Data Protection Impact Assessment (DPIA)
Total Page:16
File Type:pdf, Size:1020Kb
Law Enforcement Data Service Data Protection Impact Assessment (DPIA) Date: October 2020 Version: 1.0 © Crown copyright 2020 This publication is licensed under the terms of the Open Government Licence v3.0 except where otherwise stated. To view this licence, visit nationalarchives.gov.uk/doc/open- government-licence/version/3 or write to the Information Policy Team, The National Archives, Kew, London TW9 4DU, or email: [email protected]. Where we have identified any third-party copyright information you will need to obtain permission from the copyright holders concerned. This publication is available at www.gov.uk/government/publications. Any enquiries regarding this publication should be sent to us at [email protected]. Contents The need for a DPIA 4 The nature of the processing 6 Introduction 6 The types of data processed 6 Organisations processing data in LEDS 7 Processing Driver and Vehicle Licensing Agency data 8 Details of processing 9 How is data used? 10 How is data collected? 11 What are the access routes to LEDS data? 12 Who has access to the data and by what methods? 14 Who will share the data? 14 What types of processing identified as likely high risk are involved? 16 Are processors used? 17 What are the retention periods? 17 How is data stored? 19 How will data be deleted? 19 What security measures are in place? 19 Are any new technologies in use? 20 The scope of the processing 21 What is the nature of the data? 21 What is the volume and variety of the data? 21 What might be the sensitivity of the personal data? 22 What is the extent and frequency of the processing? 23 What is the duration of the processing? 23 What is the number of data subjects involved? 24 What is the geographical area covered? 24 The context of the processing 25 What is the relationship with the individuals? 25 1 Processing Children’s Data 26 What is the extent that individuals have control over their data? 27 The extent to which individuals are likely to expect the processing? 28 Do they include children or other vulnerable groups? 28 Are there prior concerns over this type of processing or security flaws? 28 Is LEDS novel in any way? 29 Any relevant advances in technology or security? 29 Any current issues of public concern? 30 Is LEDS signed up to any approved code of conduct or certification scheme (once any have been approved)? 31 The purpose of the processing 32 What does LEDS want to achieve? 32 The intended outcome for individuals 33 What are the benefits of the processing – for law enforcement, and more broadly? 33 The expected benefits for a society as a whole 34 Consultation process 35 Describe when and how you will seek individuals’ views? 35 Who else does LEDS need to involve within the organisation? 35 The proposed governance structure for LEDS 35 Who else within the Home Office has access? 36 Immigration Enforcement and LEDS 36 Consulting information security experts, or any other experts? 37 Consultation that is relevant to this development 37 Assessment of necessity and proportionality – compliance and proportionality measures 38 What is the lawful basis for processing? 38 Does the processing (the plans) help to achieve a purpose? 41 Is there another way to achieve the same outcome? 41 What are the conditions for undertaking sensitive processing? 41 How will you prevent function creep? 41 Data quality, consistency and retention 42 How do you intend to ensure data quality and minimisation? 42 How do you intend to provide privacy information to individuals? 43 2 What measures do you take to ensure processors comply? 43 How do you safeguard any international transfers? 44 Safeguarding access to the system 45 Safeguarding access to the data 45 Auditing use of LEDS 45 Identification and assessment of LEDS risks 47 Measures to reduce risk 50 Sign off and record outcomes 57 3 The need for a DPIA The Law Enforcement Data Service (LEDS) will provide police forces and other law enforcement agencies with the latest, on-demand and joined-up information at the point of need. This will help to prevent crime and better safeguard the public. The chief constable (or commissioner) of each police force is a registered data controller (‘a controller’). Through their nominated National Police Chiefs’ Council (NPCC) leads, they will be the joint controllers for all police data (law enforcement data) held in LEDS. The NPCC, as established under section 22a of the Police Act 1996, will determine the purpose for processing the data and the means. They are jointly accountable for the completion of this DPIA. The Home Office are responsible for the development and management of LEDS infrastructure, which will be hosted using the skills and expertise of a main system data processor (‘a processor’). LEDS will be hosted on a cloud-based platform, which will enable LEDS to facilitate requests for data by