legislation and guidance;
To have notified the Information Commissioner’s Office in respect of the notification obligations under the Data Protection Act; and
To seek legal advice in cases where there is any doubt as to whether information sharing is appropriate.
If there is an ongoing police investigation and sharing the information would prejudice the investigation, no information will be released until proceedings have concluded.
9. The Data Protection Act 1998 regulates the processing of personal data and the following definitions are relevant:-
Data - any information which:
(a) Is being processed by means of equipment operating automatically in response to instructions given for that purpose.
7 Final
(b) Is recorded with the intention that it should be processed by means of such equipment. (c) Is recorded as part of a relevant filing system or with the intention that it should form part of a relevant filing system. (d) Does not fall within paragraph (a), (b) or (c) but forms part of an accessible record. (e) Is recorded information held by a public authority and does not fall within any of paragraphs (a) to (d).
Data controller – a person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data are, or are to be, processed.
Data subject – an individual who is the subject of personal data;
Personal data – data which relates to a living individual who can be identified:
(a) from those data, or (b) from those data and other information which is in the possession of, or is likely to come into the possession of, the data controller, and includes any expression of opinion about the individual and any indication of the intentions of the data controller or any other person in respect of the individual.
Processing of data – in relation to information or data, means obtaining, recording or holding the information or data or carrying out any operation or set of operations on the information or data, including:
(a) Organisation, adaptation or alteration of the information or data, (b) Retrieval, consultation or use of the information or data, (c) Disclosure of the information or data by transmission, dissemination or otherwise making available, or (d) Alignment, combination, blocking, erasure or destruction of the information or data.
8 Final
Sensitive personal data – consisting of:
(a) The racial or ethnic origin of the data subject. (b) His political opinions. (c) His religious beliefs or other beliefs of a similar nature. (d) Whether he is a member of a trade union (within the meaning of the Trade Union and Labour Relations (Consolidation) Act 1992). (e) His physical or mental health or condition. (f) His sexual life. (g) The commission or alleged commission by him of any offence, or (h) Any proceedings for any offence committed or alleged to have been committed by him, the disposal of such proceedings or the sentence of any court in such proceedings.
9 Final
3. Key Contact Information
Western Area Animal Welfare Service – Fermanagh & Omagh District Council, Derry City & Strabane District Council, Mid Ulster District Council. Telephone: 028 8225 6226 Email: [email protected]
Belfast City Council Animal Welfare Service Telephone: 028 9027 0431 Email: [email protected]
Eastern Region Animal Welfare Service –Lisburn & Castlereagh City Council, Ards & North Down Borough Council Telephone: 028 9049 4567 Email: [email protected]
Northern Region Animal Welfare Service – Mid & East Antrim Borough Council, Causeway Coast & Glens Borough Council, Antrim & Newtownabbey Borough Council Telephone: 028 2563 3134 Email: [email protected]
Southern Region Animal Welfare Service -– Armagh City, Banbridge & Craigavon Borough Council, Newry Mourne & Down District Council Telephone: 028 3751 5800 Email: [email protected]
PSNI: Inspector Urban OCMT, Telephone 101 Extension 25236 Email: [email protected]
10 Final
4. Legal Basis for Data Sharing
1. The legal gateways for information sharing are as follows:
Data Protection Act 1998. The Data Protection (processing of Sensitive Personal Data) Order 2000 Section 1(1). Common Law. Welfare of Animals Act 2011; Police (NI) Act 2000 and Information Commissioner’s Office (ICO) Data Sharing Code of Practice.
2. The conditions contained within the schedules of the Data Protection Act 1998 for the purposes of information sharing within this agreement are as follows:
Schedule 2 – 3, 5(b) and 6(1) Schedule 3 - 6(a), 7(1)(b)
3. It will be the responsibility of the signatories to this agreement when personal data is being shared to ensure there is full compliance with the legal principles set out in the Data Protection Act 1998, the Human Rights Act 1998 and the Common Law Duty of Confidentiality insofar as they apply to the information sharing taking place under the terms of this agreement.
