Publication - Impact assessment
AQUACULTURE AND FISHERIES (SCOTLAND) BILL - PRIVACY IMPACT ASSESSMENT
The Privacy Impact Assessment accompanying the Aquaculture and Fisheries (Scotland) Bill identifies and addresses the privacy impacts of the Bill.
Aquaculture and Fisheries (Scotland) Bill
Privacy Impact Assessment - Risk Identity Check list
1) Proposals Definition: Introduction of new offences under the Salmon and Freshwater Fisheries (Consolidation) (Scotland) Act 2003 (the 2003 (Act) - http://www.scottish.parliament.uk/parliamentarybusiness/Bills/55381.aspx
| Questions to identify Privacy Issues | Risk | Impact | Likelihood |
|---|---|---|---|
| 1. Technology | |||
| (1) Does the proposal include the use of new or additional technologies with the potential for privacy intrusion? | No. Water Bailiffs, appointed under the 2003 Act, will monitor compliance with the proposals in line with current established practice. The appointment of a Water Bailiff is dependant on the nominated person passing an examination by the Institute of Fisheries Management ( IFM). A copy of the IFM Bailiffing in Scotland reference manual, outlining best practice, can be found at: www.asfb.org.uk/wp-content/uploads/2011/11/Bailiffing-in-Scotland-Manual-2011.pdf | Low | Low |
| 2. & 3. Identity | |||
| (2) Identity: Does the proposal include new identifiers, or substantially change or re-use existing, identifiers or any intrusive or onerous identification, authentication or identity management processes? | Monitoring compliance with the 2003 Act may involve Water Bailiffs noting personal details, which would be required to enable prosecution of suspects, such as name, address, vehicle registration number etc. Where members of the public report potential breeches of the 2003 Act, personal data such as name, address and contact telephone number may be recorded. | Low | Medium |
| (3) Identity: Does the proposal affect anonymity or pseudonymity; will previously anonymous or pseudonymous transactions be identified? | Establishing the identity of suspects is required to enable prosecution. However, members of the public may anonymously report suspected incidents of non-compliance with the 2003 Act to Marine Scotland, the police, the local salmon fishery board or directly to the bailiffs themselves. In cases where members of the public wish to remain anonymous Bailiffs would need to investigate the incident before a breech of the 2003 Act could be established and other potential witnesses identified. | Low | Medium |
| 4. Justification | |||
| (4) Is the justification for the proposal either unpublished or unclear? | No. The new offences introduced are in line with other sanctions for non-compliance with the 2003 Act. | Low | Low |
| 4a) Does the proposal involve new or changed data collection policies or practices that may be unclear or intrusive? | No. Water Bailiffs will monitor compliance in line with established practice. | Low | Low |
| 4b) Does the proposal involve new or changed quality assurance or security processes or standards that may be unclear and/or unsatisfactory? | No. Please see point 4a) above. | Low | Low |
| 4c) Does the proposal involve new or changed data access or disclosure arrangements that may be unclear or permissive? | No. Please see point 4a) above. | Low | Low |
| 4d) Does the proposal involve new or changed data retention processes that may be unclear or extensive? | No. Please see point 4a) above. | Low | Low |
| 4e) Does the proposal involve a new or changed medium or method of disclosure for publicly available information so data is more readily accessible? | No. Please see point 4a) above. | Low | Low |
| 5. Multiple organisations | |||
| (5) Will the proposal involve multiple organisations, either government agencies ( e.g. 'joined-up government' initiatives) or the private sector? | Yes. Water Bailiffs are employed by the local salmon fishery board, or in areas where there is no board, they are nominated by a sponsor organisation ( i.e. the local angling club) for appointment by Scottish Ministers. They may share information with the local police and/or the crown prosecution office. | Low | Medium |
| 6. & 7. Data | |||
| (6) Does the proposal involve personal data of particular concern to individuals? | Yes. Water Bailiffs will record detailed information on the offence associated with the breech of the 2003 Act. | Low | Low |
| (7) Does the proposal involve the linkage of personal data with data in other collections, or any significant change to existing data links or holdings? | Yes. In general the information held on those suspected of non-compliance is held for a single purpose. However, where suspected poachers are thought to be operating in more than one salmon fishery district the information may be shared with other bailiffs, fishery boards, the local police etc. | Low | Medium |
| 8. 9. & 10. Data handling scope | |||
| (8) Will the proposal handle a significant amount of data about each person, or significantly change existing data-holdings? | The personal data recorded by Water Bailiffs will generally be limited to name, address, vehicle registration number etc.This is consistent with the information recorded for other suspected offences under the 2003 Act. | Low | Low |
| (9) Will the proposal handle data about a significant number of people, or change significantly the existing population scope or coverage? | No. It is not anticipated that the new offences will result in a significant increase in the volume and type of personal data held by Water Bailiffs. | Low | Low |
| (10) Does the proposal consolidate, inter-link, cross-reference or match personal data from multiple sources? | Yes. There will potentially be instances where Water Bailiffs share information across more than one salmon fishery district; although these instances are likely to be limited in nature. | Low | Medium |
