Gainsborough Shopwatch Scheme.pdf - Lincolnshire Police
Gainsborough Shopwatch Scheme.pdf - Lincolnshire Police
Gainsborough Shopwatch Scheme.pdf - Lincolnshire Police
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
NOT PROTECTIVELY MARKED<br />
P.698 (07/13)<br />
INFORMATION SHARING AGREEMENT<br />
INFORMATION SHARING AGREEMENT (ISA)<br />
BETWEEN<br />
GAINSBOROUGH SHOPWATCH SCHEME<br />
AND<br />
LINCOLNSHIRE POLICE<br />
Version - 2.0<br />
(Revised- 14 May 14)<br />
NOT PROTECTIVELY MARKED
NOT PROTECTIVELY MARKED<br />
SUMMARY SHEET<br />
Information Sharing Agreement<br />
ISA Ref:<br />
LP001/LWL - <strong>Gainsborough</strong> <strong>Shopwatch</strong> <strong>Scheme</strong><br />
PURPOSE<br />
To create a system for the formal exchange of photographs, information and<br />
intelligence between the police, and members of the <strong>Gainsborough</strong> <strong>Shopwatch</strong><br />
<strong>Scheme</strong>, with the intention to prevent, detect, and/or reduce crime in<br />
<strong>Gainsborough</strong> Town Centre and South West Ward.<br />
<strong>Lincolnshire</strong> <strong>Police</strong><br />
PARTNERS<br />
<strong>Gainsborough</strong> <strong>Shopwatch</strong> <strong>Scheme</strong><br />
Date Agreement comes into force: 1 October 2012<br />
Date of Agreement Review:<br />
Six months after coming into force, then annually<br />
Agreement Owner:<br />
<strong>Lincolnshire</strong> <strong>Police</strong><br />
Agreement drawn up by:<br />
PCSO 2260 Pearson<br />
Location of Signed Agreement in<br />
force:<br />
Information Management Unit, Force HQ<br />
Protective Marking:<br />
Not protectively marked<br />
VERSION RECORD<br />
Version<br />
No.<br />
Date Amendments Made Authorisation<br />
Draft 9 Sep 12 Initial Draft PCSO 2260 Pearson<br />
1.0 1 Oct 12 Initial Authorisation E D Tedder - IS Officer<br />
NOT PROTECTIVELY MARKED
NOT PROTECTIVELY MARKED<br />
2.0 15 Apr 14 Section 1, 2,5, 7 & 8 Amended<br />
Security Section added, now section 9.<br />
Section 11 amended (previously section<br />
10)<br />
Section 14 added<br />
Appendix 1 – Principals of the Data<br />
Protection Act added.<br />
Appendix 3 Amended in order to reflect<br />
the changes made to legislation<br />
regarding Rehabilitation Periods.<br />
L Chapman – IS Officer<br />
1. INTRODUCTION<br />
1.1 <strong>Lincolnshire</strong> <strong>Police</strong> are committed to partnership working, and continually look for<br />
opportunities to work more closely with local identified partners to detect, prevent and reduce<br />
crime and anti-social behaviour.<br />
1.2 In adopting this partnership approach it is important that the policies/practices of the<br />
agencies involved compliment each other to ensure that any action taken is appropriate,<br />
necessary, proportionate and consistently applied.<br />
1.3 This agreement outlines the need for the police and <strong>Gainsborough</strong> <strong>Shopwatch</strong> <strong>Scheme</strong> to<br />
work together to alleviate crime and anti-social behaviour in <strong>Gainsborough</strong> Town Centre and<br />
provides a framework for action.<br />
2. PURPOSE<br />
2.1 The purpose of this agreement is to enable action to be taken against crime involving theft,<br />
burglary, robbery, anti-social behaviour and other related commercial premises offences. It<br />
will incorporate measures aimed at:<br />
• Facilitating a coordinated approach that targets crime<br />
• Facilitating the collection and exchange of relevant information<br />
• The pursuit of criminal proceedings - either by <strong>Lincolnshire</strong> <strong>Police</strong> or the<br />
members of the <strong>Gainsborough</strong> <strong>Shopwatch</strong> <strong>Scheme</strong>.<br />
• Ensuring that the sharing of information meets one or more of the policing<br />
purposes.<br />
2.2 Effective information exchange is the key to partnership working. The effectiveness of<br />
information exchange is a reflection of the effectiveness of the partnership as a whole.<br />
2.3 It also seeks to increase the confidence of Shop owners and management, while<br />
encouraging their support to enable <strong>Lincolnshire</strong> <strong>Police</strong> to combat crime, which occurs in<br />
the <strong>Gainsborough</strong> Town Centre and South West Ward.<br />
NOT PROTECTIVELY MARKED
NOT PROTECTIVELY MARKED<br />
2.4 A key factor for developing Information Sharing Agreements is to ensure that personal<br />
information is being processed fairly and lawfully. Identifying the Data Controller for<br />
personal information disclosed within the remit of this ISA will help determine the roles and<br />
responsibilities of each organisation. This should ensure that information sharing is both fair<br />
and lawful. The recipient organisation will become the Data Controller for any personal<br />
information that is shared for the purpose/s described within this ISA.<br />
3. PARTNER(S)<br />
3.1 This agreement is between the following partners:<br />
<strong>Gainsborough</strong> <strong>Shopwatch</strong> <strong>Scheme</strong>, C/O Oldrids Department Store, Market Place,<br />
<strong>Gainsborough</strong>, <strong>Lincolnshire</strong>, DN21 2BT<br />
and <strong>Lincolnshire</strong> <strong>Police</strong>, PO Box 999, Lincoln, LN5 7PH<br />
4. POWER(S)<br />
4.1 This agreement fulfils the requirements of the following:<br />
• Common law powers of disclosure<br />
• The Crime and Disorder Act 1998 (Section 115)<br />
• The Data Protection Act 1998 (Sections 29(3) & 35 (2))<br />
• The Human Rights Act 1988 (Article 8)<br />
• Fraud Act 2006<br />
• The existing Retail Crime Initiative<br />
5. PROCESS<br />
5.1 This agreement has been formulated to facilitate the exchange of information between<br />
partners. It is, however, incumbent on all partners to recognise that any information shared<br />
must be justified on the merits of each case.<br />
5.2 The sharing of personal data requires careful judgement in which the identified policing need<br />
must be considered against relevant issues dictated under Data Protection and Human<br />
Rights legislation. Any information the police or partner agency considers sharing must<br />