4. The following points must be considered before sharing information:
The right to confidentiality and the public interest in upholding this right; Proportionate Response; Respective risks to those affected; Passing need; Need to know of other agencies; and Public interest in disclosure.
11 Final
5. Public Interest criteria includes:
The prevention and detection of crime; The prevention / detection of crime and / or apprehension or prosecution of offenders (S29); For the exercise if functions conferred on any person by or under any enactment (police/social services) (S2&3); In accordance with a court order; and Common Law Duty of Confidentiality.
6. When judging public interest the following should be considered:
Is the intended disclosure proportionate to the intended aim; What is the impact of disclosure likely to be on an alleged offender or victim; Is there another equally effective means of achieving the same aim; Is the disclosure necessary to prevent or detect crime and uphold the rights and freedoms of the public; Is it necessary to disclose the information to protect an animal; and The rule of proportionality should be applied to ensure that a fair balance is achieved between the public interest and the rights of the data subject.
7. In the majority of situations it is not appropriate to seek consent from an alleged perpetrator when conducting an investigation or carrying out enforcement into an animal welfare case. Alerting the individual that they are potentially under investigation as part of a criminal matter may have a detrimental impact on the purpose of the process.
8. Each Council and PSNI must decide whether or not they can or should share information and decisions should be made on a case-by-case basis using professional judgement. Managerial or legal advice should be sought where necessary.
12 Final
5. Data to be Shared
1. The Councils and PSNI involved must only share information that is relevant and proportionate, based on the merits of each case, regarding victims, alleged perpetrators, and associates whether current or historical. Information will only be used for the purpose for which it was requested and will not be shared with any other party.
2. The following information should be used as a guideline:
Copies of Police Officer Statements. Copies of Animal Welfare Officers Statements and relevant documentation. Copies of information obtained by Police officers and Animal Welfare Officers during course of initial investigation including statements from relevant parties, Vet statements, Post mortem reports, photographs, CCTV, Officer Camera footage and any other relevant data that may assist with the Animal Welfare investigation. Locating the whereabouts of any person (last known address) sought in connection with an Animal Welfare investigation. Copies of information in relation to historical cases taken by PSNI or Council Animal Welfare units in relation to Animal Welfare. Conviction data that is relevant to the individual named and to the case under investigation.
3. Enquires can be submitted for vehicle ownership data when the vehicle is involved in an animal welfare enquiry or investigation and the need to obtain the information is vital to the enquiry or investigation. When this occurs, the two procedures listed below must be followed:
13 Final
(1) Critical / Urgent – when there is an immediate pressing need to obtain the ownership details of a vehicle that is:
suspected to be involved in criminal activity concerning animals: the information is needed to protect an animal from serious and imminent harm; the vehicle is moving animals at the time and the address of its registered owner is required to permit Council Animal Welfare Officers to immediately visit to seize, search and enforce.
If the above is used, Council Animal Welfare Officers must contact their local duty Sergeant or Inspector. This can be followed up by submitting an Animal Welfare Disclosure request form found at Appendix 6.
(2) Non Critical / Urgent – when there is no immediate pressing need to obtain the ownership details, but they still must be obtained to progress an ongoing investigation whereby the individual is:
suspected to be involved in criminal activity concerning animals ; the information is needed to protect an animal from serious harm; and the vehicle is suspected of moving animals and the address of its registered owner is required to permit Council Animal Welfare Officers to visit to seize, search and enforce
In the above scenario, Council Animal Welfare Officers must submit an Animal Welfare Disclosure request form to the Urban Inspector OCMT, Lislea Drive. Telephone 101, extension 25236. Form can be found at Appendix 6.
