NOT PROTECTIVELY MARKED

Policy: / Cumbria Constabulary Information Sharing Policyv4.00
Approved date: / 6th Nov 2012
Owner: / Chief Information Officer, PSD
For release under Freedom of Information? / YES
Equality, diversity and human rights relevance H/M/L / MEDIUM
Supporting procedures also in policy library:
Contact for advice: / Records & Information Security Manager, PSD

1.Aim

1.1This policyis intended to provide members of Cumbria Constabulary with the necessary and appropriate guidance concerning the sharing of police information with other agencies, to ensure that the sharing is carried out in a proportionate,adequate, timely and lawful manner.

1.2In order that the above aim is met, Cumbria Constabulary (‘the Constabulary’) will:

Ensure that all information processed or shared by the Constabulary takes into account the rights of the individual and the law.

Implement effective and appropriate management processes to support all information sharing arrangements entered into with both police and non-police organisations.

Ensure that all personnel are supported in understanding their responsibilities when sharing police information, and thereby help ensure compliance with relevant legislation and local and national policies and guidance.

1.3This Policy applies to all persons authorised by the Constabulary to come into contact with its information and records, and to all information types including verbal, written, paper-based,electronic or digital.

1.4This Policy is sanctioned by the Records Management Strategy[1] and approved and authorised by the Chief Information Officer[2].

Information Sharing Policy v4.00 - Page 1 of 17

NOT PROTECTIVELY MARKED

NOT PROTECTIVELY MARKED

2.Terms and Definitions (see also the Glossary - Appendix C)

2.1For the purpose of this Policy, an Information Sharing Agreement (‘ISA’) is defined as an agreement entered into by the Constabulary with one or more partners to provide for circumstances where a statutory obligation or statutory power to share information does not exist, but through which the sharing of police information may then still be lawfully practiced or conducted.

A Joint Working Protocol, Memorandum of Understanding, or Service Level Agreementisalso defined for the purpose of this Policy as an agreement entered into with one or more partners, but which is intended to support their collaborative working in a wider context and covering additional issues besides just information sharing. Agreements of this type will usuallybe developed and agreed on the basis of a statutory power or obligation to work together (see Section 3.2.5 below).

2.2In the event of any of the content of this Policy contradicting the requirements of any information sharing processes based on statutory arrangements, the statutory arrangements will take precedence.

3.The Policy

3.1 Introduction

3.1.1It is a strategic objective of the Cumbria Constabulary Information Management Strategy that the Constabulary will collect, organise, use, control, disseminate and dispose of its information lawfully, efficiently, and in a manner that fully exploits the value of the information held.[3]

Fully exploiting the value of information held will include proactively seeking to share it where it is assessed that this will support policing purposes (which includes preventing harm), and where there is a legal power to do so.

3.1.2As part of this proactive approach, Cumbria Constabulary will therefore seek to establish formal joint working protocols (see Sections 2.1 above and 3.2.5 below),or similar agreements, which include provision for information sharing with key business partners, including with:

the Crown Prosecution Service and local authorities concerning the exchange of information in support of the investigation and prosecution of child abuse cases

Dept for ChildrenSchools & Families (DCSF)

HM Prison Service (National Offender Management Service)

Youth Offending Service

Multi Agency Public Protection Arrangements (MAPPA)

Cumbria Domestic Violence Partnership

Probation Service

3.1.3Where no formal agreement exists, it is Constabulary policy that information may still be shared under any circumstances where it is risk assessed that the risk of harm if the information is NOT shared outweighs all other considerations. For the purpose of this Policy, risk sharing in these ‘one-off’ circumstances will be referred to as ‘ad hoc’ sharing.Specific requirements in relation to ‘ad hoc’ sharing under this Policy are set out below (Section 3.2.16).

3.1.4All information sharing will be carried out in accordance with (this) Cumbria Constabulary Information Sharing Policy.