therefore be accurate, necessary and proportionate.<br />
Accurate: All information must be accurate and relevant to the purpose for which it is being<br />
shared with proper reference made to the nature of the source and the intelligence itself.<br />
Necessary: The necessity to share information between the <strong>Police</strong>, and <strong>Gainsborough</strong><br />
<strong>Shopwatch</strong> is to effectively deal with issues concerning the prevention, detection,<br />
investigation and prosecution of those persons engaged in criminal activity and/or anti social<br />
behaviour, and an ongoing responsibility to protect public safety.<br />
NOT PROTECTIVELY MARKED
NOT PROTECTIVELY MARKED<br />
Proportionate: In considering whether to share personal information all parties have a duty<br />
to ensure that a fair balance is achieved between the protection of an individuals rights and<br />
the general interests of society. In judging whether it is appropriate to share such information<br />
the <strong>Police</strong>, and <strong>Gainsborough</strong> <strong>Shopwatch</strong> will examine whether the identified purpose<br />
infringes upon the subject’s right to privacy, the appropriate measures to meet the purpose<br />
are both fair and rational and also that the means used are no more than is necessary to<br />
accomplish the purpose.<br />
5.3 Information Exchange<br />
Information Exchange relates to a physical exchange of data between one or more<br />
individuals or agencies. Advice from the Information Commissioner indicates that public<br />
authorities may exchange data, provided that:<br />
• They have notified their intention to do so<br />
• That the process of exchange is in accordance with the Data Protection Act, in<br />
particular the eight principles forming Part 1 of Schedule 1 (See Appendix 1 for<br />
further information).<br />
• There is a statutory or common law power to do so.<br />
5.4 Fair Processing.<br />
The Data Protection Act requires the fair processing of information unless an exemption<br />
applies. In particular, fairness involves being open with people about how their information is<br />
used. <strong>Lincolnshire</strong> <strong>Police</strong> have a fair processing notice available on the website which states<br />
how the information may be processed and shared. Additionally, information sharing<br />
agreements are published on the <strong>Lincolnshire</strong> <strong>Police</strong> website.<br />
The most likely exemption from the fairness requirement is sharing personal data for the<br />
prevention and detection of crime and disorder, where the disclosure of that fact would be<br />
likely to prejudice the investigation.<br />
5.5 Reasons for Information Exchange<br />
The processing and analysis of information and where appropriate, intelligence, is essential<br />
for identifying and limiting the activities of those committing crime and disorder along with the<br />
associated problems which adversely affect community safety and the quality of life.<br />
5.6 The exchange of appropriate information is fundamental to the success of any strategy<br />
implemented for the purposes of reducing crime and disorder.<br />
5.7 The opportunities for information exchange therefore:<br />
• Assist strategic and tactical planning to disrupt crime.<br />
• Assist Crime and Disorder partnerships to implement the provisions of the Crime and<br />
Disorder Act 1998 and other subsequent legislation.<br />
• Assist agencies to exchange information where a power exists to do so, in<br />
accordance with the Data Protection Act the Human Rights Act and any other<br />
relevant legislation.<br />
5.8 Benefits of information exchange<br />
The benefits of appropriate information exchange are:<br />
• Better informed decision making and partnership working<br />
• Enhanced inter-agency relationships<br />
• Improved profiling of crime and disorder activity thus allowing a more effective<br />
targeting of resources.<br />
NOT PROTECTIVELY MARKED
NOT PROTECTIVELY MARKED<br />
• Reduction of Crime and Disorder throughout <strong>Lincolnshire</strong>.<br />
• Effective monitoring and evaluation of all community safety initiatives<br />
6. TYPES OF INFORMATION TO BE SHARED<br />
6.1 <strong>Lincolnshire</strong> <strong>Police</strong> may share:<br />
• Redacted and de-personalised (statistics) information relating to crimes of Theft,<br />
Burglary, Robbery and Fraud in the <strong>Lincolnshire</strong> <strong>Police</strong> area.<br />
• Evidence relating to a conviction for an arrestable offence associated with Theft,<br />
Burglary, Robbery and Fraud, providing that the conviction is not considered spent<br />
under the Rehabilitation of Offenders Act 1974, see Appendix 3;<br />
• Evidence relating to a conditional caution accepted by an accused for an arrestable<br />
offence associated with Theft, Burglary, Robbery and Fraud offences, where the date<br />
of the caution is less than three months from the disclosure date; providing that the<br />
conditional caution is relevant to the request and the disclosure of information can be<br />
justified on the grounds that it falls within a policing purpose.<br />
• Information between the two parties will be exchanged for the sole purpose of<br />
preventing and detecting crime relating to Theft, Burglary, Robbery and Fraud<br />
offences.<br />
• Photographs of individuals convicted of Theft, Burglary, Robbery and Fraud offences,<br />
where current information/intelligence suggests that they may still be active within the<br />
<strong>Gainsborough</strong> Town area, providing that the information is relevant to the request<br />
and the disclosure of information can be justified on the grounds that it falls within a<br />
policing purpose;<br />
6.2 <strong>Gainsborough</strong> Shop Watch <strong>Scheme</strong> may share:<br />
• Information / evidence received involving the offences of Theft, Burglary, Robbery<br />
and Fraud occurring in or effecting the <strong>Lincolnshire</strong> <strong>Police</strong> area.<br />
• Evidence from internal shop CCTV schemes (where they exists) in relation to<br />