14 Final
6. Security, Data Handling and Management
1. Personal and sensitive personal data must not be emailed over the open internet without encryption or secure email.
2. It is critical that a record of the exact information shared must be retained by the provider and recipient organisations, i.e. the PSNI or Council must record the specific information released by whom, to whom and when. This is to ensure the integrity and continuity of any information that maybe used for evidential purposes and this record provides an accurate audit trail in the event of either the PSNI or a Council being challenged. It also provides provenance with regard the sequence of its formal ownership, custody, storage and sharing. There can be no compromise on this obligation and failure to properly record the process will dilute and weaken the agreement. All Councils and the PSNI must open a file for the sharing of information in respect of this agreement.
3. The primary method of requesting information from PSNI will be completed by e-mail via the following email addresses:
Note – Apart from Belfast CC, each region will receive information in written format until secure email addresses can be obtained.
4. The Data Protection Act requires that:
“Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to personal data”.
15 Final
5. In addition, each organisation must ensure that measures are in place to do everything reasonable to:
Make accidental compromise or damage unlikely during transmission by using secure email, storage, handling, use or processing; Deter deliberate compromise; Promote discretion in order to avoid unauthorised access; Animal Welfare information must only be accessed for legitimate purposes in a manner consistent with investigation and enforcement priorities and only where there is a “need to know”.
6. Lead Councils remain the owner (data controller) of any personal information it provides to the PSNI and the PSNI remains the owner (data controller) of any personal information it provides to the Lead Councils.
7. Both Lead Councils and PSNI must hold the personal information provided by either party in strictest confidence and must not disclose it to any third party without the prior written consent of either party.
8. Both organisations must ensure that only those of its employees, who require access for lawful business purposes, will be able to view and process the data. All staff will have received appropriate training in data protection awareness to enable them to understand * their responsibilities under the 1998 Act to maintain the security and confidentiality of personal information.
9. No processing will be performed by a sub-contracting organisation without the knowledge and agreement of those involved.
Please note: Faxing is NOT a secure means of transmission for information relating to Animal Welfare investigations or enforcement and should NOT be used.
16 Final
7. Subject Access (SAR), Freedom of Information (FOIA) & Environmental Information Regulations (EIR)
1. Each organisation must have its own information governance protocols and guidelines and these should also be adhered to for animal welfare investigation and enforcement purposes.
2. They will include how to process requests for information under the Data Protection Act, Freedom of Information Act or Environmental Information Regulations. These must be dealt with by the individual organisation who receives the request unless they do not hold the information requested.
3. Where information held is relevant to the request and is identified as having originated from the PSNI, another Council or organisation, it will be the responsibility of the receiving party to contact the originator of the data to determine whether the originator wishes to claim an exemption under the provisions of either the Data Protection Act, Freedom of Information Act or Environmental Information Regulations. The receiving party should be mindful that they must respond to requests within 40 calendar days under the Data Protection Act and 20 working days under the Freedom of Information Act and Environmental Information Regulations.
4. The responsibility to deal with a request for personal data, general information or environmental information will rest with the agency who receives it. Information must not be disclosed to any other person without prior consideration from the originating sources.
17 Final
8. Breaches
1. A breach of the proper handling of personal data may increase the threat to the individual to whom the data relates and may seriously undermine and affect the credibility of the sharing for the investigation and enforcement of animal welfare objectives. It may also a breach of the Data Protection Act 1998 and may attract enforcement action by the Information Commissioner’s Office.
2. The Councils and PSNI will ensure that staff are aware they may be subject to disciplinary action and / or legal proceedings if they unlawfully or without appropriate authority disclose or withhold personal information about victims or alleged perpetrators on a basis that cannot be justified on legal grounds.
3. If it is believed that information supplied by an organisation has been lost or inadvertently disclosed, a data loss/incident response plan must be engaged. The Council or PSNI upon discovering any breach of the Data Protection Act 1998 involving information shared must inform the lead Council Officer and provide full and comprehensive details of the breach.
4. All organisations must ensure they are familiar with the ICO guidance on data security breach management and its guidance on how and when to notify the Information Commissioner’s Office in the event of a breach.
