Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
P.698 (11/16)
INFORMATION SHARING AGREEMENT
INFORMATION SHARING AGREEMENT (ISA)
BETWEEN
Grantham Shopwatch Scheme
AND
LINCOLNSHIRE POLICE
Version - 3.0
(Revised- 23 May 18)
SUMMARY SHEET
Information Sharing Agreement
ISA Ref: LP009/NSK – Grantham Shopwatch Scheme
PURPOSE To create a system for the formal exchange of information and intelligence
between the Police and Partners named within this agreement who form part of
the Grantham Shopwatch Scheme, with the intention to prevent, detect, and/or
reduce crime and anti-social behaviour within Grantham, Lincolnshire.
PARTNERS
Lincolnshire Police
LP009/NSK- Grantham Shopwatch Scheme
Date Agreement comes into force: 17th June 2015
Date of Agreement Review: Six months after coming into force, then annually
Agreement Owner: Lincolnshire Police
Agreement drawn up by: Lucy Chapman – IS Officer
Location of Signed Agreement in
force:
Information Management Unit, Force HQ
Protective Marking: Not protectively marked
VERSION RECORD
Version
No.
Date Amendments Made Authorisation
001 02 Apr 15 Initial Draft L Chapman – IS Officer
1.0 17 Jun 15 Authorised L Chapman – IS Officer
2.0 03 Dec 15 Agreement reviewed – no amendments
required
L Chapman – IS Officer
26 Jan 16
Additional shops added to agreement H. Sugden - PCSO
3.0 16 Mar 18 Partner Agencies removed:
Brantano
Store 21
RSPCA
Kwicksave
Oxfam
Additional Shop added to agreement:
House of Fashion
Para 9.9 amended due to adoption of
the Government Security Classification.
Appendix 4 amended due to adoption of
the Government Security Classification.
L Chapman – IS Officer
1. INTRODUCTION
1.1 Lincolnshire Police are committed to partnership working, and continually look for
opportunities to work more closely with local identified partners to detect, prevent and reduce
crime and anti-social behaviour.
1.2 In adopting this partnership approach it is important that the policies/practices of the
agencies involved compliment each other to ensure that any action taken is appropriate,
necessary, proportionate and consistently applied.
1.3 This agreement outlines the need for the police and the Grantham Shopwatch Scheme to
work together to alleviate crime and anti-social behaviour within Grantham, Lincolnshire, and
provides a framework for action.
2. PURPOSE
2.1 The purpose of this agreement is to enable action to be taken against crime involving theft,
burglary, robbery and other related commercial premises offences. It will incorporate
measures aimed at:
Facilitating a coordinated approach that targets crime and anti-social behaviour;
Facilitating the collection and exchange of relevant information;
Ensuring that the sharing of information meets one or more of the policing
purposes.
2.2 Effective information exchange is the key to partnership working. The effectiveness of
information exchange is a reflection of the effectiveness of the partnership as a whole.
2.3 A key factor for developing Information Sharing Agreements is to ensure that personal
information is being processed fairly and lawfully. Identifying the Data Controller for
personal information disclosed within the remit of this ISA will help determine the roles and
responsibilities of each organisation. This should ensure that information sharing is both fair
and lawful. The recipient organisation will become the Data Controller for any personal
information that is shared for the purpose/s described within this ISA.