offences committed therein.<br />
7. CONSTRAINTS ON THE USE OF THE INFORMATION<br />
7.1 If an agency wishes to disclose shared information to a third party, as best practice the<br />
agency should seek written consent from the agency that provided the information. If a<br />
statutory requirement for disclosure exists then consent for further disclosure is not required.<br />
Any agency must ensure that all principles of the Data Protection Act are adhered to.<br />
Therefore, if an agency makes a further disclosure to a third party they must ensure that the<br />
sharing of personal data is not processed in any manner incompatible with the purpose/s it<br />
NOT PROTECTIVELY MARKED
was obtained for.<br />
NOT PROTECTIVELY MARKED<br />
7.2 As best practise all information shared is only valid at the time of provision, and should only<br />
be used for the purpose as requested. However, the recipient organisation becomes the<br />
Data Controller for the shared information therefore the information may be used for<br />
subsequent investigations, if it is being used for a purpose that is compatible with the<br />
purpose for which it was obtained, i.e. prevention and detection of crime and disorder.<br />
7.3 Disclosures<br />
Disclosures of information and in particular, personal data are bound to both common and<br />
statute law in particular, but not restricted to the following:<br />
• The Common Law Duty of Confidentiality<br />
• The Data Protection Act 1998<br />
• The Human Rights Act 1998<br />
7.7 Any disclosure of personal data must have regard to both common and statute law. For<br />
example, defamation, the common law duty of confidence and the data protection principles.<br />
Consideration should always be given to alternative powers that exist for the purposes of<br />
data disclosure:<br />
7.4 Consent<br />
Many of the Data Protection issues in relation to disclosure can be avoided if the consent of<br />
the individual has been sought and obtained. Consent must be freely given after the<br />
alternatives and consequences are made clear to the person from whom permission is being<br />
sought. This will be considered to be ‘informed consent’. For the purposes of this<br />
agreement, the term ‘sensitive’, where applied to data refers to the categories of data termed<br />
‘sensitive’ within the Data Protection Act 1998.<br />
7.5 Witnesses, Victims and Complainants<br />
Extreme care and careful consideration should be taken where the disclosure of information<br />
includes details of witnesses, victims or complainants. The general rule is that information<br />
such as described by witnesses, victims or complainants should not be disclosed without first<br />
obtaining fully informed, specific and explicit consent from the individual concerned. In all<br />
such cases, advice should be sought from the legal department, Information Sharing Officer<br />
and/or Data Protection Officer.<br />
7.6 Ongoing Investigations<br />
If there is an ongoing investigation which is sensitive or of which the offender is not yet<br />
aware of the police investigation the officer in the case will be consulted prior to any<br />
dissemination to ensure there is no prejudice to the ongoing investigation or subsequent<br />
court proceedings. A case involving safeguarding issues, which require an urgent disclosure<br />
to protect any individual, should receive priority attention. In the event of a dispute, the views<br />
of the officer in the case will prevail.<br />
8. ROLES AND RESPONSIBILITIES UNDER THIS AGREEMENT<br />
8.1 Each member of the <strong>Gainsborough</strong> Shop Watch <strong>Scheme</strong> must appoint a single point of<br />
Contact (SPOC) who must work together with the police SPoC, to jointly solve problems,<br />
which occur in the Town Centre. The sharing of information must only take place where it is<br />
valid and legally justified.<br />
NOT PROTECTIVELY MARKED
NOT PROTECTIVELY MARKED<br />
<strong>Police</strong> SPoC<br />
Title: West Lindsey Community Policing Inspector<br />
Contact Details: Tel 07939 996594<br />
<strong>Gainsborough</strong> <strong>Shopwatch</strong><br />
SPoC<br />
Title: Shop Manager<br />
Contact Details: Oldrids Department Store<br />
Tel 01427 612346<br />
8.2 The <strong>Gainsborough</strong> Shop Watch <strong>Scheme</strong> will maintain a register of all members who are part<br />
of the agreement, and identify the Single Point of Contact within the register.<br />
8.3 Both contacts have a responsibility to create a file or folder that can record each individual<br />
request for information and the decision made. It must include copies of the request for<br />
information, details of the data accessed and notes of any meeting, correspondence or<br />
phone calls relating to the request.<br />
8.3 In order for <strong>Lincolnshire</strong> <strong>Police</strong> to share information, the designated police officer or staff<br />
making the disclosure must ensure that one or more of the policing purposes are met.<br />
Policing Purposes are defined as:<br />
<br />
<br />
<br />
<br />
<br />
Protecting life and property;<br />
Preserving order;<br />
Preventing the commission of offences;<br />
Bringing offender to justice, and<br />
Any duty or responsibility arising from common or statute law.<br />
8.4 Within <strong>Lincolnshire</strong> <strong>Police</strong> the file will be held and managed by the West Lindsey<br />
Neighbourhood Policing Area Inspector, within the <strong>Gainsborough</strong> <strong>Shopwatch</strong> <strong>Scheme</strong> the<br />
file will be held and managed by the scheme SPoC.<br />
8.5 Information Breaches<br />
Complaints and breaches to this agreement should be dealt with by utilising any established<br />
agency policies and procedures for breaches and complaints made in relation to appropriate<br />
legislation in connection with the agreed information exchange and data processing.<br />
Any disclosure of information by an employee, which is done in bad faith or for motives for<br />
personal gain, will be the subject of an investigation and be treated as a serious matter.<br />
Each party will be accountable for any misuse of the information supplied to it and the<br />