5. Whoever is responsible for the breach may be accountable and ultimately subject to any potential enforcement action recommended by ICO after an investigation.
18 Final
9. Training
1. All Councils and PSNI will ensure that members of their staff who are involved in sharing information will have adequate training regarding the responsibilities and obligations imposed by this ISA.
19 Final
10. Complaints re Information Sharing
1. Complaints related to the processes and procedures (information sharing) should be submitted in writing by the complainant.
2. If the complaint relates to the procedure listed within this ISA, then whoever receives the complaint must immediately bring this to the attention of the Lead Council Administrator.
3. The Lead Council Administrator will acknowledge the complaint and convene an immediate meeting of those involved to agree on how best to proceed. The Lead Council Administrator must respond within 20 working days of receipt, where possible.
4. Should the complaint be against a specific Council, and not the actual sharing of information, the initial complaint should be sent directly to the designated officer for that Council and dealt with via that Council’s complaints procedure.
20 Final
11. Retention and Review
1. The information processed in relation to animal welfare investigations and enforcement will be retained in line with the PSNI and each Councils retention and disposal schedule.
2. The information Sharing Agreement will be reviewed by the Lead Council Administrator at 6 months and then will be reviewed every 12 months. The ISA may be reviewed sooner should there be changes to legislation e.g. new General Data Protection Regulations or other exceptional circumstances. All changes to the ISA are to be agreed and approved by all signatories prior to the changes taking place.
21 Final
12. Withdrawals
1. The designated officer for any Council who wishes to withdraw from this ISA must inform the Lead Council administrator in writing. The Lead Council administrator will inform the relevant Council liaison officers and the PSNI in writing.
2. Information processed by the leaving Council, which is no longer relevant should be destroyed in accordance with the respective Council’s guidelines.
22 Final
13. Signatories
We the undersigned agree that we will adopt and adhere to this information sharing agreement.
This Agreement is made on ______(date) between Police Service Northern Ireland (PSNI) and Regional Lead Council (Animal Welfare).
Signed on behalf of the PSNI Signed on behalf of Regional Lead
Department: ______Council: ______
Name: ______Name: ______
Grade/Title: ______Position/Title: ______
Date: ______Date: ______
23 Final
Signed on behalf of Belfast City Signed on behalf of Eastern Region
Department: ______Council: ______
Name: ______Name: ______
Grade/Title: ______Position/Title: ______
Date: ______Date: ______
Signed on behalf of Northern Region Signed on behalf of Southern Region
Council: ______Council: ______
Name: ______Name: ______
Position/Title: ______Position/Title: ______
Date: ______Date: ______
24 Final
Appendix 1
Animal Welfare Lead
E Mail Address & Organisation Name Telephone Number
PSNI [email protected]
Tel: 101 Ext: 56044
Council
Council Liaison Officers
Belfast City Council
Eastern Region
Northern Region
Southern Region
25 Final
Appendix 2
Seven Golden Rules for Information Sharing
1. Remember that the Data protection Act is not a barrier to sharing information but provides a framework to ensure that personal information about living persons is shared appropriately.
2. Be open and honest with the person (and/or their family where appropriate) form the outset about why, what, how and with whom information will, or could be shared, and seek their agreement, unless it is unsafe or inappropriate to do so.
3. Seek advice if you are in any doubt, without disclosing the identity of the person where possible.
4. Share with consent where appropriate and, where possible, respect the wishes of those who do not consent to share confidential information. You may still share information without consent if, in your judgement, that lack of consent can be overridden in the public interest. You will need to base your judgement on the facts of the case.
5. Consider safety and well-being: Base your information sharing decisions on the safety and well-being of the person and others who may be affected by their actions.
6. Necessary, proportionate, relevant, accurate, timely and secure: Ensure that the information you share is necessary for the purpose for which you are sharing it, is shared only with those people who need to have it, is accurate and up-to-date, is shared in a timely fashion, and is shared accurately.
