AQUACULTURE AND FISHERIES (SCOTLAND) BILL - PRIVACY IMPACT ASSESSMENT

The Privacy Impact Assessment accompanying the Aquaculture and Fisheries (Scotland) Bill identifies and addresses the privacy impacts of the Bill.


Aquaculture and Fisheries (Scotland) Bill
Privacy Impact Assessment - Risk Identity Check list

1) Proposals Definition: Introduction of new offences under the Salmon and Freshwater Fisheries (Consolidation) (Scotland) Act 2003 (the 2003 (Act) - http://www.scottish.parliament.uk/parliamentarybusiness/Bills/55381.aspx

Questions to identify Privacy Issues Risk Impact Likelihood
1. Technology
(1) Does the proposal include the use of new or additional technologies with the potential for privacy intrusion? No. Water Bailiffs, appointed under the 2003 Act, will monitor compliance with the proposals in line with current established practice. The appointment of a Water Bailiff is dependant on the nominated person passing an examination by the Institute of Fisheries Management ( IFM). A copy of the IFM Bailiffing in Scotland reference manual, outlining best practice, can be found at: www.asfb.org.uk/wp-content/uploads/2011/11/Bailiffing-in-Scotland-Manual-2011.pdf Low Low
2. & 3. Identity
(2) Identity: Does the proposal include new identifiers, or substantially change or re-use existing, identifiers or any intrusive or onerous identification, authentication or identity management processes? Monitoring compliance with the 2003 Act may involve Water Bailiffs noting personal details, which would be required to enable prosecution of suspects, such as name, address, vehicle registration number etc. Where members of the public report potential breeches of the 2003 Act, personal data such as name, address and contact telephone number may be recorded. Low Medium
(3) Identity: Does the proposal affect anonymity or pseudonymity; will previously anonymous or pseudonymous transactions be identified? Establishing the identity of suspects is required to enable prosecution. However, members of the public may anonymously report suspected incidents of non-compliance with the 2003 Act to Marine Scotland, the police, the local salmon fishery board or directly to the bailiffs themselves. In cases where members of the public wish to remain anonymous Bailiffs would need to investigate the incident before a breech of the 2003 Act could be established and other potential witnesses identified. Low Medium
4. Justification
(4) Is the justification for the proposal either unpublished or unclear? No. The new offences introduced are in line with other sanctions for non-compliance with the 2003 Act. Low Low
4a) Does the proposal involve new or changed data collection policies or practices that may be unclear or intrusive? No. Water Bailiffs will monitor compliance in line with established practice. Low Low
4b) Does the proposal involve new or changed quality assurance or security processes or standards that may be unclear and/or unsatisfactory? No. Please see point 4a) above. Low Low
4c) Does the proposal involve new or changed data access or disclosure arrangements that may be unclear or permissive? No. Please see point 4a) above. Low Low
4d) Does the proposal involve new or changed data retention processes that may be unclear or extensive? No. Please see point 4a) above. Low Low
4e) Does the proposal involve a new or changed medium or method of disclosure for publicly available information so data is more readily accessible? No. Please see point 4a) above. Low Low
5. Multiple organisations
(5) Will the proposal involve multiple organisations, either government agencies ( e.g. 'joined-up government' initiatives) or the private sector? Yes. Water Bailiffs are employed by the local salmon fishery board, or in areas where there is no board, they are nominated by a sponsor organisation ( i.e. the local angling club) for appointment by Scottish Ministers. They may share information with the local police and/or the crown prosecution office. Low Medium
6. & 7. Data
(6) Does the proposal involve personal data of particular concern to individuals? Yes. Water Bailiffs will record detailed information on the offence associated with the breech of the 2003 Act. Low Low
(7) Does the proposal involve the linkage of personal data with data in other collections, or any significant change to existing data links or holdings? Yes. In general the information held on those suspected of non-compliance is held for a single purpose. However, where suspected poachers are thought to be operating in more than one salmon fishery district the information may be shared with other bailiffs, fishery boards, the local police etc. Low Medium
8. 9. & 10. Data handling scope
(8) Will the proposal handle a significant amount of data about each person, or significantly change existing data-holdings? The personal data recorded by Water Bailiffs will generally be limited to name, address, vehicle registration number etc.This is consistent with the information recorded for other suspected offences under the 2003 Act. Low Low
(9) Will the proposal handle data about a significant number of people, or change significantly the existing population scope or coverage? No. It is not anticipated that the new offences will result in a significant increase in the volume and type of personal data held by Water Bailiffs. Low Low
(10) Does the proposal consolidate, inter-link, cross-reference or match personal data from multiple sources? Yes. There will potentially be instances where Water Bailiffs share information across more than one salmon fishery district; although these instances are likely to be limited in nature. Low Medium
11.12. & 13 Exemptions & exceptions
(11) Is the proposal to process any data that is exempt from legislative privacy protections? Yes. The personal data collected by Water Bailiffs, in exercising of their statutory law enforcement function, is exempt under Section 29 of the Data Protection Act. Low High
(12) Does the proposal's justification include significant contributions to public security measures? No. Low Low
(13) Does the proposal intend to disclose personal data to, or access by, third parties that are not subject to EU or comparable privacy regulation? No. Low Low
Other Issues or Risks Arising
Low Low

