7. Information and Data Sharing and Retention
Given the nature of the data collected by means of electronic monitoring, which includes details of an individual's movements, decisions on how electronic monitoring data and information is generated, stored, analysed and accessed are important. The new technologies which could be utilised for the purpose of electronic monitoring would result in the collection of even more detailed information about the person being monitored.
The management of data produced or held under GPS, in common with all other data for electronic monitoring, must comply with the terms of the Data Protection Act 1998 and be proportionate.
Question 13: Should the data collected only be for the purpose of monitoring compliance with an order or licence condition, or should it also be used for other purposes such as the investigation of crime? Please include reasons for your answer.
7.1 51 respondents (81%) answered this question. The question invited an open, qualitative response, however it could be deduced from 46 responses whether or not the respondent considered that data should be collected only for monitoring compliance, or whether it should also be used for other purposes. Table 7.1 shows the views of respondents deduced from their qualitative response. 
Table 7.1: Summary of views (deduced from qualitative responses) on whether the data collected should be used solely for monitoring compliance or for other purposes too
|Response||No. of respondents||% of all respondents*|
|Solely for monitoring compliance||4||9|
|Largely for monitoring compliance, but with exceptions in certain circumstances||16||35|
|Both for monitoring compliance, but also for other purposes such as investigating crime||26||57|
*Percentages may not total 100% exactly due to rounding.
7.2 The majority (57%) of those indicating a view were in favour of data collected for the purpose of monitoring compliance with an order or licence condition, being used for other purposes such as the investigation of crime. Of these, 20 of the 26 respondents (77%) were individuals; five other sectors were represented amongst the others.
7.3 Half of these respondents qualified their view stating that use of the data for other purposes should take place only where the individual provided consent at the beginning of the period of electronic monitoring. A few of the others emphasised that appropriate safeguards should be in place, including data protection protocol.
7.4 16 respondents, across eight different sectors, considered that data should be used for purposes other than monitoring compliance only in exceptional circumstances. Examples were suggested: for public protection; anti-terror offences; to investigate crime. A few respondents specified that authority to extend the use of data in this way should come from the judiciary, or senior ranking police officer, or the Scottish Government, following a formal request for this exceptional use. One view was:
"If personal data are to be shared for the purpose of crime investigation, a legitimate basis will have to be identified and consideration must be given as to how compatible this purpose is with the original monitoring purpose. If, at the beginning of the monitoring process, it is the intention to use the monitoring data for crime investigation then this information should be included in the Fair Processing Notice (of the Data Protection Act 1998). If, during the course of the monitoring, there is legitimate cause for investigating the specific location of a Data Subject in relation to a specific crime investigation, it may be possible to do so without notifying the Data Subject under Section 29 of the DPA/ GDPR  equivalent. However, this can in no way be a "fishing exercise" and must be specific with reasonable cause." (Information Commissioner's Office)
7.5 Four respondents, two individuals, one partnership and one third sector respondent considered that data collected for the purpose of monitoring compliance to be restricted to that purpose:
"The data should be used solely for the purposes of the order" (Individual respondent).
Question 13a: What appropriate safeguards should be put in place for the collection, use, retention and destruction of data?
7.6 44 respondents (70%) answered this question. Bar one individual respondent, who suggested that all data should be freely available to boost public confidence in electronic monitoring as an option, all responses referred to safeguards which respondents considered should provide the framework of protocols for the handling of data generated by electronic monitoring.
7.7 Some respondents referred simply to current legislative or other frameworks in broad terms as essential in guiding protocol in this context:
- Data Protection Act 1998. (16 mentions)
- European Convention on Human Rights. (2 mentions)
- Council of Europe guidance on data protection and electronic monitoring (2014). (2 mentions)
- Regulation of Investigatory Powers Act (2000). (2 mentions)
- "Current legislation". (2 mentions)
7.8 Others highlighted specific aspects of protocol which they considered were particularly important in safeguarding data generated by electronic monitoring. Those mentioned most frequently were:
- Issues of access; permission process; who has access; level of access. (11 mentions)
- Timescale for retention of data. (9 mentions)
- Issues of sharing data; nature of information to be shared. (6 mentions)
7.9 Two individual respondents suggested that regulatory oversight and judicial review processes should be developed to underpin the safeguarding framework developed.
7.10 Other respondents highlighted the need for shared protocols across different agencies to be developed, with these made explicit and staff trained accordingly. A partnership suggested that agencies should review their existing record-management policies and procedures in order to support electronic monitoring. A private sector company emphasised the need for appropriate audit and assurance requirements in Service Level Agreements and contracts for delivery of electronic monitoring. One local authority highlighted that local authorities already have appropriate data management protocol in place.
7.11 Two respondents (partnership and third sector) considered that separating law enforcement from electronic monitoring data management will ensure that a formal, transparent process for accessing information is established.
7.12 A few respondents, largely third sector, expressed their support for anonymised, aggregate data, generated by electronic monitoring, to be made available for research purposes (for example, evaluating the effectiveness of electronic monitoring in Scotland).
Email: Electronic Monitoring Team, email@example.com
Phone: 0300 244 4000 – Central Enquiry Unit
The Scottish Government
St Andrew's House