7. Keep a record of your decision and the reasons for it – whether it is to share information or not. If you decide to share, then record what you have shared, with whom and for what purpose.
26 Final
Appendix 3
Glossary of Terms
DPA Data Protection Act
ECHR European Convention on Human Rights
ICO Information Commissioner’s Office
ISA Information Sharing Agreement
MOPI Management of Police Information
PSNI Police Service of Northern Ireland
CJSM Criminal Justice Secure Mail
NPCC National Police Chiefs Council
Core Organisations
Police Service of Northern Ireland
Western Region Fermanagh & Omagh District Council, Derry City & Strabane District Council and Mid Ulster District Council
Belfast City Council
Eastern Region Lisburn & Castlereagh City Council, Ards & North Down Borough Council
Northern Region Mid & East Antrim Borough Council, Causeway Coast & Glens Borough Council and Antrim & Newtownabbey Borough Council
Southern Region Armagh City, Banbridge & Craigavon Borough Council and Newry Mourne & Down District Council
27 Final
Appendix 4
The Data Protection Principles
There are 8 Data Protection Principles
1. Personal data shall be processed fairly and lawfully and, in particular, shall not be processed unless - (a) at least one of the conditions in Schedule 2 is met, and (b) in the case of sensitive personal data, at least one of the conditions in Schedule 2 is met, and (b) in the case of sensitive personal data, at least one of the conditions in Schedule 3 is also met.
2. Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes.
3. Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.
4. Personal data shall be accurate and, where necessary, kept up to date.
5. Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
6. Personal data shall be processed in accordance with the rights of the data subjects under this Act.
7. Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.
8. Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.
28 Final
Appendix 5
Secure Handling of PSNI Data
Introduction
i. In line with HM Government mandatory requirements, PSNI has adopted the Government Protective Marking Scheme (GPMS). This scheme requires that a protective marking is applied to all PSNI information assets, e.g. paper documents, email, electronic documents, to ensure that they are protected and managed in a manner proportionate to their importance and sensitivity. The GPMS applies to information assets through their entire lifecycle, i.e. from creation through to secure disposal. ii. Protective markings are assigned to information assets based on the impact that the compromise of the information asset would bring about. A protective marking must be applied to information assets which, if compromised, may result in certain detrimental outcomes, specifically:
Increase the risk to life and safety of an individual or a group of individuals; Have a detrimental effect on the provision of emergency services; Hinder or impede crime fighting; and/or Have a negative effect on judicial proceedings.
iii. Failure to assign an appropriate protective marking may lead to data being inadequately protected with subsequent damage, disclosure or loss. Too high an assignment of a protective marking can lead to costly and prohibitive security controls being put in place which may limit the worth of the information asset;
iv. Protectively marked PSNI data shared with ASBF core agencies must be handled as stipulated in the following guidance.
29 Final
Information Assets Covered i. The guidance in the following sections covers, but is not limited to, the following types of electronic and paper based information assets:
Table 1 – Asset Types
Information Assets
o Assets on electronic media o Paper or electronic log files
o Assets on removable media o Paper files
o CCTV footage o Paper forms
o Dictaphone/sound recordings o Photocopied information
o Digital images o Photographic information Electronic documents o Hand-written notes (e.g. Word & Excel) o
o Electronic forms o Transcribed notes
o Emails o Presentations
o Film or video o Spoken conversations
o Hard copy documents o Speeches or lectures
30 Final
General Principles
i. In accordance with the HM Government Security Policy Framework Mandatory Requirements user access to PSNI data must be based on the principle of ‘least privilege’ in combination with the principle of ‘need to know’. These principles are defined as:
1) ‘Least privilege’ – Users must only have access to PSNI Information Assets which are necessary for them to fulfil their role. Users must not have more privileges (access and functionality) than required; and
2) ‘Need to know’ – User access to PSNI Information Assets must be for specific and legitimate business purposes only.
