Disclosure (Scotland) Bill: data protection impact assessment

Data protection impact assessment (DPIA) for the Disclosure (Scotland) Bill explores how the bill impacts on personal data and privacy.

8. Incorporating Privacy Risks into planning

Explain how the risks and solutions or mitigation actions will be incorporated into the project/business plan, and how they will be monitored. There must be a named official responsible for addressing and monitoring each risk.



How risk will be incorporated into planning


Unauthorised access to DS Services


All solutions have specific acceptance criteria around the performance of the service. Maintenance activities are scheduled and form part of the service design.

Programme Delivery Manager

Unauthorised sharing of disclosure information


Ensure it is clear within legislation that the individual has control over which third parties can access their information. Specify the restrictions placed on a third party with access, e.g. cannot share the information with other third parties without the individual’s consent.

Policy Manager



Back to top