consequences of such misuse by its employees, servants or agents.<br />
All agencies are reminded of the Data Protection Act Principles and Section 55 and Section<br />
61 Offences.<br />
It is the responsibility of all parties to notify the other party of any known breach or<br />
infringement immediately and remedial action must be agreed and actioned by all relevant<br />
agencies concerned.<br />
Major breaches may result in this agreement being temporarily suspended or withdrawn<br />
completely.<br />
8.6 Subject Access<br />
Subject Access is an individuals right to have a copy of information relating to them which is<br />
processed by an organisation.<br />
Once information is disclosed from one agency to another, the recipient organisation<br />
NOT PROTECTIVELY MARKED
NOT PROTECTIVELY MARKED<br />
becomes the Data Controller for that information. With regards to subject access requests,<br />
the Data Controller has a statutory duty to comply with section 7 of the DPA, unless an<br />
exemption applies. It is good practise for the recipient organisation to contact the originating<br />
organisation. This enables the originating organisation to advise the use of any statutory<br />
exemptions that may need to be applied prior to disclosure to the requesting individual.<br />
Communication should take place speedily thus allowing the servicing of the request to take<br />
place within the Statutory 40 calendar day, time period.<br />
8.7 Freedom of Information<br />
If a party receives a request for information under the Freedom of Information (FOI) Act<br />
[2000] that relates to data that has been disclosed for the purposes of this ISA, it is best<br />
practice to seek advice from the originating organisation prior to release. This allows the<br />
originating organisation to rely on any statutory exemption under the provisions of the FOI<br />
Act and to identify any perceived harms. However, the decision to release data under the<br />
FOI Act is the responsibility of the agency that received the request.<br />
<strong>Lincolnshire</strong> <strong>Police</strong> Information Sharing Agreements are made publicly available on the force<br />
website.<br />
9. SECURITY<br />
9.1 Partner agencies should establish common rules for shared data security, in order to ensure<br />
compliance with the Data Protection Act. As best practice the disclosing organisation should<br />
make sure that any personal information they disclose will continue to be protected by<br />
ensuring that the recipient organisation has adequate security measures in place.<br />
9.2 As part of <strong>Lincolnshire</strong> <strong>Police</strong>’s responsibility regarding the data they process/control, the<br />
security guidance within this document should be agreed to and signed up to by all the<br />
parties involved within this agreement. However, it must be noted that the recipient<br />
agency/ies has legal responsibility for any information that has been shared as a result of<br />
this information sharing agreement, this includes its security.<br />
9.3 Agencies that have adequate security measures in place to ensure compliance with the Data<br />
Protection Act should apply their own security procedures to any shared information.<br />
9.4 <strong>Lincolnshire</strong> police may, by arrangement undertake a physical review of a partner agency’s<br />
premises and security procedures.<br />
9.5 Security Guidance<br />
It is essential that the participating agencies provide personal or other sensitive information<br />
only to specific individuals authorised to receive it. The transfer, use, storage and retention<br />
of the information by each participating agency must comply with the Data Protection Act,<br />
and should comply with the security requirements stipulated within this agreement. Any<br />
additional security requirements that an agency wishes to specify must be done so in<br />
agreement with all parties involved within this document.<br />
9.6 General Principles<br />
Ensuring that personal information is protected against accidental or unlawful destruction,<br />
loss, alteration, unauthorised disclosure or access is the seventh principle of the Data<br />
Protection Act 1998. Partners should ensure they have appropriate security in place and<br />
arrangements to monitor these.<br />
A key issue, especially for electronic documentation, is the consistent use of encryption and<br />
NOT PROTECTIVELY MARKED
NOT PROTECTIVELY MARKED<br />
secure information exchange. Unguarded exchange of personal information may not only<br />
infringe the rights of the individual subject or others that may be identifiable from the<br />
information, but also compromise the organisations sharing information or jeopardise any<br />
proceedings or legal measure based upon that information.<br />
With remote working there is an issue about storing personalised information on flash<br />
drives/memory sticks and of encryption. Partners sharing personal information are<br />
responsible for ensuring laptops, drive or removable electronic media containing personal<br />
information used for remote working are encrypted, and have Home Office approved levels<br />
of security. To comply with national guidance encryption should be at least 256 bit.<br />
Recent Home Office guidance with respect to third party suppliers suggests that:<br />
a) No unencrypted laptops or drives or removable electronic media containing personal<br />
information should be taken outside office premises.<br />
b) No transferring of any protected personal information from Home Office approved<br />
systems to third party suppliers owned laptops, PCs, USB keys, external drives and any<br />
other electronic media is permitted.<br />
9.7 Secure Information Exchange<br />
Electronic exchange can be the most secure and auditable means of exchanging information<br />
provided this is done using suitable secure technology. Standard e-mail, even with<br />
encryption, is not generally sufficiently secure to protect personal information.<br />
Personal information should only be exchanged electronically using a secure messaging<br />
