Annex O: Partial Privacy Impact Assessment ( PIA)
1.1The Gender Recognition Act 2004 (the 2004 Act) allows a person to apply for a change of their legal gender from that in which they were originally registered at birth to that of the gender in which they identify and live (known in the 2004 Act as their acquired gender).
1.2In the Fairer Scotland Action Plan, the Scottish Government committed to reviewing and reforming gender recognition law so it is in line with international best practice for people who are transgender or intersex. We also committed to carrying out a public consultation on establishing new arrangements for dealing with applications for legal gender recognition and the minimum age at which applications for gender recognition could be made.
1.3 The purpose of this document is to assess and report on any potential Privacy Impacts as a result of the proposals made in the consultation on the Scottish Government’s review of the 2004 Act.
2.1Name of Project
Review of the Gender Recognition Act 2004.
2.2Date of report
17 August 2017
2.3Author of report
Family and Property Law team, Civil Law and Legal System division
2.4 Information Asset Owner ( IAO) of relevant business unit
Jan Marshall, head of Civil Law and Legal System division.
2.5Date for review of Privacy Impact Assessment ( PIA)
This PIA will be reviewed after the public consultation is completed and the Scottish Government has decided on the appropriate next steps.
3.Description of the project
3.1Under the 2004 Act, applications for legal gender recognition are submitted to the Gender Recognition Panel (the Panel), a UK tribunal who will decide whether a particular applicant meets the Act’s requirements. Further information about the current process under the 2004 Act can be can be found at part 2 of the consultation and also in Annex C of the consultation.
3.2Successful applicants are issued with a full gender recognition certificate by the Panel the effect of which is to change their legal gender in the UK to that of their acquired gender. Where a successful applicant’s birth was registered in Scotland, the Panel will notify the Registrar General for Scotland, who is required to provide the successful applicant with an updated extract from the Register of Births showing them in their new legal gender.
3.3This is done by creating a record of their birth and their new legal gender in the Gender Recognition Register (the GRR) from which the new extract can be generated. Information held in the GRR is not publicly accessible. Where a successful applicant is in a Scottish marriage, an updated extract from the Register of Marriages can also be issued by the Registrar General.
3.4The consultation will seek views on the Scottish Government’s intention to bring forward legislation to implement new arrangements to allow applicants to change their legal gender in Scotland.
3.5Under the proposed reformed arrangements, applicants would change their legal gender by submitting an application form incorporating a statutory declaration of their intention to remain in their acquired gender for the remainder of their life to an administrative body, rather than to a tribunal. Applicants would no longer require to produce documentary evidence demonstrating a diagnosis of gender dysphoria and that they have lived in their acquired gender for a period prior to the application. This change would reduce the amount of data processed when an application for legal gender recognition is made.
3.6The Scottish Government have not yet decided who would be responsible for processing revised applications for gender recognition under the proposed new system. The options are:
- a dedicated team within the Scottish Government; or
- National Records for Scotland ( NRS), of which the Registrar General is the Head.
3.7There are no proposals to alter the current arrangements allowing a successful applicant whose birth was registered in Scotland or married in Scotland to obtain updated birth and marriage extracts. Depending on the next steps following the consultation, further provision may be required for civil partnership extracts to be updated.
4.Description of personal data to be processed
4.1The organisation processing applications under a reformed system of legal gender recognition in Scotland would likely require a range of information from an applicant, including:
- the applicant’s name, including any former names;
- the applicant’s residential address;
- the applicant’s date and place of birth;
- the applicant’s contact information, including telephone number and an email address;
- a statutory declaration made by the applicant certifying the truth of certain statements of fact and witnessed by a person authorised to administer an oath, namely a notary public or a Justice of the Peace;
- information about the person witnessing the statutory declarations such as their name, business address and contact details; and
- either information from the person witnessing the statutory declaration as to the identification of the applicant giving the declaration, or additional documentary evidence of the applicant’s identity.
4.2Depending on the Scottish Government’s decisions about next steps following on from the consultation, it may also be necessary to process data about an applicant’s marital or civil partnership status.
