Publication - Impact assessment

Disclosure (Scotland) Bill: data protection impact assessment

Published: 13 Jun 2019
Directorate:
Justice Directorate
Part of:
Law and order
ISBN:
9781787819153

Data protection impact assessment (DPIA) for the Disclosure (Scotland) Bill explores how the bill impacts on personal data and privacy.

Disclosure (Scotland) Bill: data protection impact assessment
7. Risks identified and appropriate solutions or mitigation actions proposed

7. Risks identified and appropriate solutions or mitigation actions proposed

Risk

Ref

Solution or mitigation

Result

Introduction of new processes, specifically surrounding independent reviewer and internal appeal process.

001

This DPIA has identified that any new processes will use the current data handling and storage arrangements and that these arrangements do not pose any significant risks to the privacy of that information.

The systems in place for managing the transfer and storage of data comply with legislative demands, and will be reviewed any further legislative changes to ensure that the arrangements comply with them.

Reduce

There is a risk that unauthorised 3rd Parties attempt to obtain access to our data or introduce malicious data or code to the service

002

Designs are approved tested to ensure all necessary controls are effective and fit for purpose.

Anti-Virus products and security controls are in use across the estate to continually monitor the service.

Maintenance activities are scheduled and acted upon to ensure the resilience and security standards of the service

Access controls are in place to ensure that only trained and security cleared, authorised personnel have access to the system.

All software is pre-approved by the Technical Design Authority and security risks are managed through the Security Working Group who are responsible for maintaining the overall integrity of the service.

Security risks are reviewed at the Technical Design Authority

Reduce

There is an ongoing potential risk of human error, which may result in information being handled incorrectly or delivered to incorrect recipient.

003

New processes being introduced, such as the review to the independent reviewer and widened referral duties/powers for police and local authorities will introduce new channels of communication/ increased volume of communication between stakeholders. This may impact the potential for human error.

The new processes will be based around existing processes.

Disclosure Scotland staff will be given appropriate training before new processes are implemented.

Disclosure Scotland will engage with the external stakeholders involved to agree process requirements.

Reduce


Contact

Email: DSPolicyTeam@disclosurescotland.gov.scot