system.<br />
Attendees at meetings where personal data is discussed must also ensure that controls<br />
applied to agenda and minute documents as are as secure as those used for requesting and<br />
securing personal information, since these will often name the individuals being considered<br />
and contain elements of the information contributory to the decision making process.<br />
Records of meetings and personal information must be subject to the principles set out in the<br />
ISA, particularly in relation to purpose and retention.<br />
If a recipient organisation wishes to remove shared information from their premises, they<br />
must ensure that the information is kept secure at all times, must not be made available to<br />
individuals who are not authorised to see it, and must only be used for the purposes<br />
specified within the ‘Information Sharing Agreement’<br />
9.8 Sharing information securely<br />
It is important that information is shared securely. Those who receive personal data should<br />
take appropriate measures to protect the data against accidental or unlawful destruction or<br />
accidental loss, alteration, unauthorised disclosure or access, and against all other unlawful<br />
forms of processing. This includes when data is being shared and stored both electronically<br />
and manually (e.g. paper).<br />
All designated Officers who have access to personal data should have been assessed for<br />
reliability in line with the employer’s requirements for the role, for example Disclosure and<br />
Barring <strong>Scheme</strong> (DBS) checks. A greater degree of staff vetting and/or training is needed<br />
where there is a greater importance that relevant data be secure.<br />
The information Commissioner has issued the following guidelines concerning obligations for<br />
agencies:<br />
a) Does the data controller have a security policy setting out management commitment<br />
to information security within the organisation<br />
NOT PROTECTIVELY MARKED
NOT PROTECTIVELY MARKED<br />
b) Is the responsibility for the organisations security policy clearly placed on a particular<br />
person or department<br />
c) Are sufficient resources and facilities made availability to enable that responsibility to<br />
be fulfilled<br />
Shared information should be stored securely, and if no statutory guidance dictates<br />
otherwise the recipient organisation should destroy the information when it is no longer<br />
needed for the purpose for which it was provided. If an organisation does not have the<br />
means to securely destroy shared information, they should consider returning the data to the<br />
originating organisation for destruction.<br />
9.9 The Government Protective Marking <strong>Scheme</strong> (GPMS)<br />
The Government Protective Marking <strong>Scheme</strong> is applied to data held by <strong>Lincolnshire</strong> <strong>Police</strong>.<br />
In order to ensure that the same protection is afforded to <strong>Lincolnshire</strong> <strong>Police</strong> data once it has<br />
been disclosed to a partner agency, the partner organisation should handle, store and delete<br />
police data according to the Government Protective Marking <strong>Scheme</strong>. Appendix 2 provides<br />
further guidance on the GPMS.<br />
Organisations that already have security procedures in place that afford data the same<br />
protection as the GPMS should apply the same regulations to data disclosed by <strong>Lincolnshire</strong><br />
<strong>Police</strong> or any other partner organisation.<br />
9.10 Transmitting information securely<br />
When sharing information both the sender and the receiver should deal with the information<br />
according to its protective marking. See Appendix 2 for handling requirements in line with<br />
protective marking.<br />
Secure e-mail<br />
<strong>Lincolnshire</strong> <strong>Police</strong> documents must display the Protective marking at the top and bottom of<br />
the relevant text or attachments. Insecure e-mail should not be used for any personalised<br />
information. The below secure e-mail addresses may be used for information protectively<br />
marked up to and including RESTRICTED:<br />
a) CJSM<br />
b) PNN<br />
c) GSI<br />
d) GSX<br />
e) NHS.net<br />
f) GCSX<br />
g) MOD<br />
Criminal Justice Secure email<br />
When using CJSM.net it is important to remember to correctly align the email suffix for<br />
secure information exchange as outlined below.<br />
Organisation<br />
Normal email Suffix<br />
Email suffix for secure sharing<br />
with CJSM<br />
<strong>Police</strong> @pnn.police.uk @pnn.police.uk.cjsm.net<br />
Government Connect<br />
NOT PROTECTIVELY MARKED
NOT PROTECTIVELY MARKED<br />
Government Connect is a pan-government programme providing an accredited and secure<br />
network between central government and every local authority in England and Wales. The<br />
network is known as GCSX (Government Connect Secure Extranet). GCSX is part of the<br />
wider Government Secure Intranet (Gsi) and provides connectivity to nearly all central<br />
departments.<br />
GCSX provides secure access form connected Local Authorities to many other secure<br />
networks such as:<br />
• Government Secure Extranet (GSX)<br />
• Government Secure Intranet (Gsi)<br />
• National Health Service (NHS)<br />
• Criminal Justice Extranet (CJX)<br />
• <strong>Police</strong> National Network (pnn)<br />
10. SPECIFIC PROCEDURES<br />
10.1 Relevant photographs will be supplied by <strong>Lincolnshire</strong> <strong>Police</strong> to the <strong>Gainsborough</strong><br />
<strong>Shopwatch</strong> <strong>Scheme</strong> on a regular basis, providing that they are supported with a Form B<br />
(P698B) Response to Request for Information, which must be retained by the <strong>Police</strong> SPoC<br />
within the file created for such purpose.<br />
10.2 If additional information is required members of the <strong>Gainsborough</strong> <strong>Shopwatch</strong> must make<br />
their request in writing using Form A - Request for Personal Information.<br />
10.3 The decision to provide information will be documented on Form B - Response to Request for<br />