3. PARTNER(S)
3.1 This agreement is between the following partners:
Age Uk, Westgate, Grantham
Aldi, South Parade, Grantham
ASDA, Union Street, Grantham
B & M, High Street, Grantham
B & Q, London Road, Grantham
Bon Marche, High Street, Grantham
Boyes, High Street, Grantham
Boots, High Street, Grantham
Boundary Mill, Oldrids and Downton, Gonerby Moor, Grantham
British Heart Foundation, High Street, Grantham
British Red Cross, Market Place, Grantham
Cancer Research, High Street, Grantham
Carphone Warehouse, High Street, Grantham
Cash Brokers, Wide Westgate, Grantham
CEX, Isaac Newton Centre, Grantham
Clinton Cards, High Street, Grantham
Co-op, Dysart Road, Grantham
Co-op, Princess Drive, Grantham
Currys, Dysart Retail Park, Grantham
Dunelm Mill, South Parade, Grantham
EE, Isaac Newton Centre, Grantham
Empire Clothing, St Peters Hill, Grantham
Estilo, High Street, Grantham
Farm Foods, London Road, Grantham
Grace and Co Jewellers, Isaac Newton Centre, Grantham
George Centre Security, George Centre, High Street, Grantham
Holland and Barrett, Isaac Newton Centre, Grantham
Homebargains, Sankt Augustin Way, Grantham
Homebase, Dysart Retail Park, Grantham
House of Fashion, Unit 1 Kings Walk, Grantham
Laura Ashley, London Road, Grantham
Lloyds Pharmacy, High Street, Grantham
Marks and Spencers, London Road, Grantham
Matalan, Dysart Retail Park, Grantham
Morrisons, Isaac Newton Centre, Grantham
Next, Sankt Augusting Way, Grantham
O2, Isaac Newton Centre, Grantham
Oldrids and Downtown, Gonerby Moor, Grantham
Peacocks, Isaac Newton Centre, Grantham
Pets at Home, Sankt Augustin Way
Poundland, Isaac Newton Centre, Grantham
Poundstretcher, London Road, Grantham
Rymans, Isaac Newton Centre, Grantham
Spar, Bridge End Road, Grantham
Savers, St Peters Hill, Grantham
Sainsburys, London Road, Grantham
Savills Management, (Isaac Newton Centre security), Grantham
Select, Isaac Newton Centre, Grantham
Sports Direct, Sankt Augustin Way, Grantham
Simmonds Music, Westgate, Grantham
Superdrug, Isaac Newton Centre, Grantham
Tesco, Harrowby Lane, Grantham
TK Maxx, Dysart Retail Park, Grantham
Three, Isaac Newton Centre, Grantham
Tuffies Discount Store, Westgate, Grantham
W H Smith, High Street, Grantham
Wickes, Gonerby Hill Foot, Grantham
Wilkinsons, Isaac Newton Centre, Grantham
and Lincolnshire Police, PO Box 999, Lincoln, LN5 7PH
4. POWER(S)
4.1 This agreement fulfils the requirements of the following:
• The Civil Evidence Act 1995
• The Crime and Disorder Act 1998 (Section 115)
• The Police Reform Act 2002
• Common Law Powers of Disclosure
• The Rehabilitation of Offenders Act 1974
• The Human Rights Act 1998 (article 8)
• The Data Protection Act 1998 (sections 29(3) & 35(2)
• Fraud Act 2006
• The existing Retail Crime Initiative
5. PROCESS
5.1 This agreement has been formulated to facilitate the exchange of information between
partners. It is, however, incumbent on all partners to recognise that any information shared
must be justified on the merits of each case.
5.2 The sharing of personal data requires careful judgement in which the identified policing need
must be considered against relevant issues dictated under Data Protection and Human
Rights legislation. Any information the police or partner agency considers sharing must
therefore be accurate, necessary and proportionate.
Accurate: All information must be accurate and relevant to the purpose for which it is being
shared with proper reference made to the nature of the source and the intelligence itself.
Necessary: The necessity to share information between the Police, and members of the
Grantham Shopwatch Scheme is to effectively deal with issues concerning the prevention,
detection, investigation and prosecution of those persons engaged in criminal activity and/or
anti social behaviour, and an ongoing responsibility to protect public safety.
Proportionate: In considering whether to share personal information all parties have a duty
to ensure that a fair balance is achieved between the protection of an individuals rights and
the general interests of society. In judging whether it is appropriate to share such information
the Police, and members of the Grantham Shopwatch Scheme will examine whether the
identified purpose infringes upon the subject’s right to privacy, the appropriate measures to
meet the purpose are both fair and rational and also that the means used are no more than
is necessary to accomplish the purpose.