2) Proposals Definition: Introduction of new primary legislation enabling Scottish Ministers to make regulations for or in connection with the tagging the carcasses of salmon - http://www.scottish.parliament.uk/parliamentarybusiness/Bills/55381.aspx

Questions to identify Privacy Issues Risk Impact Likelihood
1. Technology
(1) Does the proposal include the use of new or additional technologies with the potential for privacy intrusion? Depending on the scheme it is possible that some information may be held on computer - some information is already held on computer by individual fisheries Further PIA to be carried out as regulations are drafted. Low Low
2. & 3. Identity
(2) Identity: Does the proposal include new identifiers, or substantially change or re-use existing, identifiers or any intrusive or onerous identification, authentication or identity management processes? This will depend on the type of scheme put in place. A further PIA will be carried out when regulations are being drafted. Low Low
(3) Identity: Does the proposal affect anonymity or pseudonymity; will previously anonymous or pseudonymous transactions be identified? Any scheme will involve the name and address of the Fishery being put on the tag to enable fish to be traced back to fishery. Low High
4. Justification
(4) Is the justification for the proposal either unpublished or unclear? The proposal has been consulted on as part of the Bill process. Low Low
4a) Does the proposal involve new or changed data collection policies or practices that may be unclear or intrusive? This will depend on the type of scheme put in place. See 2.(2) Low Low
4b) Does the proposal involve new or changed quality assurance or security processes or standards that may be unclear and/or unsatisfactory? See 2.(2) Low Low
4c) Does the proposal involve new or changed data access or disclosure arrangements that may be unclear or permissive? See 2.(2) Low Low
4d) Does the proposal involve new or changed data retention processes that may be unclear or extensive? See 2.(2) Low Low
4e) Does the proposal involve a new or changed medium or method of disclosure for publicly available information so data is more readily accessible? See 2.(2) Low Low
5. Multiple organisations
(5) Will the proposal involve multiple organisations, either government agencies ( e.g. 'joined-up government' initiatives) or the private sector? See 2.(2) Low Low
6. & 7. Data
(6) Does the proposal involve personal data of particular concern to individuals? No Low Low
(7) Does the proposal involve the linkage of personal data with data in other collections, or any significant change to existing data links or holdings? See 2.(2) Low Low
8. 9. & 10. Data handling scope
(8) Will the proposal handle a significant amount of data about each person, or significantly change existing data-holdings? No Low Low
(9) Will the proposal handle data about a significant number of people, or change significantly the existing population scope or coverage? No Low Low
(10) Does the proposal consolidate, inter-link, cross-reference or match personal data from multiple sources? No Low Low
11.12. & 13 Exemptions & exceptions
(11) Is the proposal to process any data that is exempt from legislative privacy protections? No Low Low
(12) Does the proposal's justification include significant contributions to public security measures? No Low Low
(13) Does the proposal intend to disclose personal data to, or access by, third parties that are not subject to EU or comparable privacy regulation? No Low Low
Other Issues or Risks Arising
Low
Medium
High
Low
Medium
High
Low
Medium
High
Low
Medium
High
Low
Medium
High
Low
Medium
High

3) Proposals Definition: Use of fixed financial penalties as alternatives to prosecution in relation to marine, aquaculture and other regulatory issues for which Marine Scotland has responsibility - http://www.scottish.parliament.uk/parliamentarybusiness/Bills/55381.aspx

