Social Security Scotland - Safeguarding & GDPR policy: FOI release

Information request and response under the Freedom of Information (Scotland) Act 2002


Information requested

Request for information 1: Can I have a copy of your safeguarding policy?

Request for information 2: Can I have a copy of your privacy/GDPR policy?

Request for information 3: Who is responsible for ensuring your safeguarding policy in adhered too across all social security scotland employees?

Request for information 4: Who is responsible for ensuring your Privacy/GDPR policy in adhered too across all social security scotland employees?

Request for information 5: Who is responsible for ensuring employee's are trained in their duties under the equality act?

Request for information 6: And what training do you provide in regards to the 3 policies above to all staff in front facing roles?

Response

Request for information 1: Can I have a copy of your safeguarding policy?

While our aim is to provide information whenever possible, in this instance Social Security Scotland does not have the information you have requested.

While there is not a policy called Safeguarding, the approach to safeguarding in Social Security Scotland is laid out in guidance and training. All public facing staff complete mandatory risk-of-harm training, and must complete this training annually. 

Where Social Security Scotland staff identify an individual as being at immediate or potential risk of harm, they report these concerns to the internal Safeguarding Team, as per our guidance. Where
appropriate the safeguarding team will refer it onwards to the relevant authorities. 

Social Security Scotland Charter commits to putting the respect for dignity of individuals at the heart of the Scottish social security system, and part of that is reflected in Ministers bringing forward the Social Security Information-Sharing (Scotland) Amendment Regulations 2024 related to safeguarding referrals. 

This is a formal notice under section 17(1) of FOISA that the Scottish Government does not have the information you have requested.

Request for information 2: Can I have a copy of your privacy/GDPR policy?

Most of the information you have requested is available from:

Please find the privacy notice found here: https://www.socialsecurity.gov.scot/privacy-notice

For information on how we process our clients’ personal data, please see the following privacy information: https://www.mygov.scot/social-security-data

Under section 25(1) of FOISA, we do not have to give you information which is already reasonably accessible to you. If, however, you do not have internet access to obtain this information from the
website(s) listed, then please contact me again and I will send you a paper copy. 

Attached is a copy of Social Security Scotland data protection policy.

An exemption under section 38(1)(b) of FOISA (personal information) applies to a small amount of the information requested because it is personal data of a third party, ie personal names, and disclosing it would contravene the data protection principles in Article 5(1) of the General Data Protection Regulation and in section 34(1) of the Data Protection Act 2018. 

This exemption is not subject to the ‘public interest test’, so we are not required to consider if the public interest in disclosing the information outweighs the public interest in applying the exemption.

Request for information 3: Who is responsible for ensuring your safeguarding policy in adhered too across all social security scotland employees?

Line managers are responsible for ensuring Safeguarding procedures are adhered to by staff. The Chief Executive as Accountable Officer holds the responsible officer role for Social Security Scotland.

Request for information 4: Who is responsible for ensuring your Privacy/GDPR policy in adhered too across all social security scotland employees?

Data Protection and Information Governance lead

Owns, approves and monitors compliance with the policy.

Data Protection and Information Governance team

Carries out activities as described in the policy and keeps the policy under review.

Information Asset Owner

Approves relevant Data Protection Impact Assessments following review by the Data Protection Officer, and manages risks to information assets they are responsible, assigns an individual in their business area to keep Data Protection Impact Assessments under review and schedule reviews of it when circumstances change.

Chief Information Security Officer

Provides technical and organisation security measures to protect personal data.

All colleagues

Report personal data breaches and suspected personal data breaches, and receipt of data subject requests to the Data Protection and Information Governance team for further action, and complete annual data protection e-learning and any other required data protection training.

Request for information 5: Who is responsible for ensuring employee's are trained in their duties under the equality act?

The Deputy Director for People and Places and Deputy Director of Health & Social Care hold senior responsibility for Equality Act training delivery within Social Security Scotland.

Request for information 6: And what training do you provide in regards to the 3 policies above to all staff in front facing roles?

All public facing staff complete mandatory risk-of-harm training, and must complete the training annually. The Equality training course is mandatory for all employees. Data protection training is delivered in two annual mandatory Data Protection e-learning modules for all employees.

About FOI

The Scottish Government is committed to publishing all information released in response to Freedom of Information requests. View all FOI responses at http://www.gov.scot/foi-responses.

FOI - 202400398977 - Information released - Annex

Contact

Please quote the FOI reference
Central Enquiry Unit
Email: ceu@gov.scot
Phone: 0300 244 4000

The Scottish Government
St Andrews House
Regent Road
Edinburgh
EH1 3DG

Back to top