Scottish Crime and Justice Survey: data protection impact assessment

3. Description of the project

3.1 Description of the work:

Overview

The Scottish Crime and Justice Survey

The Scottish Crime and Justice Survey (SCJS) is a large-scale, nationally representative social survey which asks adults about their experiences and perceptions of crime. The SCJS provides robust evidence on the extent, prevalence and nature of crime in Scotland, and also collects information on the population's experiences of and attitudes towards the criminal justice system in Scotland.

Interviews are conducted with a sample of adults living in private households. Respondents are interviewed in their home face-to-face using Computer Aided Personal Interviewing (CAPI), and Computer Aided Self-completion Interviewing (CASI) for the self-completion element of the survey which contains more sensitive questions. If a respondent refuses a face-to-face CAPI interview due to concerns about the transmission of COVID-19, they are offered an interview by phone or video chat. In these cases, the respondent is sent an online version of the self-completion survey.

The sample is drawn from the Royal Mail's Postcode Address File, which includes address and postcode information. Personal information such as name and age, and special category data (such as sexual orientation) are collected during the interview. These data are aggregated to enable experiences and trends of different population groups to be examined, in line with the aims of the survey.

Benefits

The main aims of the SCJS are to:

• Enable the Scottish population to tell us about their experiences of, and attitudes to, a range of issues related to crime, policing and the justice system; including crime not reported to the police;
• Provide a valid and reliable measure of adults' experience of crime, including services provided to victims of crime;
• Examine trends, over time, in the number and nature of crimes in Scotland, providing a complementary measure of crime to police recorded crime statistics;
• Examine the varying risk and characteristics of crime for different groups of adults in the population.

The findings from the SCJS are used by policy makers to help understand the nature of crime in Scotland, target resources and monitor the impact of initiatives to improve lives. The results of this survey provide evidence to inform national outcomes and justice outcomes. In particular, the SCJS provides evidence for three National Indicators in the National Performance Framework (crime victimisation rate; perception of local crime rate; access to justice).

The SCJS is also used by Police Scotland and other justice organisations to help monitor performance and understand the public's experiences and interactions with those services. Third sector organisations use the SCJS for evidence on the extent of issues which are not obtainable from other sources (such as the prevalence of partner abuse). In turn these organisations use the SCJS to inform and justify activity. Academics and other researchers use the SCJS to further explore experiences of crime in Scotland – for example, looking at how patterns of different kinds of violence have developed over time. The SCJS facilitates analysis and therefore understandings which are not currently obtainable from other evidence sources. For instance, whilst Police Recorded Crime data is a valuable resource, it does not include crimes not reported to or recorded by the police and how experiences vary across the population to the same extent as the SCJS.

When the SCJS is made available to the Scottish National Safe Haven, researchers will be able to link it to other datasets to increase the possibilities for research.

Ownership and roles

The Scottish Government (SG) is the data controller and is responsible for the governance of the project. The current contractors, a consortium of Ipsos and ScotCen, are data processors. Both contractor organisations collect the information directly from respondents, before cleaning, checking and preparing the data for analysis, analysing the data, and transmitting finalised dataset and data table outputs to SG. SG then undertakes further analysis of the data as detailed below.

Overview of data processes

Analysis of main survey results

SG's SCJS team receives outputs from the contractors in the form of SPSS data and aggregate tables called data tables and web tables. The SPSS datasets do not include any direct identifiers (such as name, address, postcode). The datasets are stored in restricted folders on the SG's secure servers. The datasets are used to undertake analysis to meet the goals of survey outlined above. Results from the survey are published in reports and online tables based on aggregated groups (e.g. experiences of males, 16-24 year olds etc.). No results are published where the base size is less than 50 respondents. As a result no individuals are identified or identifiable from the published SCJS results.

Only a small number of named analysts within SG have access to and process the datasets provided by the contractors.

Sharing survey data

The Scottish Government also considers requests and, where approved, provides disclosure controlled datasets to reputable researchers / research organisations (such as academics) for the purpose of further research. These datasets are modified versions of the SPSS datasets provided by the survey contractors and do not include direct identifiers (such as name, address or postcode). Further disclosure control methods are applied to these datasets and include the following techniques:

• Re-coding is used on categorical variables to collapse response categories together into larger groups to hide small numbers of respondents in some of the smaller groups;
• Top (or bottom) coding is used on numerical variables such as age;
• Variable removal is used to remove:

- sensitive variables;

- variables used to calculated summary variables which can be disclosive if not recoded, or used to help identify respondents in combination with other variables;

- variables that helped with the administration of the survey fieldwork.