authorised users of the service. Authorised users process the data in LEDS under a lawful bases or a lawful purpose. LEDS involves multiple system and services, each providing access to separately owned datasets. It is the responsibility of the controller to determine how that data will be processed. The Home Office will manage the data within LEDS, as directed, by the various controllers. The Home Office, as owners of some data, will also be a controller. LEDS will have multiple controllers and data flow processors, acting on behalf of the Controller. Each role will be legally determined and enforced using joint-controller agreements, data processing contracts and where necessary, memorandums of understanding. A LEDS Privacy Impact Assessment (PIA) was completed and published in July 2018 and has remained under review since that time. As set out in the Data Protection Act 2018 a DPIA is required if “processing is likely to result in a high risk to rights and freedoms of individuals.’ The specific aims of the LEDS DPIA are: 1) To ensure that all data protection risks have been identified and to review the status of the Law Enforcement Data Service (LEDS) in the context of recent legislation and case law. 2) To ensure consistency and support throughout the police service and wider law enforcement in how data is captured, used, stored and deleted. 3) To ensure consistency and support throughout other law enforcement agencies with access to the data in LEDS. 4 4) To ensure compliance with Data Protection Act (DPA) 2018 5) To ensure compliance with the General Data Protection Regulation (GDPR) 6) To ensure compliance with Human Rights Act 1998. 7) To take account of European Convention on Human Rights (ECHR) 8) To follow guidance from the Information Commissioner’s Office (ICO) 9) To ensure the principles of data protection by design have been considered in the design and implementation of the LEDS. Law enforcement agencies in the United Kingdom currently make use of a wide variety of information systems at a local level. They collect and process data in connection with their law enforcement and policing purposes. It has also been recognised that there is great value in being able to share relevant information across law enforcement agencies in a timely and effective fashion. The two national systems under consideration here are: • The Police National Computer (PNC), was introduced in 1974 and holds personal data and other information relating to individuals, including arrests, charges, summons & court disposals (including convictions), warnings and whether a person is wanted or missing. There is also other information about vehicles and stolen property. Some of the data available on PNC has been migrated from other systems. • The Police National Database (PND), was introduced in 2009 and receives intelligence data, predominantly uploaded by police forces, concerning crimes, intelligence and public protection. This also includes custody information and custody images. Both are owned and managed by the Home Office. LEDS will relocate both onto a single technology platform, enabled by a cloud commodity provider. This relationship will be managed using a Data Processing Contract as required under s.59(5)-(7) DPA. It is clear that the integration of data, alongside increased search functionalities presents the potential for significant data protection risks. It is essential for the police service and authorised law enforcement organisations to ensure that the collection and use of data is and remains specific, explicit and legitimate for policing and law enforcement purposes. Further access to this data must be compatible with the purpose for which is was collected as required under Part 3 s.36(3)(b) GDPR. The risks posed to processing personal data and their mitigations are detailed below in the Identification and assessment of risks section. Article 35 of the GDPR details the conditions for completing a DPIA. Section 64 DPA will also apply in relation to law enforcement processing. This states that where processing of data is likely to result in high risks to the rights of individuals a DPIA must be produced. The high-level risks associated with processing data in LEDS have been appropriately mitigated to reduce any potential impacts on individuals. As a result, this DPIA is not required to be submitted to the Information Commissioner for prior consultation as detailed under s.65(2) DPA. 5 The nature of the processing Introduction LEDS will provide law enforcement agencies with current and joined up information, on- demand and at the point of need, in order to prevent crime and better safeguard the public. In addition, it will: • Rationalise national information systems • Enhance the national information dataset • Deliver more service capabilities from the national information dataset; and • Reduce the cost of providing and maintaining national policing information.