Thank you for your letter dated 27 December 2016 in which you request the following information:
2. Who oversees governance and law abidance of any sharing (please detail people, departments, organisations, bodies, governing bodies, etc.) internally and existentially. Please detail all.
3. What protocols, guidance, laws must your organisation follow when accessing any other organisation/body/agency/trust/business or individuals information/intelligence/data.
4. To access this data on any individual or organisation - what applications and forms must be processed to request access (and to whom). What protocols must be met to gain access and how are individuals vetted (please confirm if this is in place)
5. Vetting of individuals – please state how individuals accessing such data/information are vetted, levels of vetting and how data security, integrity are guaranteed and maintained (as with confidentiality). If none is in place – please confirm this.
6. If there are breaches of data, how these are identified, prosecuted and rectified. Please state the numbers of breaches:
7. Are there multi-agency investigations in place (and multi-organisation) which involve investigations from more than one agency? Are those professional investigators, civilians, both and are these people vetted/governed. Please state if vetting in place, companies or organisations used and how confidentiality, security and integrity are maintained and how any breaches of law, information, data, confidentiality are both monitored and prosecuted. If none of these statements are correct, or the practice not monitored or in place, then please state this.
8. What bodies govern such activity – please detail these and what they monitor you/your organisations for.
9. Errors, breaches, law infringements – how are these rectified/processed. All of the above meets the public interest test for divulgement (taken from the Information commissioner’s files – both UK and Scottish records) and FOI, FOI(S) and Data protection and EIR(S) criteria.
Please also note that I can only answer in relation to information held by COPFS. If you wish similar information from other criminal justice partners such as the Police a separate request will have to be made to them.
I now address each of your requests under the terms of the Freedom of Information (Scotland) Act 2002 (FOISA).
1. In order to identify this information, each criminal case and death report submitted by the Police and specialist reporting agencies in a given timespan would require to be assessed. Section 12(1) of FOISA does not oblige a Scottish public authority to comply with a request for information if the authority estimates that the cost of complying with a request for information exceeds a specified financial threshold, which is currently £600. I consider that to conduct a manual search of all cases for a timespan of relevance (over one week duration) would exceed the current limit in terms of section 12(1) of FOISA.
To illustrate the level of work that would be involved I can advise that the number of criminal reports received by COPFS in 2015-16 was 225,537 and a further 9579 death reports. You may wish to view further information published on the COPFS website at:
In addition to reports received from Police Scotland, COPFS also receives reports from specialist reporting agencies. In the last reporting year, there were 18134 reports submitted from specialist reporting agencies. A list of these agencies can be found on the COPFS website at: http://www.crownoffice.gov.uk/about-us/what-we-do/our-role-in-detail/10-about-us/296-specialist-reporting-agencies
3. I consider that the Section 12(1) exemption is again relevant, as each criminal case and death report submitted by the Police and specialist reporting agencies in a given timespan would require to be assessed. In general terms, COPFS is responsible for the investigation of crimes and deaths and has both common law and statutory powers to obtain information.
However, all individuals processing information on behalf of COPFS have a personal responsibility to comply with requirements of the Data Protection Act 1998. You may wish to view the COPFS website for details of our Records Management Plan which has sections on Information Security, Data Protection and Shared information:
This document also advises that COPFS is registered as a data controller with the Information Commissioner’s Office. Further information is available from the ICO website at:https://ico.org.uk/about-the-ico/what-we-do/register-of-data-controllers/
As a data controller, COPFS must exercise control over the processing of personal data and is responsible for complying with the Data Protection Act.
In addition, COPFS fully complies with Government security policy and conducts regular penetration tests on IT systems to maintain confidentiality, integrity and availability of IT systems and data contained therein. Further information is available at:
With regard to the investigation of crimes or deaths any application/form would be exempt under both Section34 (1(a)(i) of FOISA as this information is held by COPFS for the purposes of an investigation which the Procurator Fiscal had a duty to conduct to ascertain whether a person should be prosecuted for an offence. I also consider that this information is exempt from release under sections 35(1)(a), (b) and (c) of FOISA as I consider that the release of such information would, or would be likely to, prejudice substantially, the prevention or detection of crime, the apprehension of prosecution of offenders and the administration of justice.
These exemptions are not absolute and I have therefore considered whether the public interest favours disclosure of the information, notwithstanding the exemptions. I consider that there is a strong public interest in maintain the confidentiality of information submitted by other professional bodies to the Procurator Fiscal and reports prepared by the Procurator Fiscal for the consideration of senior officials within Crown Office. The courts have traditionally placed great emphasis on assertions on confidentiality in relation to information provided as part of an investigation. The confidentiality of such information ensures that external bodies can report to the Procurator Fiscal and the Procurator Fiscal can report to Crown Office in a manner which is free and frank.
5. All COPFS staff have either signed the Official Secrets Act or been subject to enhanced disclosure checks by Disclosure Scotland. You may find their website of interest to you: https://www.disclosurescotland.co.uk There are increased levels of vetting for members of the Senior Civil Service and those working in specialist roles.
6. This has been interpreted as a request relating to reports to COPFS from reporting agencies of breaches of the Data Protection act 1998. As no timescale was provided I have sought data for the financial year 2015-16.
I can advise that in the financial year 2015-16, 134 charges in relation to breaches of the Data Protection Act 1998 were reported to COPFS by the Police and other reporting agencies. Please be aware that one or more charge may relate to the same individual.
Following investigation of those 134 charges reported to us, action has been taken in relation to 26 of those charges, no action was taken in relation to 28 of those charges and no final decision has yet been taken in relation to the remaining 80 charges.
7. Section 12(1) exemption as above as establishing all multi-agency investigations would require all reports submitted to COPFS to be assessed. With regard to the vetting of any non COPFS personnel I can confirm, in terms of Section 17 of FOISA, that COPFS does not hold the information you have requested.
8. COPFS cannot provide information in respect of bodies which govern other organisations. With regard to COPFS, I would refer you to the answer provided under point 2.
9. In terms of Section 17 of FOISA, I can confirm that COPFS does not hold the information requested.