For the avoidance of doubt, this means that even where a user has been given access to PSNI Information Assets, they must only do so where a genuine business need exists. ii. The GPMS provides guidance on information asset sensitivity and criticality and the level of suggested protective marking that should be applied. The following table provides guidance on the potential outcome if sensitive, protectively marked data is compromised.
Protective Information Asset Exposure Could …… Marking
RESTRICTED Cause substantial distress to individuals;
Prejudice the investigation or facilitate the commission of crime;
Breach proper undertakings to maintain the confidence of information provided by third parties;
Breach statutory restrictions on disclosure of information.
PROTECT Cause distress to individuals;
Breach proper undertakings to maintain the confidence of information provided by third parties;
Breach statutory restrictions on the disclosure of information;
Prejudice the investigation or facilitate the commission of crime; and/or
31 Final
Guidance for Protectively Marked Information Assets
The following guidance must be applied to the management of protectively marked PSNI information assets, specifically: i. The originator or Information Asset Owner (IAO) of an information asset is responsible for the correct application of a protective marking. ii. The protective marking of a PSNI information asset must not be amended without PSNI authority. iii. Access to protectively marked information must be granted on a ‘need to know’ basis. iv. A grouping of information assets must display the protective marking of the highest protectively marked asset. For example, a folder containing five Not Protectively Marked documents and one RESTRICTED document must attract the protective marking of RESTRICTED. v. Protectively marked information assets must only be accessed by users with an appropriate level of security clearance and where the information being accessed is required for their role. vi. Where protectively marked information assets are being sent in the post (internal and external) or with courier services, messengers/couriers must be given clear instructions about delivery of items in the absence of the addressee. vii. Envelopes containing protectively marked information must not be left in vacant rooms, and unopened envelopes should not be left in correspondence trays. viii. All protectively marked information assets should be accounted for to ensure that they are securely handled and disposed of correctly. ix. The copying of protectively marked documents should be kept to the minimum essential for the efficient conduct of business. Spare copies should be reviewed regularly with the aim of destruction. x. Data Protection legislation requires, where information assets relate to individuals, that the information held should be adequate, relevant and not excessive and not kept longer than necessary. xi. Protectively marked information assets must be secured appropriately when not in use. xii. Filing cabinets and rooms used for the processing and storage of sensitive information, including back-up disks, video and audio recordings, must be kept locked at all times outside normal working hours.
32 Final
xiii. Access to protectively marked information outside normal working hours must be controlled and sufficient information of all such access must be recorded to facilitate an audit trail.
xiv. The practice of leaving documents containing protectively marked information in unsecured filing cabinets and rooms, to facilitate easy access at all times, is unacceptable. Managers of protectively marked information must ensure that all filing cabinets etc. are locked at the end of normal working hours. All access keys must be kept under equally secure conditions. In some instances it will be appropriate to document details of the issue of keys to sensitive or secure zones by maintaining a key register; and
xv. A clear desk policy protects information from unauthorised access, loss or damage. All staff should adopt a clear desk policy for papers and diskettes/CDs, to reduce the risks of unauthorised access, loss of and damage to information, outside normal working hours. No matter how good the external security of any office environment, information left on desks is likely to be damaged or destroyed in a disaster (such as fire, flood or explosion). Ideally, fire resistant cabinets should be used for such storage.
Management of Protectively Marked Information Assets
Baseline Security Guidance i. Any PSNI information asset under the control or custody of ASBF agency must be handled and given a level of protection commensurate with its protective marking. For each protective marking, the baseline security guidance is detailed in the tables below. Protective Marking Baseline Security Guidance
Information Asset Handle, use and transmit with care; and Take basic precautions against accidental compromise or opportunist attack. Physical Asset Control, use and transport with care; and PROTECT Take basic precautions against accidental compromise or opportunist attack.
Information Asset Handle, use and transmit with care; and Take basic precautions against accidental compromise or opportunist attack. Physical Asset Control, use and transport with care; and
RESTRICTED Take basic precautions against accidental compromise or opportunist attack.