| 11.12. & 13 Exemptions & exceptions | |||
| (11) Is the proposal to process any data that is exempt from legislative privacy protections? | Yes. The personal data collected by Water Bailiffs, in exercising of their statutory law enforcement function, is exempt under Section 29 of the Data Protection Act. | Low | High |
| (12) Does the proposal's justification include significant contributions to public security measures? | No. | Low | Low |
| (13) Does the proposal intend to disclose personal data to, or access by, third parties that are not subject to EU or comparable privacy regulation? | No. | Low | Low |
| Other Issues or Risks Arising | |||
| Low | Low | ||
2) Proposals Definition: Introduction of new primary legislation enabling Scottish Ministers to make regulations for or in connection with the tagging the carcasses of salmon - http://www.scottish.parliament.uk/parliamentarybusiness/Bills/55381.aspx
| Questions to identify Privacy Issues | Risk | Impact | Likelihood |
|---|---|---|---|
| 1. Technology | |||
| (1) Does the proposal include the use of new or additional technologies with the potential for privacy intrusion? | Depending on the scheme it is possible that some information may be held on computer - some information is already held on computer by individual fisheries Further PIA to be carried out as regulations are drafted. | Low | Low |
| 2. & 3. Identity | |||
| (2) Identity: Does the proposal include new identifiers, or substantially change or re-use existing, identifiers or any intrusive or onerous identification, authentication or identity management processes? | This will depend on the type of scheme put in place. A further PIA will be carried out when regulations are being drafted. | Low | Low |
| (3) Identity: Does the proposal affect anonymity or pseudonymity; will previously anonymous or pseudonymous transactions be identified? | Any scheme will involve the name and address of the Fishery being put on the tag to enable fish to be traced back to fishery. | Low | High |
| 4. Justification | |||
| (4) Is the justification for the proposal either unpublished or unclear? | The proposal has been consulted on as part of the Bill process. | Low | Low |
| 4a) Does the proposal involve new or changed data collection policies or practices that may be unclear or intrusive? | This will depend on the type of scheme put in place. See 2.(2) | Low | Low |
| 4b) Does the proposal involve new or changed quality assurance or security processes or standards that may be unclear and/or unsatisfactory? | See 2.(2) | Low | Low |
| 4c) Does the proposal involve new or changed data access or disclosure arrangements that may be unclear or permissive? | See 2.(2) | Low | Low |
| 4d) Does the proposal involve new or changed data retention processes that may be unclear or extensive? | See 2.(2) | Low | Low |
| 4e) Does the proposal involve a new or changed medium or method of disclosure for publicly available information so data is more readily accessible? | See 2.(2) | Low | Low |
| 5. Multiple organisations | |||
| (5) Will the proposal involve multiple organisations, either government agencies ( e.g. 'joined-up government' initiatives) or the private sector? | See 2.(2) | Low | Low |
| 6. & 7. Data | |||
| (6) Does the proposal involve personal data of particular concern to individuals? | No | Low | Low |
| (7) Does the proposal involve the linkage of personal data with data in other collections, or any significant change to existing data links or holdings? | See 2.(2) | Low | Low |
| 8. 9. & 10. Data handling scope | |||
| (8) Will the proposal handle a significant amount of data about each person, or significantly change existing data-holdings? | No | Low | Low |
| (9) Will the proposal handle data about a significant number of people, or change significantly the existing population scope or coverage? | No | Low | Low |
| (10) Does the proposal consolidate, inter-link, cross-reference or match personal data from multiple sources? | No | Low | Low |
| 11.12. & 13 Exemptions & exceptions | |||
| (11) Is the proposal to process any data that is exempt from legislative privacy protections? | No | Low | Low |
| (12) Does the proposal's justification include significant contributions to public security measures? | No | Low | Low |
| (13) Does the proposal intend to disclose personal data to, or access by, third parties that are not subject to EU or comparable privacy regulation? | No | Low | Low |
| Other Issues or Risks Arising | |||
| Low Medium High |
Low Medium High |
||
| Low Medium High |
Low Medium High |
||
| Low Medium High |
Low Medium High |
||
3) Proposals Definition: Use of fixed financial penalties as alternatives to prosecution in relation to marine, aquaculture and other regulatory issues for which Marine Scotland has responsibility - http://www.scottish.parliament.uk/parliamentarybusiness/Bills/55381.aspx
| Questions to identify Privacy Issues | Risk | Impact | Likelihood |
|---|---|---|---|
| 1. Technology | |||
| (1) Does the proposal include the use of new or additional technologies with the potential for privacy intrusion? | No | Low | Low |
| 2. & 3. Identity | |||
| (2) Identity: Does the proposal include new identifiers, or substantially change or re-use existing, identifiers or any intrusive or onerous identification, authentication or identity management processes? | Suspects interviewed as part of an investigation may be asked to state and provide evidence of their identity eg a driving licence or passport. In most investigations the identity of suspect is already known because of their special capacity eg declared to be the master of a vessel. | Low | Medium |