SCJS datasets are available from UK Data Service through an End User Licence although a special license request must be made in order to access and use sensitive information (such as the victim form and self-completion data of the SCJS), or directly from the Scottish Government as a special dataset via a Data Sharing Agreement.

Each request for SCJS data through a special dataset request direct to SG or special licence request to the UK Data Service is assessed on a case-by-case basis and signed off by the Information Asset Owner (IAO) before any datasets are transmitted. Data Sharing Agreements are produced to detail the nature of the processing to be undertaken and also set out retention/deletion policies. Only the data required for the proposed project is shared, and data shared are also taken from the disclosure controlled dataset shared with the UK Data Service, unless a specific request for the full dataset is requested and considered to be appropriate. In line with our own analysis and publication approach, SG recommends that those analysing the data do not publish results where the base size is less than 50.

Full details of the disclosure control methods are published alongside the datasets, at: .

The main survey results are also available to those registered with the UK Data Service through their NESSTAR platform.

Recontact data

A separate file with direct personal identifiers for those who consent to providing their details for potential follow-up research is collected and provided to SG. A unique serial number is allocated to each respondent in the main datasets and recontact dataset in order to facilitate potential future matching for the purposes of follow-up research. This dataset holding recontact information is only accessible by the SCJS Project Director and all requests to use the recontact list are considered on a case-by-case basis. Where relevant, further details of the processes and protocols around the recontact data are provided throughout this DPIA.

Governance

A governance structure is in place to provide oversight and offer guidance and support in the running of the project. Figure 1, below, shows the key elements of the structure.

The Project Board is chaired by the IAO as Project Executive^[1] and consists of senior SG representatives with key stakes in the project. It has overall responsibility and provides oversight for the project. Risks to the quality, value and timing of the SCJS are brought to the attention of the Project Board. In the event of any data breach, the matter would be reported to the Project Board, alongside the standard SG data breach reporting processes being followed.

The Project Management team manages the SCJS on a day-to-day level, including management of the contract. Where tolerances are exceeded, the Project Management team is responsible for elevating issues/providing recommendations and supporting evidence where relevant to the Project Board to help it make effective decisions. The Project Management team consists of a small number of analysts within SG's Justice Analytical Services (JAS). Within SG, the SCJS datasets are largely processed by the Project Management team, and occasionally a small number of additional JAS analysts undertaking/contributing to work on the SCJS (e.g. analysis and report writing).

Analysts within SG's Office for Chief Statistician (OCS) provide technical overview and support, and are also responsible for survey sampling and weighting. Therefore, data processing is also undertaken by a small number of analysts within OCS.

Ipsos and ScotCen (the survey contractors) are responsible for the data collection and provision of quality assured data outputs to SG, as detailed elsewhere in this DPIA. Data are collected and processed under instruction from SG, in line with the main SCJS (Controller-Processor) contract. Necessary steps are in place within each contractor organisation to ensure that data is collected and processed appropriately. For example, access to personal data is restricted to only those who require access to such information in order to produce datasets suitable for analysis.

Planning mechanisms

Planning is undertaken by the Project Director, in collaboration with the Project Management Team, and forms part of wider business planning undertaken by Justice Analytical Services. With respect to data processing, plans are generally in place and already documented for the range of processing activities undertaken using SCJS data. However, the annual review of the DPIA and annual business planning activity offers an opportunity to consider any planned changes or improvements to data processing mechanisms which have privacy impacts.

Part of the annual planning process also considers who in SG will be working with SCJS data over the coming year, and therefore who requires access to the restricted folder where the data files are stored. Anyone who no longer requires access has the privileges removed.

Reporting mechanisms

Once analysed, SCJS results are published in reports and online data tables by SG at an aggregate level, with no results published where the base size for a particular question/group is lower than 50. This prevents individuals from being identifiable.

The datasets are made available to reputable research organisations/researchers for legitimate purposes as detailed in the 'Ownership' section of this document. Disclosure control processes applied to the data help to reduce the risk of individuals being identifiable.

In terms of data breaches which affect personal data/privacy:

- within SG – data breaches would be reported to the Project Board (including IAO) and the general SG reporting process would also be followed.

- by/within the contractor consortium – as detailed in the contract held between SG and Ipsos/ScotCen, each organisation operates a security incident recording system and any breaches experienced would be communicated immediately to the Scottish Government, who would in turn follow the internal processes as appropriate.