33 Final
Handling and Management of Protectively Marked Information Assets
Protectively Restricted Protect Marked at
Storage of Lockable Cabinet Lockable Physical Cabinet Assets
Can it be Only between secure domains i.e. Yes, controls emailed cjsm.net required for externally? personal data.
Can it be No Yes, controls Faxed? required for personal data.
Sending Trusted hand, post or courier. Trusted hand, Hard Copy Closed cover or container. post or courier. The cover should not be marked other than Closed cover or PERSONAL or ADDRESSEE ONLY. container. It should be addressed to an individual by The cover name or appointment. should not be marked other than PERSONAL or ADDRESSEE ONLY. It should be addressed to an individual by name or appointment.
Can it be Only if baseline encryption is used. Yes, controls stored on required for Removable personal data. Media?
34 Final
Appendix 6
Animal Welfare Request
Request for disclosure of Personal Data from the PSNI under Sections 29 (3) of the Data Protection Act 1998
The Data Protection Act 1998 permits disclosure in certain circumstances where the disclosure is necessary and proportionate when considered against an individual’s right to privacy.
The sections within this form detail why Council Regional Animal Welfare Officers based in the regions below believe disclosure in is necessary.
*Please tick as appropriate
Western Region - Fermanagh & Omagh District Council, Derry City & Strabane District Council and Mid Ulster District Council
Belfast City Council
Eastern Region – Lisburn & Castlereagh City Council, Ards & North Down Borough Council
Northern Region – Mid & East Antrim Borough Council, Causeway Coast & Glens Borough Council and Antrim & Newtownabbey Borough Council
Southern Region – Armagh City, Banbridge & Craigavon Borough Council and Newry Mourne & Down District Council
Section 1: Details from whom the information is required
Name – Urban Inspector
Position – OCMT Lislea Drive
Organisation – Police Service of Northern Ireland
35 Final
Section 2: Requested information
1) Personal information about (include name of data subject, address and other identifiers (e.g. date of birth) where possible)?
2) The exact personal information required.
3) Why the personal information is required by Council?
36 Final
4) The internal department within the PSNI who may hold information relevant to this request? (if known)
Section 3: Requests for information under section 29(3) of the Data Protection Act 1998.
1) The information is required for: (tick one as appropriate):
o The prevention or detection of crime.
o The apprehension or prosecution of offenders.
o The assessment or collection of any tax or duty.
Non-disclosure of the information requested will prejudice a Council Animal Welfare Investigation because: bb
37 Final
Section 4: Declaration
I confirm that any personal data disclosed will not be used in a way that is incompatible with the purpose for which it is being requested. I understand that if any information recorded on this form has been omitted or is deliberately wrong, I may be committing an offence under Section 55 of the Data Protection Act 1998.
This form is signed and completed by the person requesting the information and authorised by a senior member of staff.
Person requesting the information:
Signed ......
Name ......
Position/Grade ......
Date ......
Contact details:
Tel No ......
Email Address ......
Organisation ......
Address ......
Authorised by (if applicable):
Signed ......
Name ......
Position/Rank ......
Date ......
Declaration: The Council Animal Welfare Officer accepts that any data supplied is processed under the Data Protection Act 1998. He or She agrees to use the data only for the purpose(s) specified above, and in accordance with the DPA, to treat the data in confidence and to destroy the data securely if it is not applicable to the investigation.
38 Final
Section 5: Response
The Council Animal Welfare Officer respectfully seeks a response to this request and confirmation that it has been carefully considered. Any decision relating to this request must take into account the requirements placed upon your organisation and any relevant legislation.
Signature: ______
Name: ______
Position: ______
Organisation & Dept: ______
Date: ______
The information requested by the Council Animal Welfare Officer has been approved for disclosure and is attached*
The information requested above has not been approved for disclosure*
*Please tick above as appropriate
39 Final
If a decision has been made not to disclose the information, can you please give a reason and confirm if the PSNI requires additional information or do you require a Court Order to permit disclosure?
40