Information Sharing Policy v4.00 - Page 1 of 17

NOT PROTECTIVELY MARKED

NOT PROTECTIVELY MARKED

3.2 Legal Basis for Sharing

3.2.1A legal basis must exist to support all information sharing where personal or sensitive police information is involved. This legal basis will sometimes be referred to in this Policy as a ‘gateway’. The permissiblelegal ‘gateways’ are:

  • Statutory Disclosure - Where the sharing of the information is mandatory under a statutory obligation
  • Statutory Power - Where an option to share information is provided for by statute, and the sharing supports a policing purpose
  • Common Law & Policing Purposes - Where no statutory disclosure or statutory power exists, but the information can be shared for the risk based, Common Law purposeof supporting one or more of the specific‘policing purposes’ defined by the Code of Practice on the Management of Police Information (2005)as:

Protecting Life and Property

Preserving Order

Preventing the Commission of Offences

Bringing Offenders to Justice

Any duty or responsibility of the police arising from common or statute law

A process map illustrating these options is attached as Appendix A, and which also serves as a low-level risk assessment in that it ensures that the requirements of the Data Protection Act 1998, Human Rights Act and the common law duty of confidence are considered as a part of all information sharing decisions.

  • Consent-based Sharing –Where an individual gives their informed consent that their personal information may be shared or disclosed to a third party.

3.2.2Statutory Disclosure

The term ‘statutory disclosure’(or ‘statutory obligation’) applies where there is a specific legal obligation to disclose police information to another party. Examples of statutory disclosures include:

Court Orders

Disclosures under Part V of the Police Act 1997

Disclosures to the Criminal Records Bureau (CRB)

Disclosures to the Child Support Agency

Disclosures under the Criminal Procedures and Investigations Act 1996

(SeeSection 3.2.5 below re the creation of Joint Working Protocol’s where disclosures are made frequently to the same partner)

3.2.3Statutory Power

The term ‘statutory power’ applies where there is a specific legal power, but not an obligation, to share police information with another party. Examples include:

Section 47 of the Children Act 1989

Section 115 of the Crime and Disorder Act 1998

Section 35(2) of the Data Protection Act 1998

(See Section 3.2.5 below re the creation of Joint Working Protocol’s where disclosures are made frequently to the same partner)

3.2.4Consent Based Sharing

Where an individual gives their informed consent for information about themselves to be shared with, or disclosed to, a third party,the common law duty of confidentiality will be considered as having been satisfied. However, it is important to note that where police information is involved, MoPI requires that a policing purpose (see Section 3.2.1above) or other legal power will need to be established as well.

3.2.5Joint Working Protocols

(a)In some cases where a statutory obligation or power exists for the sharing of information, there is a corresponding, nationally agreed, scheme through which the sharing process is to be carried out. For example, the Criminal Records Bureau and ACPO have a Disclosure Quality Assurance Framework to help ensure consistency between individual police forces on the disclosure of information to the CRB.

Where arrangements of this type exist, there is no requirementunder this Policyto further document the processes involved.

(b)Similarly, this Policy will not include any requirements in relation to the automated uploading of Constabulary information to formally accredited and approved national police systems, such as the Police National Computer, Police National Database, National Firearms Licencing System, Automatic Number Plate Recognition systems, the Impact Nominal Index, and others, even where non-police partners are subsequently provided with access to information originally uploaded, or shared, by Cumbria Constabulary.

(c)However, where no national scheme existsbutthere is a frequent need for Cumbria Constabulary to share information under a statutory obligation or statutory power, the senior officer or member of staff leading the collaborative process involved should develop and agree with the partner organisation(s)a suitable Joint Working Protocol or Memorandum of Understanding (MOU) that clearly sets out the obligations of the respective organisations involved, and their agreed procedures for carrying them out.