| (3) Identity: Does the proposal affect anonymity or pseudonymity; will previously anonymous or pseudonymous transactions be identified? | The identity of suspects must be established to facilitate prosecution, and those details are noted and held for that purpose. There is provision however for members of the public to provide information and intelligence anonymously if they wish to do so. This may ultimately lead to a fixed penalty notice being issued after the matter is fully investigated. | Low | Medium |
| 4. Justification | |||
| (4) Is the justification for the proposal either unpublished or unclear? | No, the proposals are an extension of existing procedures/policies introduced through the Aquaculture and Fisheries (Scotland) Act 2007 and as such are no more-privacy intrusive than existing measures. As regulatory non-compliance is prescribed as criminal offences the data would, in any event, be required to facilitate the submission of a report to the Procurator Fiscal. | Low | Low |
| 4a) Does the proposal involve new or changed data collection policies or practices that may be unclear or intrusive? | No, the policies remain unchanged - see answer to point 4. | Low | Low |
| 4b) Does the proposal involve new or changed quality assurance or security processes or standards that may be unclear and/or unsatisfactory? | No, the policies remained unchanged - see answer to point 4. | Low | Low |
| 4c) Does the proposal involve new or changed data access or disclosure arrangements that may be unclear or permissive? | No, the policies remained unchanged - see answer to point 4. | Low | Low |
| 4d) Does the proposal involve new or changed data retention processes that may be unclear or extensive? | No, the policies remained unchanged - see answer to point 4. | Low | Low |
| 4e) Does the proposal involve a new or changed medium or method of disclosure for publicly available information so data is more readily accessible? | No, the data is held for the purposes of detecting and reporting crimes and is not normally publicly accessible including through information access regimes such as FOI (non-absolute exemption). | Low | Low |
| 5. Multiple organisations | |||
| (5) Will the proposal involve multiple organisations, either government agencies ( e.g. 'joined-up government' initiatives) or the private sector? | In most cases the proposal will only involve information sharing within the one organisation (the Crown Office and Procurator Fiscal Service) in the form of crime reports to the Fiscal. However, it is possible that other criminal justice partner agencies may be involved in a small number of joint enquiries. It is possible that we may in future be provided with information on individuals such as previous convictions or warning signals ( e.g. previous acts of violent behaviours). Information sharing protocols are/will be in place to ensure the security of personal data shared between criminal justice partner agencies. | Low Medium High |
Low Medium High |
| 6. & 7. Data | |||
| (6) Does the proposal involve personal data of particular concern to individuals? | Data on suspects will include data relating to offences and courts proceedings. It may also include relevant information in relation to the offences that have most recently been committed and are now the subject of a Fixed Penalty Notice. This could include mitigatory or exculpatory information which could include personal sensitive information relating, for example, to medical conditions, or certain financial information. | Medium | Medium |
| (7) Does the proposal involve the linkage of personal data with data in other collections, or any significant change to existing data links or holdings? | No, the data is generally held for a single purpose and not linked to other data sets. | Low | Low |
| 8. 9. & 10. Data handling scope | |||
| (8) Will the proposal handle a significant amount of data about each person, or significantly change existing data-holdings? | The data held on each individual will be minimal and will generally consist of their, name, address, date of birth, occupation and an account of the matters under investigation. This does not represent an increase in data volume. | Low | Low |
| (9) Will the proposal handle data about a significant number of people, or change significantly the existing population scope or coverage? | The proposal has the potential to increase the number of offenders brought within the fixed penalty regime. However, as fixed penalties are a diversion from prosecution the potential increase can be gauged by the amount of prosecutions taken in the additional regulatory areas to be covered by the proposal. The number of prosecutions beyond sea fisheries infringements is currently negligible. | Low | Low |
| (10) Does the proposal consolidate, inter-link, cross-reference or match personal data from multiple sources? | No. | Low | Low |
| 11.12. & 13 Exemptions & exceptions | |||
| (11) Is the proposal to process any data that is exempt from legislative privacy protections? | Yes - the data is covered by the exemption for law enforcement provided for in Section 29 of the Data Protection Act 1998. | Low | High |
| (12) Does the proposal's justification include significant contributions to public security measures? | The impact on privacy such as it is, is necessary and proportionate for the purposes of law enforcement within the sphere of the marine and freshwater environment. It does not concern the protection of critical infrastructure or the safety of the population per se. | Low | Low |
| (13) Does the proposal intend to disclose personal data to, or access by, third parties that are not subject to EU or comparable privacy regulation? | No | Low | Low |
| Other Issues or Risks Arising | |||
Aquaculture and Fisheries Bill
October 2012
Contact
There is a problem
Thanks for your feedback