It’s important for any organisation to handle their data with care, but that can especially ring true across the public sector, given the sensitive nature of some of the information handled on a day-to-day basis.

Data and information laws and regulations like the Data Protection Act 2018 and the Freedom of Information Act 2000 govern the ways personal data must be stored, accessed, used and shared – and it’s incredibly important for public sector organisations to follow the principles they lay out. In this blog, we’re going to take a look at how Public Safety and Local Regional Government are affected by these laws, and share details on how our Compliance Solution can help.

Data regulation in the world of policing

At time of writing (January 2024), UK data protection legislation combines two elements: the UK implementation of the General Data Protection Regulation (GDPR) and the Data Protection Act 2018 (DPA). Part 3 of the DPA specifically addresses the processing of personal data for law enforcement purposes.

Partner this dual data protection requirement with certain schemes that grant people the legal right to request certain types of information held by the police (see below), and the layer of complexity soon becomes apparent.

SARAH’S LAW – WHAT IT MEANS

Sarah’s Law (also known as the Child Sex Offender Disclosure Scheme) allows parents, carers or guardians to formally request information from the police about a person who has contact with their child – or a child close to them – if they have any concerns that the person in question might pose a risk.

Introduced in response to the abduction and murder of eight-year-old Sarah Payne in 2000, requests for information can be made via 101 or by visiting a local police station and officers are advised to complete checks within 24 hours of the request being made to ensure that there is no immediate risk of harm to the child/children involved.

Sarah’s Law is specific to England and Wales, but a sex offender disclosure scheme also operates in Scotland. This allows any member of the public to make an application for information about someone if they have a concern about their access to a child.

CLARE’S LAW – WHAT IT MEANS

Clare’s Law (sometimes referred to as the Domestic Violence Disclosure Scheme or DVDS) is a police policy which allows people the right to know if their current or ex-partner has any previous history of violence or abuse.

Named after Clare Wood, who lost her life at the hands of her abusive ex-partner in 2009, Clare’s Law gives people legal grounds to request information held by police about a partner (past or current) if they’re concerned they may have been abusive in the past and believe they may pose a risk.

The scheme also gives members of the public the right to request information if they’re concerned that a friend, family member or neighbour might be at risk of domestic violence from a current or past partner.

The police are expected to respond to enquiries made under Clare’s Law within 28 days.

Local government and data regulation

Just like police forces, local authorities are governed by the Data Protection Act 2018 and must manage data in line with GDPR – which gives people (referred to as ‘data subjects’) multiple rights relating to personal data held about them, including the right to be informed and the right to access.

GDPR and subject access requests

Under GDPR, citizens have the right to request information about the personal data local authorities and other agencies hold about them, including:

• Details of what information is held
• How the organisation uses the information
• Where the information came from
• Who the information has been/is being shared with

A request of this nature is known as a subject access request (SAR). There is no strict guidance on how a SAR can be raised, and organisations are responsible for documenting and responding to SARs, no matter if they’re expressed verbally, via email or letter, or through more modern methods of communication like social media messengers.

Guidance from the Information Commissioner’s Office (ICO) states that organisations must respond to SARs without ‘undue delay’. Typically, a response needs to be delivered within 28 days – however, extensions can be applied in various circumstances, including when identity needs to be verified or when a case becomes particularly complex.

FREEDOM OF INFORMATION

The Freedom of Information Act (FOIA) 2000 ensures public access to information held by public authorities in two different ways: public authorities must publish certain information about their activities, while members of the public are entitled to request information from public authorities.

The FOI Act gives two related qualified rights – the right to be told whether or not the information is held and (assuming it is) the right to receive the information, subject to exemptions. Unlike an SAR, a request submitted under FOI must be made in writing via letter or email.

Here are just a few examples of information that can be requested from a local authority under the FOIA:

• numbers of parking tickets issued in specific areas
• decisions about street markings or traffic light settings
• details of suppliers of school dinners
• details of overseas visits by Council officials

What is Compliance and how can it help?

To remain compliant with data-related legislation, it’s important for public organisations to have a suitable framework in place to support cases where people choose to exercise their rights to access information like those outlined above.

Developed in line with guidance from the ICO, Compliance is a tech solution created to help organisations meet the in-depth requirements of GDPR and swiftly respond to requests for information submitted by members of the public.

Built using trusted Microsoft technology as a foundation, adopting Compliance can equip police forces, local authorities and other public sector organisations with the tools to:

• Guide users through individual subject access requests, with automated prompts when deadlines approach
• Streamline internal processes surrounding inbound correspondence
• Communicate with citizens effectively using an online portal
• Identify when they may be nearing breach using real-time reporting
• Help employees report potential breaches with ease via a dedicated mobile app
• Minimise risk with specialised dashboards that can highlight trends

Take a look at our Compliance Solution below and how it can support you in your efforts to enhance your compliance with the most pressing data regulations and requirements, or contact us if you wish to find out more.