information. Copies of both Form A and Form B will be retained by the <strong>Police</strong> SPoC within<br />
the file created for such purpose.<br />
10.4 Requests and responses to requests should be done via secure e-mail. A secure e-mail<br />
address may contain one of the following; cjsm; cjx; gcsx; gsi; gsx; mod; nhs.net; pnn. If you<br />
are unsure as to whether an e-mail address you have been provided with is secure, you<br />
should contact the Force Security Officer for assistance. Royal Mail Recorded Delivery and<br />
hand delivery is also acceptable.<br />
10.5 In exceptional circumstances information may be shared via fax but care must be taken<br />
where personal information is shared. It is suggested that the following guidelines are used<br />
when exchanging personal information by fax:<br />
ii)<br />
iii)<br />
iv)<br />
Telephone the recipient of the fax to let them know you are about to<br />
send it<br />
Check the fax number. Ask the recipient to wait by the fax.<br />
Ask the recipient to confirm receipt of the fax; or call them to ensure<br />
the fax has arrived.<br />
v) Use pre-programmed fax numbers (double check the accuracy of preprogrammed<br />
numbers) where possible to reduce the chance of the fax<br />
being sent to the wrong machine.<br />
vi)<br />
vii)<br />
Ensure that you use an appropriate fax cover sheet.<br />
Keep a record that you have sent the fax.<br />
Any loss of data must be advised to the Force Security Officer or the Information Sharing<br />
NOT PROTECTIVELY MARKED
Officer as soon as this is identified.<br />
NOT PROTECTIVELY MARKED<br />
10.6 Requests for information may be made by telephone in cases of emergency, for example,<br />
where there is a risk of immediate violence by using the ‘999’ system. If the need for the<br />
request falls outside normal office hours, or the identified <strong>Police</strong> SPoC is not available, and<br />
the need is still ‘urgent’, but not an emergency, the request should be made to the Force<br />
Control Room (FCR) Tel: 101. If both circumstances, the request will be directed to the duty<br />
Inspector (If available) or the duty supervisor, who will make the decision to release<br />
information. Form MoPI 1 Request for Information, will be completed on behalf of the<br />
requestor by the Duty Inspector/Supervisor, and information released will be documented<br />
thereon. Upon completion and release of information, Form MoPI 1 will be forwarded to the<br />
identified <strong>Police</strong> SPoC, who will, upon receipt of the form, file it in alphabetical order within<br />
the file set up specifically for use with the named partner.<br />
10.7 Replies to requests must be made within ten working days.<br />
10.8 The <strong>Police</strong> SPoC will submit any information received from the , as a result of a request for<br />
information, if relevant, via the 5x5x5 system into the <strong>Lincolnshire</strong> <strong>Police</strong> intelligence<br />
systems in a timely, accurate and proportionate manner.<br />
11. REVIEW, RETENTION AND DELETION<br />
11.1 The recipient of the information is required to keep it securely stored and when it is no longer<br />
required for the purpose for which it was requested, will safely dispose of it. In order to<br />
ensure compliance with the Data Protection Act, data should be kept no longer than is<br />
necessary, retention periods may vary between organisations. In accordance, with the<br />
Management of <strong>Police</strong> Information (MoPI) and the Limitations Act [1980] <strong>Lincolnshire</strong> <strong>Police</strong><br />
will retain copies of the requests and responses for 6 years.<br />
The original police data source will be deleted when it is no longer useful for a policing<br />
purpose, this will be done in line with <strong>Lincolnshire</strong> <strong>Police</strong>s Review, Retention and Disposal<br />
policies which are governed by MoPI guidelines.<br />
Partner agencies should retain the shared information in accordance with statutory<br />
guidelines and internal policies. If no statutory guidance exists for the retention and deletion<br />
of data, information should be held in accordance with the fourth and fifth principle of the<br />
DPA.<br />
11.2 Files containing information from partner sources will be reviewed in line with force policy.<br />
12. REVIEW OF THE INFORMATION SHARING AGREEMENT<br />
12.1 This Information Sharing Agreement will be reviewed six months after its implementation<br />
and annually thereafter. The nominated holder of this agreement is <strong>Lincolnshire</strong> <strong>Police</strong>. It is<br />
based on the national template for Information Sharing which forms part of the guidance<br />
issued on the Management of <strong>Police</strong> Information by the Association of Chief <strong>Police</strong> Officers<br />
(ACPO) and the Home Office.<br />
13. INDEMNITY<br />
NOT PROTECTIVELY MARKED
NOT PROTECTIVELY MARKED<br />
13.1 Members of the <strong>Gainsborough</strong> <strong>Shopwatch</strong> <strong>Scheme</strong>, as receivers of police information will<br />
accept total liability for a breach of this Information Sharing Agreement should legal<br />
proceedings be served in relation to the breach.<br />
13.2 The data recipient shall indemnify the Information Provider in full in respect of any loss or<br />
damage caused to the Information Provider as a consequence of the unauthorised<br />
disclosure of data supplied under this agreement.<br />
14. DISCLAIMER<br />
14.1 The Information Provider disclaims all liability to the data recipient in connection with the<br />
data recipient's use of data supplied under this agreement and shall not, under any<br />
circumstances, be responsible for any special, indirect or consequential loss or damages<br />
including but not limited to loss of profits arising from the use of the data by the data<br />
recipient.<br />
15. SIGNATURE<br />
15.1 By signing this agreement, all signatories accept responsibility for its execution and<br />
agree to ensure that staff are trained so that requests for information and the process<br />