5.3 Information Exchange
Information Exchange relates to a physical exchange of data between one or more
individuals or agencies. Advice from the Information Commissioner indicates that public
authorities may exchange data, provided that:
• They have notified their intention to do so
• That the process of exchange is in accordance with the Data Protection Act, in
particular the eight principles forming Part 1 of Schedule 1 (See Appendix 1 for
further information).
• There is a statutory or common law power to do so.
5.4 Fair Processing.
The Data Protection Act requires the fair processing of information unless an exemption
applies. In particular, fairness involves being open with people about how their information is
used. Lincolnshire Police have a fair processing notice available on the website which states
how the information may be processed and shared. Additionally, information sharing
agreements are published on the Lincolnshire Police website.
The most likely exemption from the fairness requirement is sharing personal data for the
prevention and detection of crime and disorder, where the disclosure of that fact would be
likely to prejudice the investigation.
One of the main purposes of this Information Sharing Agreement is to prevent, detect, and/or
reduce crime and anti-social behaviour. Complying with the fair processing requirements
may prejudice the purpose of this agreement by making alleged offenders aware that their
information is being shared it may hinder an ongoing investigation.
5.5 Reasons for Information Exchange
The processing and analysis of information and where appropriate, intelligence, is essential
for identifying and limiting the activities of those committing crime and disorder along with the
associated problems which adversely affect community safety and the quality of life.
5.6 The exchange of appropriate information is fundamental to the success of any strategy
implemented for the purposes of reducing crime and disorder.
5.7 The opportunities for information exchange therefore:
• Assist strategic and tactical planning to disrupt crime.
• Assist Crime and Disorder partnerships to implement the provisions of the Crime and
Disorder Act 1998 and other subsequent legislation.
• Assist agencies to exchange information where a power exists to do so, in
accordance with the Data Protection Act the Human Rights Act and any other
relevant legislation.
5.8 Benefits of information exchange
The benefits of appropriate information exchange are:
• Better informed decision making and partnership working
• Enhanced inter-agency relationships
• Improved profiling of crime and disorder activity thus allowing a more effective
targeting of resources.
• Reduction of Crime and Disorder throughout Lincolnshire.
• Effective monitoring and evaluation of all community safety initiatives
6. TYPES OF INFORMATION TO BE SHARED
6.1 Lincolnshire Police may share:
• Photographs of individuals convicted of Theft, Burglary, Robbery and Fraud offences,
where current information/intelligence suggests that they may still be active within the
Lincolnshire Police area, providing that the information is relevant to the request and
the disclosure of information can be justified on the grounds that it falls within a
policing purpose.
6.2 Members of the Grantham Shopwatch Scheme may share:
• Information / evidence received involving the offences of Theft, Burglary, Robbery
and Fraud occurring in or affecting the Lincolnshire Police area.
• Evidence from internal shop CCTV schemes (where they exists) in relation to
offences committed therein.
7. CONSTRAINTS ON THE USE OF THE INFORMATION
7.1 If an agency wishes to disclose shared information to a third party, as best practice the
agency should seek written consent from the agency that provided the information. If a
statutory requirement for disclosure exists then consent for further disclosure is not required.
Any agency must ensure that all principles of the Data Protection Act are adhered to.
Therefore, if an agency makes a further disclosure to a third party they must ensure that the
sharing of personal data is not processed in any manner incompatible with the purpose/s it
was obtained for.
7.2 As best practise all information shared is only valid at the time of provision, and should only
be used for the purpose as requested. However, the recipient organisation becomes the
Data Controller for the shared information therefore the information may be used for
subsequent investigations, if it is being used for a purpose that is compatible with the
purpose for which it was obtained, i.e. prevention and detection of crime and disorder.
7.3 Disclosures
Disclosures of information and in particular, personal data are bound to both common and
statute law in particular, but not restricted to the following:
• The Common Law Duty of Confidentiality
• The Data Protection Act 1998
• The Human Rights Act 1998
7.7 Any disclosure of personal data must have regard to both common and statute law. For
example, defamation, the common law duty of confidence and the data protection principles.
