_______________________ An Garda Síochána: Final Report of Audit Issued March 2014 1 EXECUTIVE SUMMARY .........................................................................................................................4 Recommendations...........................................................................................................................5 1. BACKGROUND AND LEGAL BASIS FOR INSPECTION ..................................................................11 2. PRE-INSPECTION..................................................................................................................11 3. OVERVIEW OF AN GARDA SIOCHANA............................................................................13 4. PULSE .....................................................................................................................................13 4.1 PULSE Overview............................................................................................................14 4.2 Demonstration of PULSE ...............................................................................................15 4.3 Data Categorisation on PULSE......................................................................................15 4.4 Intelligence on PULSE and Criminal Intelligence Officers............................................20 4.5 Use of PULSE.................................................................................................................23 4.6 Adult Cautions on PULSE ..............................................................................................24 4. 7 Minors on PULSE...........................................................................................................26 4.8 Access to PULSE ............................................................................................................30 4.9 Data Entry on PULSE: Garda Information Services Centre (GISC)..............................34 5. NON-PULSE DATABASES ..............................................................................................................40 5.1 Sex Offenders Register....................................................................................................41 5.2 CJIP – Criminal Justice Integration Project..................................................................41 5.3 Driver Enquiry/Vehicle Search.......................................................................................42 5.4 Prisoner Data Feed ........................................................................................................45 6. FINGERPRINTING & PHOTOGRAPHS...........................................................................................45 6.1 Photographs/Fingerprinting in Mullingar Garda Station..............................................47 6.2 Photographs/Fingerprinting in Donnybrook Garda Station ..........................................48 6.3 Standardised Procedures & Forms ................................................................................49 6.4 Livescan..........................................................................................................................51 6.5 Fingerprinting Service for visa applications abroad......................................................51 6.6 AFIS (Automated Fingerprinting Information System) ..................................................51 7. AUTOMATIC NUMBER PLATE RECOGNITION(ANPR)................................................................59 8. ACCESS TO TELECOMMUNICATIONS DATA ...............................................................................61 9. ARREST AND DETENTION ...............................................................................................................66 9.1 Prisoner’s Log ................................................................................................................67 9.2 Potential Outcomes of Arrest/Detention.........................................................................68 9.3 Charge Sheet ..................................................................................................................68 9.4 Decision to Prosecute.....................................................................................................68 10. DISCLOSURE OF PERSONAL DATA TO THIRD PARTIES..................................................................69 10.1 Road Traffic Accident. ....................................................................................................69 10.2 Insurance Company .........................................................................................................71 11. USE OF CCTV SYSTEMS ...............................................................................................................72 11.1 Garda CCTV Scheme......................................................................................................72 11.2 Operator Responsibilities for Garda Town Centre CCTV Systems. ...............................73 11.3 CCTV Review Facility.....................................................................................................74 rd 11.4 Use of 3 Party CCTV Footage.....................................................................................75 11.5 Retention and Storage.....................................................................................................76 11.6 Access to Garda CCTV by third parties................................................................................77 12. GARDA VETTING SYSTEM.............................................................................................................78 12.1 Garda Central Vetting Unit............................................................................................78 12.2 Vetting Procedures..........................................................................................................78 12.3 Pulse Update Section ......................................................................................................80 12.4 Garda Vetting Disclosures .............................................................................................83 12.5 Non-Convictions, Old or Minor Convictions..................................................................84 13. PROCESSING OF DATA ACCESS REQUESTS....................................................................................84 14. EXCHANGE OF DATA WITH OTHER COUNTRIES ............................................................................87 14.1 ECRIS (European Criminal Records Information System).............................................87 15. DATA SECURITY: IT SECURITY.....................................................................................................88 15.1 Overview.........................................................................................................................88 15.2 Topology of system .........................................................................................................89 15.3 Security of IT Equipment and Infrastructure..................................................................89 15.4 Laptops............................................................................................................................90 15.5 USB Devices.....................................................................................................................90 15.6 Remote Access to the Garda System. ...............................................................................90 2 15.7 Network Security..............................................................................................................90 15.8 Desktop Device Security ..................................................................................................91 15.9 User Accounts ..................................................................................................................91 15.10 Roles and Permissions .....................................................................................................92 15.11 Password Security ............................................................................................................93 15.12 IT Helpdesk.......................................................................................................................93 15.13 Printing.............................................................................................................................93 15.14 Disaster Recovery..............................................................................................................93 15.15 Waste Disposal ..................................................................................................................94 16. FINDINGS .....................................................................................................................................94 3 Executive Summary The Office of the Data Protection Commissioner (ODPC) carried out an audit of data protection in An Garda Síochána (AGS) over the years 2011 to October 2013. The audit consisted of an examination of documentation provided by AGS, discussions with AGS senior management and on-site inspections at AGS HQ in Dublin, the AGS Vetting Unit in Thurles, the AGS Information Services Centre (GISC) in Castlebar and Garda stations in Donnybrook, Mullingar and Limerick. The audit was carried out by reference to the requirements of the Data Protection Acts and the elaboration of those requirements contained in the ODPC-approved Data