Questions to identify Privacy Issues Risk Impact Likelihood
1. Technology
(1) Does the proposal include the use of new or additional technologies with the potential for privacy intrusion? No Low Low
2. & 3. Identity
(2) Identity: Does the proposal include new identifiers, or substantially change or re-use existing, identifiers or any intrusive or onerous identification, authentication or identity management processes? Suspects interviewed as part of an investigation may be asked to state and provide evidence of their identity eg a driving licence or passport. In most investigations the identity of suspect is already known because of their special capacity eg declared to be the master of a vessel. Low Medium
(3) Identity: Does the proposal affect anonymity or pseudonymity; will previously anonymous or pseudonymous transactions be identified? The identity of suspects must be established to facilitate prosecution, and those details are noted and held for that purpose. There is provision however for members of the public to provide information and intelligence anonymously if they wish to do so. This may ultimately lead to a fixed penalty notice being issued after the matter is fully investigated. Low Medium
4. Justification
(4) Is the justification for the proposal either unpublished or unclear? No, the proposals are an extension of existing procedures/policies introduced through the Aquaculture and Fisheries (Scotland) Act 2007 and as such are no more-privacy intrusive than existing measures. As regulatory non-compliance is prescribed as criminal offences the data would, in any event, be required to facilitate the submission of a report to the Procurator Fiscal. Low Low
4a) Does the proposal involve new or changed data collection policies or practices that may be unclear or intrusive? No, the policies remain unchanged - see answer to point 4. Low Low
4b) Does the proposal involve new or changed quality assurance or security processes or standards that may be unclear and/or unsatisfactory? No, the policies remained unchanged - see answer to point 4. Low Low
4c) Does the proposal involve new or changed data access or disclosure arrangements that may be unclear or permissive? No, the policies remained unchanged - see answer to point 4. Low Low
4d) Does the proposal involve new or changed data retention processes that may be unclear or extensive? No, the policies remained unchanged - see answer to point 4. Low Low
4e) Does the proposal involve a new or changed medium or method of disclosure for publicly available information so data is more readily accessible? No, the data is held for the purposes of detecting and reporting crimes and is not normally publicly accessible including through information access regimes such as FOI (non-absolute exemption). Low Low
5. Multiple organisations
(5) Will the proposal involve multiple organisations, either government agencies ( e.g. 'joined-up government' initiatives) or the private sector? In most cases the proposal will only involve information sharing within the one organisation (the Crown Office and Procurator Fiscal Service) in the form of crime reports to the Fiscal. However, it is possible that other criminal justice partner agencies may be involved in a small number of joint enquiries. It is possible that we may in future be provided with information on individuals such as previous convictions or warning signals ( e.g. previous acts of violent behaviours). Information sharing protocols are/will be in place to ensure the security of personal data shared between criminal justice partner agencies. Low
Medium
High
Low
Medium
High
6. & 7. Data
(6) Does the proposal involve personal data of particular concern to individuals? Data on suspects will include data relating to offences and courts proceedings. It may also include relevant information in relation to the offences that have most recently been committed and are now the subject of a Fixed Penalty Notice. This could include mitigatory or exculpatory information which could include personal sensitive information relating, for example, to medical conditions, or certain financial information. Medium Medium
(7) Does the proposal involve the linkage of personal data with data in other collections, or any significant change to existing data links or holdings? No, the data is generally held for a single purpose and not linked to other data sets. Low Low
8. 9. & 10. Data handling scope
(8) Will the proposal handle a significant amount of data about each person, or significantly change existing data-holdings? The data held on each individual will be minimal and will generally consist of their, name, address, date of birth, occupation and an account of the matters under investigation. This does not represent an increase in data volume. Low Low
(9) Will the proposal handle data about a significant number of people, or change significantly the existing population scope or coverage? The proposal has the potential to increase the number of offenders brought within the fixed penalty regime. However, as fixed penalties are a diversion from prosecution the potential increase can be gauged by the amount of prosecutions taken in the additional regulatory areas to be covered by the proposal. The number of prosecutions beyond sea fisheries infringements is currently negligible. Low Low
(10) Does the proposal consolidate, inter-link, cross-reference or match personal data from multiple sources? No. Low Low
11.12. & 13 Exemptions & exceptions
(11) Is the proposal to process any data that is exempt from legislative privacy protections? Yes - the data is covered by the exemption for law enforcement provided for in Section 29 of the Data Protection Act 1998. Low High
(12) Does the proposal's justification include significant contributions to public security measures? The impact on privacy such as it is, is necessary and proportionate for the purposes of law enforcement within the sphere of the marine and freshwater environment. It does not concern the protection of critical infrastructure or the safety of the population per se. Low Low
(13) Does the proposal intend to disclose personal data to, or access by, third parties that are not subject to EU or comparable privacy regulation? No Low Low
Other Issues or Risks Arising

Aquaculture and Fisheries Bill
October 2012

Contact

Back to top