4.3The information required from an applicant will be similar to what is currently required under the 2004 Act process but no evidence in the form of medical reports or additional evidence of living in the acquired gender would be necessary.
5.How the data will be processed
5.1How will information be gathered?
5.1.1We anticipate that an application for legal gender recognition will be completed by the applicant and the person witnessing the applicant’s statutory declaration and then transmitted by post to the organisation appointed to handle them. This is how applications are submitted under the existing arrangements. Electronic application processes may become possible in the future.
5.1.2Using information in the application form, we anticipate that an electronic record of all applications would be created. The recorded data must allow a Scottish gender recognition certificate to be generated for successful applications and for retrieval of relevant data on receipt of enquiries from applicants.
5.2Who will have access?
5.2.1Access to the information collected would be restricted to:
- staff within the dedicated team processing applications;
- the IT system provider; and
- those within the dedicated team reviewing decisions not to issue a gender recognition certificate or considering whether to revoke an issued certificate.
5.2.2As is currently the case, the data in applications will not be publicly available nor will information in the GRR, on the assumption that this continues to be used under a reformed system in Scotland. We anticipate that the numbers of applications, successful and unsuccessful, may be publicised, along with appropriate demographical information though this would not enable any person to be identified. Statistical information is published currently by HM Courts and Tribunals Service about applications to the Panel.
5.2.3Under section 22 of the 2004 Act, it is an offence for a person who has acquired information in an official capacity about another person’s application for legal gender recognition or their gender history to disclose that information to a third person. Some disclosures are exempt. Data protection is a reserved matter and we anticipate that the overall effect of the scheme of the 2004 Act in this regard will be at least be retained or enhanced under a reformed process.
5.2.4All Scottish Government staff are required to undertake mandatory training on data protection annually. Amongst other topics, this training provides a summary of the Data Protection Act 1998, defines personal data and sensitive personal data, outlines the Government’s legal obligation and gives an overview of best practice on handling personal data and requests for access to it (Subject Access Requests).
5.2.5 NRS also have a published policy in respect of data protection, including a commitment to ensuring staff understand their responsibilities under the Data Protection Act.
5.3How will data be transmitted?
5.3.1 As no decision has been taken who would receive and process applications for legal gender recognition, it is not clear whether data would require to be formally transmitted to NRS to allow them to create an entry in the GRR and to provide updated birth or marriage extracts as appropriate. At present, the Panel advise NRS of a successful application by email. A limited number of NRS staff (currently 8 in total) has access to this information.
5.3.2The information that NRS staff are required to enter in the GRR is currently prescribed by The Gender Recognition (Prescription of Particulars to be Registered) (Scotland) Regulations 2006.
5.3.3Information about applications received is likely to be stored in a purpose-built IT system. The system will be used to create Scottish gender recognition certificates. The intention is that these would be issued to applicants by hard copy in the post, as is currently the case.
5.3.4As stated, NRS have a published policy in respect of data protection.
5.4How will data be stored and disposed of when no longer needed?
5.4.1Our initial thinking is that information about applications received is likely to be stored in a purpose-built IT system.
5.4.2Once the Scottish Government have decided on the appropriate next steps after conclusion of the consultation, including about review or appeal timescales and provision for the revocation of gender recognition certificates, appropriate retention timescales will be identified. The aim will be to retain personal information only for as long as necessary for the effective administration of the reformed gender recognition system.
5.5Who will own and manage the data?
5.5.1The body processing the data will own the information. However, a decision on who will process applications for legal gender recognition under any revised arrangements has not yet been taken.
5.6How will the data be checked for accuracy and kept up to date?
5.6.1Decisions about how applications for legal gender recognition will be examined under a reformed process, including whether the identity of an applicant will be cross-checked with other records, have yet to be taken. A quality assurance process could be used to offer assurance as to the accuracy of the recorded data when compared to the information supplied by an applicant.
5.6.2Errors made in the data collected at the date of application would be corrected, but there would otherwise be no requirement to maintain the on-going accuracy of the data once a decision had been taken to accept or refuse the application to which it related.