- by research organisations / researchers who obtain data through UK Data Service / Special License Agreement / Data Sharing Agreement (DSA) – datasets provided are generally disclosure controlled to minimise the risk of individuals being identified, and SG recommends that no results based on fewer than 50 respondents should be published. However, if a data breach with an impact on data protection/privacy were to take place the procedures set out in the 'Management of a security incident' section of the DSA would be followed. This includes immediately notifying the Scottish Government.

Risk and Issue Management

A risk log tracks risks associated with the SCJS, with risks assigned to owners, which can also be used to highlight how decisions taken may impact on the identified risks. Live SCJS project risks are currently documented within a Risk Register covering a range of operations and projects delivered by the Scottish Government's Justice Analytical Services. This helps to ensure the IAO and senior officials are aware of project risks.

Most risks are managed by the SCJS Project Team in collaboration with the SCJS contractors, the Project Board and OCS where required. Where project tolerances are exceeded (or where the risks or issues are owned by members of the Project Board), the Project Board will be responsible for resolution.

With respect to data specifically, the main risk is that data which enables individuals to be identified could be released/accessed by those who do not require or merit access. Numerous steps are in place to prevent this from occurring, for example:

- access to SCJS data within SG, Ipsos and ScotCen is restricted to the named individuals who are actively working on the project.

- when datasets are transmitted between Ipsos, ScotCen and SG (or two of the three), a secure FTP site is used, with access restricted to named individuals.

- direct personal identifiers (within the recontact list) are held separately from the main survey datasets, whilst a unique serial code for each respondent allows them to be re-matched. Within SG, only the Project Director (and members of the IT team who oversee the SG servers) have access to the area of the server containing the recontact list and therefore the direct personal identifiers.

- results are published on aggregated groups, with no results published by SG on groups of less than 50 respondents

- datasets available through the UK Data Service are disclosure controlled to prevent individuals from being identified.

As these processes are all standard procedures followed in the production and processing of SCJS data to minimise risk, at present the Justice Analytical Services (JAS) Risk Register does not currently contain a live entry on SCJS data issues. Should a new process or issue emerge which represents an increased or new risk to data protection, then an entry will be added to the JAS risk register and mechanisms put in place to ensure the risk is managed accordingly and to a suitable level. That said, there is an entry within the risk register covering the data processing undertaken by JAS generally to ensure corporate policies around processing data in accordance with data protection legislation are in place.

3.2 Personal data to be processed.

Variable	Data Source
Individual respondent serial number	Randomly allocated by contractor software to each respondent/sample point
Gender	Scottish Crime and Justice Survey interview
Transgender status	Scottish Crime and Justice Survey interview
Age	Scottish Crime and Justice Survey interview
Qualifications held (educational and vocational/professional)	Scottish Crime and Justice Survey interview
Employment details	Scottish Crime and Justice Survey interview
Sexual orientation	Scottish Crime and Justice Survey interview
Ethnicity	Scottish Crime and Justice Survey interview
Religion	Scottish Crime and Justice Survey interview
Physical and mental health	Scottish Crime and Justice Survey interview
Marital status	Scottish Crime and Justice Survey interview
Relationship to other household members	Scottish Crime and Justice Survey interview
Country of birth	Scottish Crime and Justice Survey interview
Household income	Scottish Crime and Justice Survey interview
Convictions (Note: question on whether ever convicted and what sentence received – no specific details of nature of conviction)	Scottish Crime and Justice Survey interview
Name	Scottish Crime and Justice Survey interview (for recontact/follow-up surveys – stored separately from main survey data).
Address	Scottish Crime and Justice Survey interview (for recontact/follow-up surveys – stored separately from main survey data). Address data also used for drawing survey sample – from Postcode Address File.
Postcode	Scottish Crime and Justice Survey interview (for recontact/follow-up surveys – stored separately from main survey data). Used to derive aggregate variables on area characteristics (e.g. urban/rural area; SIMD decile) – which are included in main survey dataset. Address data also used for drawing survey sample – from Postcode Address File.
Telephone number	Scottish Crime and Justice Survey interview (for recontact/follow-up surveys – stored separately from main survey data).
Email address	Scottish Crime and Justice Survey interview (for recontact/follow-up surveys – stored separately from main survey data).
Other sensitive data of note
Victim form variables (questions used to determine whether a crime had occurred and details of that crime)	Scottish Crime and Justice Survey interview
Partner abuse variables (Self-completion dataset, questions used to collect information about experiences of partner abuse)	Scottish Crime and Justice Survey interview
Sexual violence variables (Self-completion dataset, questions used to collect information about experiences of sexual violence)	Scottish Crime and Justice Survey interview

3.3 Describe how this data will be processed:

How will the data be gathered?

