National Implementation Support Group communications regarding data protection: FOI release

Information request and response under the Freedom of Information (Scotland) Act 2002.


FOI reference: FOI/17/02031
Date received: 30 August 2017
Date responded: 27 October 2017

Information requested

Please can you provide me with the following information for the time period 1st August 2016 to date:

  1. Minutes and/or notes of all meetings of GIRFEC management boards and groups, including the Programme Board, Implementation Support Group, Data Sharing Technology Board, Information Sharing Board and any allied or successor groups

  2. Copies of all communications between the Scottish Government and ICO relating to preparation for implementation of the GDPR, including the proposed code of practice.

  3. Minutes and/or notes of any meetings at which data processing issues in relation to the GDPR were discussed.

Response

Due to the varied nature of the information sought from this request part 1 was handled by the Children and Young People (Information Sharing) (Scotland) Bill Team and the latter 2 parts handled by the Data Protection and Information Assets Team.

1. Minutes and/or notes of all meetings of GIRFEC management boards and groups, including the Programme Board, Implementation Support Group, Data Sharing Technology Board, Information Sharing Board and any allied or successor groups.

Meeting notes for the meetings of the National Implementation Support Group (NISG) can be found in Annex A. The summary of the NISG meeting on the 16th November 2016 can be found on our website at Meeting Notes 16 Nov 2016 (PDF 85kb)

The Programme Board is no longer active having been disbanded in September 2014 and replaced by the NISG when the Children and Young People (Scotland) Act 2014 was passed. The Data Sharing Technology Board, which changed its name to the Information Sharing Board ended in March 2016 when the Board decided that the sharing requirements of the Children and Young People (Scotland) Act 2014 were being managed effectively.

Meeting notes from Getting it right for every child Implementation management boards which include CEL 29, GIRFEC Lead Officers and the 3rd Sector are included in Annex B. With the exception of the CEL 29 meeting on the 24th November 2016 which can be found in summary at Meeting Notes 24 Nov 2016 (PDF 77KB)

Furthermore 3rd Sector meetings that took place on 26th September 2016 and the 1st December can be found in summary at Meeting Note 26 Sept 16 (PDF 145KB) and Meeting Note 1 December 2016 (PDF 148KB) respectively.

The meeting notes from the Joint Named Person Service Providers meetings are in Annex C. With the exception of meetings that took place on the 15th September 2016 which can be found in summary at Meeting Notes 15 Sept 2016 (PDF 141KB) and the 29th November 2016 that can be found at Meeting Notes 29 Nov 2016 (134KB).

Meeting notes from the Information Sharing Reference Group which took place in 2017 can be found in Annex D, with the exception of those that took place in 2016 which can be found in summary on our website at Meeting Notes 22 Nov 2016 (PDF 96KB) and Meeting Notes 31 Oct 2016 (PDF 117KB)

2. Copies of all communications between the Scottish Government and ICO relating to preparation for implementation of the GDPR, including the proposed code of practice.

While our aim is to provide information whenever possible, in this instance the costs of locating, retrieving and providing the information requested would exceed the upper cost limit of £600. The reason for this is that to locate and retrieve that information we would need to conduct a search of all of the records of the Scottish Government. We are conscious of the need to prepare for the introduction of the GDPR now and we are committed to ensuring compliance with the new legal framework on implementation.

The ICO regularly communicate with areas across the Scottish Government in relation to data protection. Given much of the data processing being discussed will extend beyond 25th May 2018, this has increasingly also included considering the implications of the GDPR as a matter of course. Under section 12 of FOISA, public authorities are not required to comply with a request for information if the authority estimates that the cost of complying would exceed the upper cost limit, which is currently set at £600 by Regulations made under section 12.

You may, however, wish to consider reducing the scope of your request in order that the costs can be brought below £600. For example, you could restrict your request to a specific business or policy area of the Scottish Government. It would also be helpful if you could clarify which code of practice to which this part of your request refers. In addition, you may wish to consider if there is a more specific time period which is of most interest to you. This would allow us to limit the searches needing to be conducted.

You may also find it helpful to look at the Scottish Information Commissioner's 'Tips for requesting information under FOI and the EIRs' on her website at:Tips for FOI's

3. Minutes and/or notes of any meetings at which data processing issues in relation to the GDPR were discussed.

While our aim is to provide information whenever possible, in this instance the costs of locating, retrieving and providing the information requested would exceed the upper cost limit of £600. The reason for this is that to locate and retrieve that information we would need to conduct a search of all of the records of the Scottish Government.

Data processing issues in relation to GDPR are being discussed across the Scottish Government. We are conscious of the need to prepare for the introduction of the GDPR and we are committed to ensuring compliance with the new legal framework on implementation. As most of this data processing will extend beyond 25th May 2018, data protection, including our obligations under GDPR, are included in our discussions as a matter of course.

Under section 12 of FOISA public authorities are not required to comply with a request for information if the authority estimates that the cost of complying would exceed the upper cost limit, which is currently set at £600 by Regulations made under section 12.

You may, however, wish to consider reducing the scope of your request in order that the costs can be brought below £600. For example, you could specify a particular aspect of the GDPR that is of interest, or restrict your request to a specific business or policy area of the Scottish Government, as this would allow us to limit the searches needing to be conducted. You may also wish to consider a more specific time period in which you are interested.

You may find it helpful to look at the Scottish Information Commissioner's 'Tips for requesting information under FOI and the EIRs' on her website at: Tips for FOI's

In addition, you may also find it helpful to note that the General Data Protection Regulation (GDPR) preparatory work currently being undertaken by business areas across the Scottish Government is lead and supported by the Scottish Government Data Protection and Information Asset (DPIA) team. The role of the team is to provide data protection advice and guidance to allow business areas to fully considered their obligations under the Data Protection Act and going forward the GDPR.

The DPIA team are undertaking a project of work, supported by a project board to review Scottish Government wide data protection policies and procedures to ensure that these are or will be reflective of the compliance requirements under the GDPR prior to implementation of the Regulation. The project team are also providing support to Information Asset Owners (IAO) across the Scottish Government who are responsible for the appropriate processing of information within their business area.

The Scottish Government are committed to ensuring compliance with the new legal framework on implementation. We welcome the new data protection legislation. It presents an excellent opportunity to further increase transparency and accountability in our public services. Successful implementation and on-going compliance with the General Data Protection Regulation will play an integral part in enhancing public confidence in our ability to safeguard personal data in Scotland.

About FOI

The Scottish Government is committed to publishing all information released in response to Freedom of Information requests. View all FOI responses at http://www.gov.scot/foi-responses

FOI-17-02031 Annex A - NISG meeting information.pdf
Back to top