of sharing itself is sufficient to meet the purposes of this agreement.<br />
15.2 Signatories must also ensure that they comply with all relevant legislation.<br />
15.3 It is the responsibility of all signatories to ensure that:<br />
• Realistic expectations prevail from the outset.<br />
• Professional, ethical standards are maintained.<br />
• The Data Protection Principles are upheld.<br />
• The information exchanged is kept secure and confidentiality is maintained as<br />
appropriate to the information’s level of protective marking as defined by the<br />
Data Controller.<br />
• A mechanism exists by which the flow of information can be controlled.<br />
• Appropriate staff training is provided on this agreement.<br />
15.4 Adequate arrangements exist to test adherence to the agreement.<br />
Signed on behalf of <strong>Lincolnshire</strong> <strong>Police</strong><br />
Title:<br />
Rank / Position:<br />
Date:<br />
Signed on behalf of <strong>Gainsborough</strong> <strong>Shopwatch</strong><br />
<strong>Scheme</strong><br />
NOT PROTECTIVELY MARKED
NOT PROTECTIVELY MARKED<br />
Title:<br />
Rank / Position:<br />
Date:<br />
NOT PROTECTIVELY MARKED
NOT PROTECTIVELY MARKED<br />
Appendix 1<br />
Appendix 1– Principles of the Data Protection Act<br />
Principle<br />
1<br />
Personal data shall be processed fairly and lawfully and, in particular, shall not<br />
be processed unless:<br />
• At least one of the conditions in Schedule 2 is met and;<br />
• In the case of sensitive data at least one of the conditions in Schedule 3 is<br />
also met.<br />
Principle<br />
2<br />
Principle<br />
3<br />
Personal data shall be obtained only for one or more specified and lawful<br />
purposes and shall not be further processed in any manner incompatible with<br />
that purpose or those purposes.<br />
Personal data shall be adequate, relevant and not excessive in relation to the<br />
purpose or purposes for which they are processed.<br />
Principle<br />
4<br />
Principle<br />
5<br />
Personal data shall be accurate and, where necessary, kept up to date.<br />
Personal data processed for any purpose or purposes shall not be kept for<br />
longer than is necessary for that purpose or those purposes.<br />
Principle<br />
6<br />
Personal data shall be processed in accordance with the rights of data<br />
subjects under this Act.<br />
Principle<br />
7<br />
Principle<br />
8<br />
Appropriate technical and organisational measures shall be taken against<br />
unauthorised or unlawful processing of personal data and against accidental<br />
loss or destruction of, or damage to, personal data.<br />
Personal data shall not be transferred to a country or territory outside the<br />
European Economic Area, unless that country or territory ensures an adequate<br />
level of protection for the rights and freedom of data subjects in relation to the<br />
processing of personal data.<br />
NOT PROTECTIVELY MARKED
NOT PROTECTIVELY MARKED<br />
Appendix 2<br />
SENSITIVE DOCUMENTS SUPPLIED BY LINCOLNSHIRE POLICE – SECURITY<br />
REQUIREMENTS<br />
Some of the electronic or hardcopy documents that you receive from <strong>Lincolnshire</strong> <strong>Police</strong> will contain<br />
sensitive or personal information. These documents will be provided to you on the understanding<br />
that you apply the protective measures described below.<br />
GENERAL REQUIREMENTS<br />
You must only use the information supplied by <strong>Lincolnshire</strong> <strong>Police</strong> for one or more of the following<br />
purposes:<br />
For the detection or prevention of crime;<br />
As specified in an Information Exchange Protocol that has been agreed between your<br />
organisation and <strong>Lincolnshire</strong> <strong>Police</strong>;<br />
For a specific purpose that has been agreed, in writing, by <strong>Lincolnshire</strong> <strong>Police</strong>.<br />
You may not disclose, copy, or onwardly transmit information provided by <strong>Lincolnshire</strong> <strong>Police</strong> without<br />
its express, written permission, unless this is permitted within the terms of an Information Exchange<br />
Protocol agreed between your organisation and <strong>Lincolnshire</strong> <strong>Police</strong>.<br />
You may only retain the information for a period of time that will enable you to fulfil the purpose for<br />
which it has been has been provided. The information must then either be securely destroyed or<br />
returned to <strong>Lincolnshire</strong> <strong>Police</strong> as detailed in these instructions. It is your responsibility to contact<br />
<strong>Lincolnshire</strong> <strong>Police</strong> to establish if any relevant change has occurred since the information was<br />
provided to you, and upon which you intend to base any decision or action.<br />
PROTECTIVE MARKING & ASSOCIATED HANDLING RULES<br />
Documents that contain sensitive information will usually display a protective marking on the top and<br />
bottom of each page. This indicates how sensitive the information is, and determines the protective<br />
measures that need to be applied to it. The appropriate measures for each marking are shown<br />
below.<br />
NOT PROTECTIVELY MARKED
NOT PROTECTIVELY MARKED<br />
STORAGE OF<br />
PAPERS<br />
RESTRICTED<br />
Protected by one barrier, e.g. a locked<br />
container (restricted access) within a<br />
secure building.<br />
CONFIDENTIAL<br />
Protected by two barriers, e.g. a<br />
locked container in a locked room<br />
(both with restricted access) within a<br />
secure building.<br />
DISPOSAL OF<br />
PAPERS<br />
DISPOSAL OF<br />
FLOPPY DISKS &<br />
CDs<br />
MOVEMENT<br />
WITHIN YOUR<br />
ORGANISATION<br />
RETURN TO<br />
LINCOLNSHIRE<br />
POLICE<br />
Shred in a strip or cross-shredder or<br />
return to <strong>Lincolnshire</strong> <strong>Police</strong>.<br />
Keep secure if storing prior to<br />
disposal.<br />
Dismantle floppy disks. Cut inner<br />
disks or CDs into quarters (at least).<br />
Dispose with non-restricted waste.<br />
By trusted hand OR in a sealed<br />
envelope or container with the<br />
protective marking & descriptor<br />
shown. Include a copy of these<br />
instructions inside.<br />