This will help ensure that all of the partner organisations involved:

understand the key issues with which they are working, and are aware of the risks faced by the people affected by the cases they are involved in

are clear concerning the information sharing processes agreed between the partners, and so ensure effective, timely and consistent sharing

are aware of their responsibilities towards each other

3.2.6Common Law and Policing Purposes

(a) If the police are requested to share information where a statutory obligation or statutory power does not exist, information may still be shared through the Common Law power of supporting the policing purposes defined by the Code of Practice on the Management of Police Information (2005). These are:

Protecting Life and Property

Preserving Order

Preventing the Commission of Offences

Bringing offenders to justice

Any duty or responsibility of the police arising from common or statute law.

(b)Whereone (or more) of these reasons exists, such that a basis for considering information sharing then also exists, the following must also be considered before the decision to share (or not to share) is made:

  1. If it includes personal information about an individual, the benefit of supporting one or more of the policing purposes above must be balanced against the rights of the individual under the Human Rights Act 1998, Data Protection Act 1998, and the common law duty of confidence[4] in relation to any information which the person that it concerns may hold to be private.

iiThe possible consequencesto any individualinvolvedwhich might arise as a result of contravention of their rights inrelation to privacy, or through loss, damage, misuse or abuse of their personalinformation.

iiiThe possible consequences to the Constabularywhich could arise as a result of:

  • perceived harm to an individual’s privacy
  • a failure to meet public expectations concerning the protection of personalinformation
  • retrospective imposition of regulatory conditions
  • reduced willingness by our partners to participate in other or future information sharing arrangements
  • the costs of finding alternative ways to share information in future in the event of withdrawal by any partners from a protocol or ISA
  • withdrawal of support from other key supporting organisations due toperceived privacy harms
  • failure to comply with the law, leading to enforcement action from the regulator
  • compensation claims from individuals

iv Any decision to share must also take into accountany risks that disclosure might pose to the source of the information, or the identification of any third parties involved.

v The decision must also take into account any restrictions placed on the use or dissemination of the information by its owner.

(c) In all caseswhere information is being considered to be shared based on supporting policing purposes,the central premise will be that only information which is relevant and proportionate andnecessary to help achieve the policing purpose(s) concerned, will be shared.

3.2.7Sharing Information within the Police Service

(a)For the purpose of this Policy, the ‘police service’ includes:

The UK Police Forcesdefined in Section 1 of the Police Act 1996

The Serious Organised Crime Agency[5]

The National Crime Agency[6]

Other police forces or government departments with whom separate arrangements exist

(b)Police forces can share information with one another (subject to handling codes) without the use of Information Sharing Agreements, because they share a common purpose for managing the information.

3.2.8Sex Offenders and Potentially Dangerous Persons

(a)All requests for information to be disclosed about persons defined within the Cumbria Constabulary “Management of Sexual Offenders and Other Potentially Dangerous Persons” Policy[7]as approved by Operations Board 10th April 2007, aseither ‘sex offenders’ or ‘potentially dangerous persons’will be referred to the Detective Superintendent Public Protection.

(b)Similarly, requests for information to be shared about individuals managed under the Multi-Agency Public Protection Arrangements (‘MAPPA’) process will be referred to the MAPPA Co-Ordinator. It is recommended that all such requests are sent by internal e-mail to .

(c)In both the above instances, ALL such requests will be referred, irrespective of any other actions being taken in relation to the request.

3.2.9Equality Impact Assessment

(a)Information sharing processes, whether undertaken on an ‘ad-hoc’ basis (see Section 3.2.16), or enshrined in Joint Working Protocols, ISA’s, or other agreements, will be undertaken in accordance with the Constabulary’s respective Race, Disability and Gender equality schemes and with reference to the Constabulary Equality and Diversity policy.

(b)Where information sharing agreements of any description are entered into with partners, the possible impact of any race, disability or gender aspects must be considered and a risk assessment made and documented during the formation of the agreement, of any foreseeable or likely harm to individuals who may be affected by the agreement.

