We use cookies to collect anonymous data to help us improve your site browsing experience.

Click 'Accept all cookies' to agree to all cookies that collect anonymous data. To only allow the cookies that make the site work, click 'Use essential cookies only.' Visit 'Set cookie preferences' to control specific cookies.

Set cookie preferences

Your cookie preferences have been saved. You can change your cookie settings at any time.

Publication - Impact assessment

Scottish Crime and Justice Survey: data protection impact assessment

Published
6 July 2023
From
Cabinet Secretary for Justice and Home Affairs
Directorate
Safer Communities Directorate, +1 more … Justice Directorate
Part of
Law and order
ISBN
9781835211083

Latest version of the data protection impact assessment (DPIA) for the Scottish Crime and Justice Survey (SCJS) - published in July 2023.

This document is part of a collection

View supporting documents Supporting documents

7. Risks identified and appropriate solutions or mitigation actions proposed

Is the risk eliminated, reduced or accepted?

Risk

Ref

Solution or mitigation

Result

Personal information about an individual is lost/leaked during fieldwork

  

Interviewers sign confidentiality agreements before they start work and receive information security training.

Both Ipsos and ScotCen have secure systems, software and processes in place for transmitting interview information from interviewers' laptops to central servers. The information is then deleted from the interviewers' laptops.

Risk reduced

Personal information about an individual is accidently leaked or release during or after processing.

  

Steps are taken to ensure that direct personal identifiers in the recontact dataset are stored separately from the main survey datasets containing pseudonymised respondent answers. Access to the different datasets is restricted to named individuals working on the SCJS within ScotCen and Ipsos. A unique identifier is assigned to each respondent in each dataset to allow them to be later matched for the purposes of follow-up research (where respondents have consented to this).

Once the recontact data containing the direct personal identifiers has been transmitted to SG it is deleted by the survey contractors.

Survey datasets are transmitted securely to SG via an FTP facility at the conclusion of each year of data collection. These are stored safely in a restricted section of the SG server only accessible by a small number of named analysts within Justice Analytical Services. The recontact datasets, containing direct personal identifiers, are only accessible by the SCJS Project Director (and necessary IT staff).

Scottish Government staff with access to the data have all passed the Baseline Personnel Security Standard, are trained in the safe handling of data, and have a legitimate need to access the data.

Risk reduced

A person is identified from the survey datasets provided to UK Data Service or shared via a Data Sharing Agreement.

  

Statistical disclosure control procedures are performed on the SCJS datasets before they are made available to end-users. These processes are in line with controls used by the other two SG major population surveys and have been approved by the Office of the Chief Statistician.

Requests for further or additional data under special license are assessed by the SCJS Project Team against the SG data risk matrix in the first instance. Any request with a score over 12 are referred to the SG data access panel.

SG analysis of the data does not publish figures based on less than 50 respondents, and this approach is also recommended to others undertaking analysis of SCJS data.

Risk Reduced

Contact

Email: scjs@gov.scot

Back to top