By trusted hand in a sealed envelope<br />
or container, OR by recorded delivery<br />
or courier service in a sealed<br />
envelope with no protective marking<br />
or descriptor shown (other than<br />
PERSONAL or PRIVATE), &<br />
addressed to an individual by name<br />
or appointment.<br />
Shred in a cross-shredder or return to<br />
<strong>Lincolnshire</strong> <strong>Police</strong>.<br />
Keep secure if storing prior to<br />
disposal.<br />
Dismantle floppy disks. Cut inner disks<br />
or CDs into quarters (at least).<br />
Dispose with non-restricted waste.<br />
By trusted hand OR in a sealed<br />
envelope or container with the<br />
protective marking & descriptor<br />
shown. Include a copy of these<br />
instructions inside.<br />
By trusted hand in a sealed envelope<br />
or container, OR by Special delivery<br />
or courier service in a sealed<br />
envelope using double envelopes,<br />
both fully addressed but with the<br />
protective marking shown on the<br />
inner envelope only.<br />
Provide a return address on the outer<br />
envelope.<br />
NOT PROTECTIVELY MARKED
NOT PROTECTIVELY MARKED<br />
Appendix 3<br />
Rehabilitation Periods:<br />
1) Prison sentences of more than four years never become spent.<br />
2) The rehabilitation periods for the main sentences are set out in the table below:<br />
Sentence<br />
A custodial sentence of<br />
more than 30 months<br />
and up to, or consisting<br />
of, 48 months<br />
A custodial sentence of<br />
more than 6 months and<br />
up to, or consisting of, 30<br />
months<br />
A custodial sentence of 6<br />
months or less<br />
Removal from Her<br />
Majesty’s service<br />
A sentence of service<br />
detention<br />
A fine<br />
A compensation order<br />
End of rehabilitation period for<br />
adult offenders<br />
The end of the period of 7 years<br />
beginning with the day on which<br />
the sentence (including any licence<br />
period) is completed<br />
The end of the period of 48 months<br />
beginning with the day on which<br />
the sentence (including any licence<br />
period) is completed<br />
The end of the period of 24 months<br />
beginning with the day on which<br />
the sentence (including any licence<br />
period) is completed<br />
The end of the period of 12 months<br />
beginning with the date of the<br />
conviction in respect of which the<br />
sentence is imposed<br />
The end of the period of 12 months<br />
beginning with the day on which<br />
the sentence is completed<br />
The end of the period of 12 months<br />
beginning with the date of the<br />
conviction in respect of which the<br />
sentence is imposed<br />
The date on which the payment is<br />
made in full<br />
End of rehabilitation period for<br />
offenders under 18 at date of<br />
conviction<br />
The end of the period of 42 months<br />
beginning with the day on which the<br />
sentence (including any licence<br />
period) is completed<br />
The end of the period of 24 months<br />
beginning with the day on which the<br />
sentence (including any licence<br />
period) is completed<br />
The end of the period of 18 months<br />
beginning with the day on which the<br />
sentence (including any licence<br />
period) is completed<br />
The end of the period of 6 months<br />
beginning with the date of the<br />
conviction in respect of which the<br />
sentence is imposed<br />
The end of the period of 6 months<br />
beginning with the day on which the<br />
sentence is completed<br />
The end of the period of 6 months<br />
beginning with the date of the<br />
conviction in respect of which the<br />
sentence is imposed<br />
The date on which the payment is<br />
made in full<br />
NOT PROTECTIVELY MARKED
NOT PROTECTIVELY MARKED<br />
Sentence<br />
A community or youth<br />
rehabilitation order<br />
A relevant order<br />
End of rehabilitation period for<br />
adult offenders<br />
The end of the period of 12 months<br />
beginning with the day provided for<br />
by or under the order as the last<br />
day on which the order is to have<br />
effect<br />
The day provided for by or under<br />
the order as the last day on which<br />
the order is to have effect<br />
End of rehabilitation period for<br />
offenders under 18 at date of<br />
conviction<br />
The end of the period of 6 months<br />
beginning with the day provided for<br />
by or under the order as the last day<br />
on which the order is to have effect<br />
The day provided for by or under the<br />
order as the last day on which the<br />
order is to have effect<br />
3) Where no provision is made by or under a community or youth rehabilitation order or a relevant<br />
order for the last day on which the order is to have effect, the rehabilitation period for the order is to<br />
be the period of 24 months beginning with the date of conviction.<br />
4) There is no rehabilitation period for—<br />
a) An order discharging a person absolutely for an offence, or<br />
b) Any other sentence in respect of a conviction where the sentence is not dealt with in the Table<br />
above or where no provision is made by or under a community or youth rehabilitation order or a<br />
relevant order.<br />
In such cases mentioned above, any rehabilitation period is to be read as if the period of time is nil.<br />
For example, a caution becomes spent immediately, and a conditional caution becomes spent after<br />
three months from the date on which the caution is given, or, if earlier, when the caution ceases to<br />
have effect.<br />
5) Consecutive terms of imprisonment or other custodial sentences are to be treated as a single<br />
term,<br />
6) Terms of imprisonment or other custodial sentences which are wholly or partly concurrent (that is<br />
terms of imprisonment or other custodial sentences imposed in respect of offences of which a<br />
person was convicted in the same proceedings) are to be treated as a single term.<br />
For further information on the rehabilitation periods, see Chapter 8 of the Legal Aid, Sentencing and<br />
Punishment of Offenders Act 2012, which can be accessed using the following link:<br />
http://www.legislation.gov.uk/ukpga/2012/10/part/3/chapter/8/enacted<br />
NOT PROTECTIVELY MARKED