Scottish Crime and Justice Survey: data protection impact assessment

This is the latest version of the Data Protection Impact Assessment (DPIA) for the Scottish Crime and Justice Survey (SCJS) - published in November 2021. If you have any comments or suggestions on the DPIA, please get in touch with the SCJS Project Team via the contact details below.

8. Incorporating Privacy Risks into planning

Explain how the risks and solutions or mitigation actions will be incorporated into the project/business plan, and how they will be monitored. There must be a named official responsible for addressing and monitoring each risk.



How risk will be incorporated into planning


Personal information about an individual is lost/leaked during fieldwork

Interviewers are trained on data security must report any data loss during fieldwork to fieldwork management teams within their organisation immediately. Contract between SG and Ipsos MORI/ScotCen specifies that SG must be notified of any data breaches immediately.

SCJS Project Director

(at time of review Anna Saunders)

Personal information about an individual is accidently leaked or release during or after processing.

Access to SCJS data in SG, ScotCen and Ipsos MORI is restricted to named individuals working on the project. Any data breaches must be brought to the attention of SG immediately, as specified in the SCJS contract.

Changes to project teams should mean that individuals have access granted and removed as required, in a timely manner.

SCJS Project Director (at time of review Anna Saunders)

A person is identified from the survey datasets provided to UK Data Service or shared via a Data Sharing Agreement.

Data Sharing Agreements specify requirements around not releasing results based on less than 50 respondents. Clear processes are in place for assessing any requests for additional data under special license considerations.

SCJS Project Director (at time of review Anna Saunders)



Back to top