The survey sample is drawn from the Royal Mail's Postcode Address File. Sampling information is held by the Office of the Chief Statistician. This is not personal data, but extracts of the Postcode Address File (i.e. address and postcode). They are nonetheless held on a secure server, and samples from 2012 onwards, when this work was brought in-house by the Scottish Government, have been retained.

Interviewers are provided with a batch of addresses (house number, street and postcode) to attempt to achieve an interview from. The sample itself contains no information about the household – all personal information relating to individuals is only collected if an interview is completed. The survey is completed with adults aged 16+ only, and largely collects information about them, but a small amount of information is also collected about other household members (e.g. relationship between household members) and the household as a whole (e.g. household income). This information is important for analysing the results by different breakdowns, and also assists with the weighting applied to the data to ensure it is representative of the Scottish population.

Interviews are voluntary and therefore only conducted where respondents consent to take part, although interviewers encourage people to take part by explaining the value of their contribution. It is important to note that the voluntary nature of the survey is key from an ethical perspective, but consent is not the basis on which the data are processed. The privacy notice highlights that the data are collected and processed in the public interest under the lawful basis of public task.

Answers to survey questions are provided by respondents to the interviewer who records the responses within the software for the respondents' chosen method for completing the survey on a secure laptop/computer - CAPI (Computer-Assisted Personal Interviewing). This includes collection of personal and special category data.

Some more sensitive questions (e.g. on experiences of partner abuse) are self-completed by the respondent, either by direct entry onto the laptop at the end of the CAPI interview via CASI (Computer Aided Self-completion Interviewing) or in their own time by CAWI (Computer-Assisted Web Interviewing. The interviewer does not see these answers in the vast majority of circumstances. In a small number of CASI interviews, respondents may request the interviewer's help with the self-completion section. Responses are inputted in the same way.

Respondents are free to refuse to answer any question they do not wish to, and can withdraw at any time during the interview. Where respondents withdraw, all of their personal data and wider survey responses are erased.

Following the interview, the completed record of interview answers and relevant personal information is uploaded to the contractor's (Ipsos or ScotCen as relevant) secure server for further processing in due course (checking, cleaning, analysing).

Whilst survey responses and personal information is collected at the same time (i.e. during the interview), steps are taken to separate these two sets of data after collection. After the data has been uploaded by interviewers to the central servers, the main SCJS survey datasets are pseudonymised (i.e. direct personal identifiers are removed) although broad categories (such as gender and age) are included for each respondent for the purposes of analysis. A separate file with direct personal identifiers is held for those who consent to providing their details for potential follow-up research. A unique serial number is allocated to each respondent in the main datasets and recontact dataset in order to facilitate potential future matching for the purposes of follow-up research.

Who will have access?

Within SG, the SCJS Project Team and a small number of other analysts working on the survey within Justice Analytical Services will have access to the datasets containing responses to the main survey, which does not include direct identifiers. Access is controlled through maintenance of a project group within the IT system with access rights which individuals have to be actively added to and removed from by the Information Management Support Officer (IMSO). Membership of the group is reviewed on a regular basis, to take account of staff changes for example. Only the Project Director (and SG IT team who maintain servers) will have access to the file holding the recontact data.

A small number of analysts within the Office of the Chief Statistician also have access to the pseudonymised survey results and the addresses of respondents for the purpose of allocating the sample, calculating the survey weights, fieldwork quality monitoring and for further analysis through the Scottish Surveys Core Questions (SSCQ) dataset.

Within ScotCen and Ipsos, the survey datasets are restricted to named personnel working on the project. They are held in a specific subfolder of the job directory, for which access is restricted by their IT departments. Personal (i.e. contact) details are stripped from the main datasets that the project teams work with.

The pseudonymised datasets of survey responses are submitted (following further disclosure control processes to merge small groups and minimise the risk of individuals being identified) to the UK Data Service who make them available to researchers who wish to undertake further analysis of the survey data. The more sensitive data collected via the self-completion element of the survey and the victim form datasets are only available through Special License applications, which are assessed by the SCJS Project Team before datasets are transmitted. SG may also directly provide survey data to relevant research organisations on request. All requests are assessed and relevant Data Sharing Agreements drawn up before any datasets are transferred.

