Scottish Crime and Justice Survey: data protection impact assessment

Latest version of the data protection impact assessment (DPIA) for the Scottish Crime and Justice Survey (SCJS) - published in July 2023.


8. Incorporating Privacy Risks into planning

Explain how the risks and solutions or mitigation actions will be incorporated into the project/business plan, and how they will be monitored. There must be a named official responsible for addressing and monitoring each risk.

Risk

Ref

How risk will be incorporated into planning

Owner

Personal information about an individual is lost/leaked during fieldwork

 

Interviewers are trained on data security and must report any data loss during fieldwork to fieldwork management teams within their organisation immediately. Contract between SG and Ipsos /ScotCen specifies that SG must be notified of any data breaches immediately.

SCJS Project Director

(at time of review Mark Bell)

Personal information about an individual is accidently leaked or release during or after processing.

 

Access to SCJS data in SG, ScotCen and Ipsos is restricted to named individuals working on the project. Any data breaches must be brought to the attention of SG immediately, as specified in the SCJS contract.

Changes to project teams should mean that individuals have access granted and removed as required, in a timely manner.

SCJS Project Director (at time of review Mark Bell)

A person is identified from the survey datasets provided to UK Data Service or shared via a Data Sharing Agreement.

 

Data Sharing Agreements specify requirements around not releasing results based on less than 50 respondents. Clear processes are in place for assessing any requests for additional data under special license considerations.

SCJS Project Director (at time of review Mark Bell)

Contact

Email: scjs@gov.scot

Back to top