3.2.10Privacy Impact Assessment

(a)Guidance was provided in the Information Commissioners Office ‘Privacy Impact Assessment Handbook v2.00’ issued June 2009, concerning possible harm or impact upon individuals which may arise as a result of compromise of any aspect of their ‘privacy’. Such compromise could include any relating to information which the individual may hold as being ‘private’ or personal, whether or not it is formally defined as ‘sensitive’ or ‘personal’ by legislation.

(b)It is therefore Cumbria Constabulary Policy that any foreseeable such consequences which may arise to an individual who is the subject of, or otherwise connected with, information being shared, will be included in all Constabulary risk-based information sharing decisions.

(c)In most instances, this requirement will mainly be concerned with the possible impact on sources, witnesses, or victims of incidents. However this requirement applies to ALL individuals who may be concerned, including alleged offenders.

(d)Where a potentially harmful impact which might affect the privacy of an individual is identified, and is considered as sufficient to justify that information should not be shared, this must be recorded in the decision log not to share (see Section 3.2.19). However, where a potential privacy issue is identified but the decision is made to still share information, the privacy aspect will only be recorded in the same manner and as required for all other aspects concerning sharing decisions. In practice, it will therefore only be required to be recorded for ‘ad-hoc’ sharing (see Section 3.2.16).

3.2.11Non- Personal Information

(a)It is Cumbria Constabulary Policy that non-personal information such as statistics or other general data which is not capable of being identified with specific individuals (where the information is not already in the public domain) will be shared proactively, or upon request.

(b)The decision to share police information of this type still requires care, as it must be accurate, relevant to any enquiry to which it is intended to supply the answer, and must be able to be justified as having been lawfully held. For example, if information is supplied which was due to have been disposed of in accordance with the (published) Retention Schedule, or other policies or procedures, the supply of the information after the due date of disposal could open the Constabulary to criticism.

(c)Where non-personal information has been supplied by another partner or outside agency, any request for it to be disclosed to any other person or organisation should be referred to the originating owner before it is released.

However, it is anticipated that in nearly all cases, the freedom to publish non-personal information supplied by other organisations or partners will be implicit in the arrangements under which it is received.

3.2.12Corporacy

(a)This Policy is authorised as set out in Section 1.4 above and adherenceis therefore mandatory for all personnel authorised by the Constabulary to have access to its information and records.

(b)Through applicationof this Policy, it is intended that the Constabulary will achieve consistent and uniform management and operational practices in relation to information sharing across the business.

3.2.13Roles and Responsibilities

(a) Every member of the Constabulary has a responsibility to contribute to its operational effectiveness by ensuring that information shared with partners is carried out in atimely and lawful manner.

(b)Basic responsibilities concerning information sharing, including those for supervisors, arealso provided for within relevant role details in the Policing Professional Framework.

(c)In addition, it is Constabulary Policy that the following specific responsibilities in relation to the sharing of police informationwill also rest with the roles below:

(i)Chief Information Officer (CIO):

The CIO has been empowered by a decision of the Resourcing & Standards Board to sign Information Sharing Agreements on behalf of Cumbria Constabulary[8].

(ii)Detective Superintendent Public Protection

The Detective Superintendent Public Protection will have responsibility for receiving all referrals where requests are received to share information about offenders as referred to in Section 3.2.8 above, and for directing what response should be given.

Where information requested about such individuals is declined to be shared, the fact of the decision not to share should be recorded as set out in Section 3.2.19 below.

(iii)Chief Superintendents & Department Heads

Chief Superintendents & Department Heads must be aware of and have sanctioned all decisions relating to the sharing of police information with partner organisations by officers or staff under their command, and ensure that a lawful basis for the sharing is in place, either in the form of a statutory obligation to share, a statutory power to share, or a power set out and provided for under an ACPO Memorandum of Understanding, a Joint Working Protocol, or an ISA.[9]