SG can also make the recontact data available to research organisations on request and following assessment of any applications. Applications are reviewed by the SCJS Project Director, and if necessary by the Scottish Government's Data Access Panel which is coordinated by the SG's Statistics and Data Access Division: Scottish Government statistics: request our data - gov.scot (www.gov.scot).

How will it be transmitted and how frequently?

The sample file is sent by secure file transfer from OCS (SG) to Ipsos for processing and batching. Once the sample has been suitably prepared and shared with ScotCen by secure transfer, the sample information is sent for the printing of advance materials (such as letters sent to addresses to let households know that an interviewer will call at their property). Ipsos printing is undertaken in-house, whilst ScotCen's external printing company sign a confidentiality agreement and files are deleted once printing has taken place. All data are transmitted securely. Printed materials are then issued to interviewers according to their batch allocation.

The main survey data are collected by interviewers on laptops (CAPI survey). This includes special category data and personal identifiers. Following the interview(s), the data are securely uploaded to central server for further processing to produce the survey outputs. On the central systems, the data are only accessible by named individuals working on the project. The data gathered by Ipsos is securely sent by secure FTP to ScotCen for further processing.

Information on address outcomes (interview, refusal etc.) and participant details (name, address etc.) is transmitted and stored separately, and only accessible by the project's field administration teams and system developers. For the purposes of quality assurance, some personal information is provided to a quality assurance team who undertake steps to validate the survey's completion (for approximately 10% of cases). After this, the data are deleted by IT staff and is again only available to the field team/system developers.

Once initially processed by the project team at ScotCen, the survey datasets are transmitted in SPSS format to the Scottish Government each year via a secure FTP site only accessible by the SCJS Project Team within SG (including central survey team in Office of the Chief Statistician). At the data delivery stage, the datasets are quality assured by the Scottish Government in collaboration with ScotCen. This checking can lead to a number of iterations of the datasets being sent over in a short period. These are all versions of the same datasets (in broad terms) and are all transmitted and stored in the same secure way. Superseded versions of the datasets are retained securely by SG for version control purposes. The various iterations of datasets pose no greater risk of individuals being identified.

When SG submit the data to the UK Data Service or share it with research organisations via a data sharing agreement secure file transfer methods are followed.

The recontact file is also supplied to SG via secure FTP at the conclusion of each survey year.

Survey data to be shared and linked to other datasets in the Scottish National Safe Haven will be partially sent by ScotCen to NRS for indexing, and the rest of the data sent to the safe haven where the dataset will be stored in pseudonymised form ready to be linked to other datasets.

How will it be stored?

SG receives SCJS data from ScotCen via an FTP facility. When retrieved from the secure FTP facility, the SCJS datasets are stored in a restricted file on the SG's secure server which is accessible to a small number of named analysts in Justice Analytical Services. When SCJS data is added to the Scottish Surveys Core Questions dataset by analysts in the Office of the Chief Statisticians (OCS) this is stored securely and separately. Data are also received by SG via the secure FTP facility.

The sample recontact datasets are stored in a separate restricted file only accessible by the SCJS Project Director (and the IT team who maintain the server – although they would only access the file if requested to do so in the event of IT issues, for example).

How will it be disposed of when no longer needed?

The pseudonymised SPSS survey datasets are retained indefinitely by the Scottish Government for the purposes of research. Data Sharing Agreements with research organisations specify the terms around retention and deletion for each specific case. The UK Data Service holds the disclosure controlled datasets indefinitely too, for the purposes of research. The SCJS contractors hold the SPSS datasets for each year for the duration of the current contract, in order to facilitate further processing as specified within the contract or as required by SG within the existing legal basis for processing. At the conclusion of the contract, all data shall be deleted by both Ipsos and ScotCen following a handover/phasing out period. If the study were to end, all data would be transferred to the Scottish Government and deleted by both Ipsos and ScotCen.

Once the interview has been completed, as the survey data are processed under the public interest clause, there is an exemption for research and statistics applied to the individual's right to have their data deleted. This is important for practical reasons relating to the main survey data as, once the survey data has been finalised and analysed, removing individuals responses would change the outputs and results derived from the data and therefore undermine the quality and integrity of the data as an evidence source. However, in practice, if respondents contact SG or the survey contractors within a few days of completing the interview (i.e. before the relevant data are cleaned, processed etc.), it may be possible to remove them from the dataset and such requests are generally progressed in recognition of the voluntary nature of the survey. In practice, this is very rarely requested.