6.Data sharing with internal and external partners
6.1Any Bill taken forward following on the public consultation would provide the appropriate legal authority:
- for the body making the decision to receive and process applications for legal gender recognition;
- to issue a successful applicant with a gender recognition certificate;
- if necessary and where appropriate, to communicate information about successful applications to NRS; and
- for NRS to use the data provided to produce updated birth and other extracts from the registers for which the Registrar General is responsible.
7.Stakeholder analysis and consultation
7.1There are a range of stakeholder groups with an interest in the privacy of applicants seeking legal gender recognition. These include:
- transgender people who may wish to apply for legal gender recognition under any reformed Scottish arrangements and who will need to supply personal information to allow their application to change their legally recognised gender to be processed;
- the Information Commissioner who upholds data privacy for individuals;
- representative rights and advice bodies dealing with transgender people (for example the Scottish Transgender Alliance, LGBT Youth and Stonewall Scotland) who will have an interest in ensuring the effective administration and security of any replacement arrangements for legal gender recognition in Scotland;
- National Records of Scotland who will wish to receive the necessary information swiftly and securely to allow entries to be created in the GRR, and to provide applicants with updated birth and other extracts.
7.2In July 2017, we met with NRS to consider the privacy issues arising under the existing arrangements. NRS have seen this partial PIA in draft for their interests.
7.3This partial PIA forms part of a wider public consultation on the review.
8.Potential privacy issues
Involvement of multiple organisations
8.1The current arrangements involve both the Panel and the NRS handling data about applications for legal gender recognition in accordance with their legal duties under the 2004 Act. Depending on the Scottish Government’s decisions on next steps following the consultation, it may be proposed that the Scottish Government, or NRS replace the Panel in its role of examining and processing applications for legal gender recognition.
Anonymity and pseudonymity- data matching
8.2If a self-declaration process for legal gender recognition were adopted in Scotland, we anticipate that all necessary information would be collected from the application form and any additional documents an applicant was required to submit. Processing would not involve matching sets of data already collected.
8.3The proposals do not involve the adoption of new or additional information technologies that have the potential for privacy intrusion.
8.4We anticipate that under a reformed process, successful applicants for legal gender recognition would be issued with gender recognition certificates. A unique identifier might be used to link a particular gender recognition certificate to information about the original application. However, personal data will not be available to the public and would be restricted to those administering the recognition process.
8.5Under the existing arrangements, authentication of an applicant’s identity is provided through the evidence submitted with an application such as evidence of their having lived in their new gender prior to the application and the content of the statutory declaration. A decision will require to be made as to how an applicant’s identity is suitably authenticated under any proposed new system of legal gender recognition. For example, an option is for the person witnessing the applicant’s statutory declaration to indicate that they have had sight of appropriate evidence of identity.
8.6The Scottish Government’s decisions on next steps will be taken following the public consultation. However, the policy proposal either has no impact, or has no increased impact on:
- the handling of types of personal data of particular concern to individuals, such as sexual life or race and ethnic origin;
- the handling of personal details of each individual in an existing database; or
- the handling of personal data about a large number of individuals.
8.7We do not anticipate that data would be processed by consolidation, inter-linking, cross-referencing or matching of person data from multiple sources. Data to be processed would be submitted by applicants.
8.8Under the current arrangements, there is no publicly-visible connection from a person’s original entry in the Register of Births to an entry in the GRR for the same person following on their change of legal gender. Information in the GRR cannot be viewed by the public and a limited number of staff at NRS have access to the information in the GRR (currently 8 in total). The GRR entry for a Scottish-born person’s change of legal gender under the current arrangements contains all the information from the original birth register entry as well as information about their change of legal gender.
8.9This ensures that if NRS are approached by a person seeking an extract birth certificate in the name of a person following their gender change, an extract is provided from the GRR. That the extract derives from the records in the GRR is not disclosed on its face and it is essentially identical to an extract certificate taken from the Register of Births. Our consultation considers whether non-binary people (people whose gender identity is not as a man or woman but somewhere in between or beyond those binary categories) should be able to apply for legal gender recognition. If this option is taken forward, our assumption is that the new birth certificate will effectively disclose that they have obtained legal gender recognition as their sex will be disclosed to be neither male nor female.
