beta

You're viewing our new website - find out more

Publication - Report

Age of Criminal Responsibility (Scotland) Bill: privacy impact assessment

Published: 14 Mar 2018

A privacy impact assessment for the Age of Criminal Responsibility (Scotland) Bill.

24 page PDF

260.7 kB

24 page PDF

260.7 kB

Contents
Age of Criminal Responsibility (Scotland) Bill: privacy impact assessment
5. Conclusion from Screening

24 page PDF

260.7 kB

5. Conclusion from Screening

Sections 4 – 21: Disclosure of convictions and other information relating time when person under 12

The answers to the screening process suggest that there are limited concerns in terms of privacy as a result of the additional information and systems that will be set up as a result of the IR and their assessment process. All organisations who will be involved in information sharing and review are subject to the DPA and GDPR.

Section 22: Provision of information to persons affected by child's behaviour

The answers to the screening process suggest that there are limited concerns in terms of privacy as a result of the changes to the handling and processing of data as a result of section 22 of the Bill.

The disclosure of information under section 22 is aimed at protecting the interests of those harmed or adversely affected by a child's behaviour and the restrictions on disclosure allow the reporter to ensure the child's interests are also respected.

The information that may be disclosed is limited and can be further limited, or not disclosed at all, at the discretion of the reporter thereby ensuring that the data disclosed is limited to what is necessary for the purposes of the disclosure. SCRA and all other organisations who will be involved in the processing of information under section 22 are subject to the DPA and GDPR.

In conclusion, based on the answers to the screening exercise we do not believe that a full-scale PIA is required and we have proceeded on the basis that a small-scale PIA is appropriate. A matrix detailing the main privacy risks associated with the data processing and the action being taken to mitigate the risks is detailed at Annex A.


Contact