Under GDPR it would be more usual to say that there is an exemption for research and statistics applied to the individual's right to have their data deleted.

Note on recontact data

Whilst the right to erasure does not apply to the main survey data, respondents who express a willingness to be invited to take part in follow-up research provide their contact details and are asked to provide explicit consent for such processing. Whilst these data are gathered in the same way as the main survey data (i.e. face to face) and as part of the interview, respondents are advised that they are free to withdraw their consent to be on the recontact list and therefore have their information on this dataset (i.e. personal contact details) erased at any time. Information on how to withdraw consent from this processing is provided within the privacy notice. Respondents are also left with a letter which confirms they have agreed to be on the recontact list and how to withdraw. Any withdrawal of consent for recontact does not impact on the right to continue to hold and process the main survey data for such respondents (i.e. the datasets without direct personal identifiers).

The recontact data are correct at the time of collection but there is currently no mechanism in place for ensuring the data remains up to date into the future. As such, given that respondents may move address, change telephone number and so on, the Scottish Government assesses that these datasets should be disposed of after a maximum of 5 years. This balances up the assessment of the likely accuracy of the data over time with the potential utility of this dataset, whilst also recognising that it is stored securely with access restricted and that any request for use is robustly assessed on a case-by-case basis. Any further research undertaken with the recontact data will also include a clear opportunity for people to refuse to take part in or withdraw consent from the follow-up work. These data are permanently erased from the SG servers at the end of the relevant retention period.

The SCJS contractors delete the recontact data shortly after this has been received and signed off by the Scottish Government.

Who owns and manages the data?

The Information Asset Owner is Amy Wilson, Head of Justice Analytical Services. The Project is overseen by a Project Board. The Project Management Team manage the project and therefore the data on a day-to-day basis.

How the data will be checked for accuracy and kept up to date?

The survey datasets are correct at the time of collection and are a representation of the views of the respondents at the time. There is no requirement for the data to be later updated, although analysis and results when published are clear about the time frame which results relate to.

In order to assure the accuracy of the data collected, quality assurance follow up checks are completed by the SCJS contractors with a proportion of respondents to ensure that the data collected by interviewers are accurate. This process is detailed in the SCJS contract.

The recontact data are accurate at the time of collection. Currently there is no mechanism in place for ensuring this remains up to date into the future. As such, the Scottish Government assess that this data should be retained for a maximum of five years. All respondents who are approached for follow up research have to opt-in to participate in that project, and respondents on the recontact list can remove themselves from the database at any time by contacting the Scottish Government or the SCJS contractors using the contact details provided.

3.4 Explain the legal basis for the sharing with internal or external partners:

The Scottish Crime and Justice Survey provides evidence on the extent and nature of crime in Scotland, as well as experiences of and attitudes towards various components of the Scottish criminal justice system. This enables Scottish Ministers, other public bodies, relevant stakeholders and the general public to assess the performance of the justice system in Scotland, and provides evidence to help with the development or refinement of policies, programmes and services designed to improve outcomes for the people of Scotland. Therefore, for the same reason SG gathers and analyses the data, the SCJS datasets are shared in order to enable other organisations (public bodies, third sector organisations and academics) to undertake research which can provide evidence on crime and justice in the broader public interest.

GDPR Article 6(1)(e) provides a lawful basis for processing where:

"processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller".

The legal gateway for processing the data to fulfil the above functions is Section 48 of the Law Reform (Miscellaneous Provisions) (Scotland) Act 1985 which states that:

"The Lord Advocate or the Secretary of State may assist (whether financially or otherwise) other persons in conducting research into any matter connected with the law (other than research into any matter referred to in section 75(1) of the Criminal Justice (Scotland) Act 1949)."

Recontact data

Recontact data are gathered and processed on the basis of explicit consent. This details that the recontact data will only be used for the purposes of follow up research, and may be shared with other research organisations who are undertaking this research. Respondents are advised that they have the right to withdraw from the recontact database at any time and are provided with information on how to do so.

As detailed previously, the recontact datasets are held for a maximum of 5 years before being destroyed. All requests/proposals to use the recontact data are assessed on a case by case basis (including how many years' worth of data to supply and what personal information to provide). When approached to take part in follow up research, respondents must explicitly opt-in at that stage too.