Changes to data handling procedures
8.10The Scottish Government’s decisions on next steps will be taken following the consultation. In particular, data retention arrangements can only be finalised at that stage. The personal data used in connection with the current legal gender recognition process is not publicly available and there are no proposals to make such data available.
8.11The policy proposal does not involve:
- new or changed data collection policies or practices that are unclear or intrusive; or
- changes to data quality assurance, processes and standards that may be unclear or unsatisfactory; or
- new or changed data security access or disclosure arrangements that may be unclear or extensive;
- new or changed data retention arrangements that may be unclear or extensive; or
- a change in the medium for disclosure of publicly available information such that the data becomes more readily accessible than before.
8.12Under section 22 of the 2004 Act, it is an offence for a person who has acquired information in an official capacity about a person’s application for legal gender recognition or their gender history to disclose that information to any other person. There are exceptions provided, for example where the disclosure:
- does not enable the subject of the information to be identified;
- has been agreed to by the subject of it;
- is in accordance with an order of a court or tribunal;
- is for the purpose of preventing or investigating crime;
- is made to the Registrar General for Scotland; or
- is made for the purpose of obtaining legal advice; or
- is made to a medical professional for medical purposes where the subject of the information cannot give consent.
8.13Data protection is a reserved matter. The Scottish Ministers have power under section 22(5) and (6) to make an order prescribing circumstances in which the disclosure of protected information is not constitute an offence under section 22 where the provision being made would be within the Scottish Parliament’s competence.
8.14We do not propose systematic disclosure of personal data to or access by a third party that is not subject to comparable privacy regulation.
8.15There are no other risks to privacy not covered by the above information.
9.The Data Protection Act Principles
9.1The consultation is intended to assist Scottish Government in reaching a view on the appropriate next steps. The content of draft legislation will be finalised after that. The consideration of the principles against the refined policy proposals will be done at that time and on review of this PIA.
7.Risks identified and appropriate solutions or mitigation actions proposed
|Risk||Ref||Solution or mitigation||Result|
|We anticipate a reformed system where applications are
processed either by officials at Scottish Government or
NRS, will require an
to handle data used for processing applications.
Data may be stored by third party IT provider
|Depending on final decisions, if third party IT provider is involved, use contract with IT provider setting out steps to minimise risk of inappropriate access to and use of personal data.||Reduced|
|Under a reformed system personal data might be released due to insecure IT system||Depending on final decisions, work with IT provider to ensure sufficient built in safeguards to reduce the risks of unauthorised access to data.||Reduced|
|Under a reformed system, personal data might be released through inappropriate sharing of data obtained through processing of applications.||Maintaining existing legal arrangement for unauthorised
disclosure of such information.
Privacy and data handling should continue to form important part of staff training under any reformed system of legal gender recognition
8.Incorporating Privacy Risks into planning
|Risk||Ref||How risk will be incorporated into planning||Owner|
|A reformed system will require a new IT system to handle data used for processing applications. Data might be stored by third party IT provider||If necessary, project plan would incorporate a contract between the relevant parties.||N/A at this stage|
|Under a reformed system personal data might be released due to new insecure IT system||Project plan would include addressing security issues arising in system design.||N/A at this stage|
|Under a reformed system, personal data released through inappropriate sharing of personal data obtained through processing of applications.||(1) Project plan would include development of information sharing protocols between all organisations involved in the process. (2) Time would be allocated for training on data protection and privacy issues for staff new to roles.||N/A at this stage|
9.Authorisation and publication
I confirm that the impact of the Scottish Government Review of the Gender Recognition Act 2004 has been sufficiently assessed against the needs of the privacy duty:
To Be Completed When Final Version Of PIA Is Published
|Name and job title of a Deputy Director or equivalent
||Date each version authorised