Consideration should always be given to alternative powers that exist for the purposes of
data disclosure:
7.4 Consent
Many of the Data Protection issues in relation to disclosure can be avoided if the consent of
the individual has been sought and obtained. Consent must be freely given after the
alternatives and consequences are made clear to the person from whom permission is being
sought. This will be considered to be ‘informed consent’. For the purposes of this
agreement, the term ‘sensitive’, where applied to data refers to the categories of data termed
‘sensitive’ within the Data Protection Act 1998.
7.5 Witnesses, Victims and Complainants
Extreme care and careful consideration should be taken where the disclosure of information
includes details of witnesses, victims or complainants. The general rule is that information
such as described by witnesses, victims or complainants should not be disclosed without first
obtaining fully informed, specific and explicit consent from the individual concerned. In all
such cases, advice should be sought from the legal department, Information Sharing Officer
and/or Data Protection Officer.
7.6 Ongoing Investigations
If there is an ongoing investigation which is sensitive or of which the offender is not yet
aware of the police investigation the officer in the case will be consulted prior to any
dissemination to ensure there is no prejudice to the ongoing investigation or subsequent
court proceedings. A case involving safeguarding issues, which require an urgent disclosure
to protect any individual, should receive priority attention. In the event of a dispute, the views
of the officer in the case will prevail.
8. ROLES AND RESPONSIBILITIES UNDER THIS AGREEMENT
8.1 Each partner should appoint a single point of contact (SPoC) who must work together to
jointly solve problems relating to crime and anti-social behaviour. The sharing of
information must only take place where it is valid and legally justified.
Police SPoC Title: PCSO Rogers
Contact Details: Tel: 101 Ext 3307
Mobile: 07456003957
ALDI SPoC Title: Store Manager Contact Details: Tel: 01476 591240 ASDA SPoC Title: Security Manager Contact Details: Tel: 01476 581500 Age Uk SPoC Title: Store Manager Contact Details: Tel: 01476 590679
B& M SPoC Title: Store Manager Contact Details: Tel: 01476 593124
B & Q SPoC Title: Store Manager Contact Details: Tel: 01476 591112
Bon Marche SPoC Title: Store Manager
Contact Details: Tel: 01476 565878 Boyes SPoC Title: Store Manager
Contact Details: Tel: 01476 577679 Boots SPoC Title: Store Manager
Contact Details: Tel: 01476 563029
Boundary Mill SPoC Title: Loss prevention manager Contact Details: Tel: 01476 591001
British Red Cross SPoC Title: Store Manager
Contact Details: Tel: 01476 592507
British Heart Foundation SPoC Title: Store Manager Contact Details: Tel: 01476 594545
CEX SPoC Title: Store Manager Contact Details: Tel:
Cash Brokers SPoC Title: Manager Contact Details: Tel: 01476 574722
Cancer Research Title: Store Manager
Contact Details: Tel: 01476 579647 Carphone Warehouse SPoC Title: Store Manager
Contact Details: Tel: 0843 5380465 Clintons Cards SPoC Title: Store Manager
Contact Details: Tel: 01476 591638 Co-op – Dysart Road Title: Store Manager
SPoC Contact Details: Tel: 01476 751035 Co-op – Princess Drive Title: Store Manager
SPoC Contact Details: Tel: 01476 564931 Currys SPoC Title: Store Manager
Contact Details: Tel: 01476 581181 Dunelm Mills SPoC Title: Store Manager Contact Details: Tel: 01476 566966
EE SPoC Title: Store Manager Contact Details: Tel: 07787 876461
Empire Clothing SPoC Title: Store Manager
Contact Details: Tel: 01476 578022
Estilo SPoC Title: Store Manager Contact Details: Tel: 07816 317135
Farm Foods SPoC Title: Store Manager
Contact Details: Tel: 01476 561333
George centre SPoC Title: Security Manager Contact Details: Tel: 01476 592818
Grace and Co Jewellers SPoC Title: Store Manager
Contact Details: Tel: 01476 979030 Holland and Barrett SPoC Title: Store Manager
Contact Details: Tel: 01476 579334 Homebargains SPoC Title: Store Manager
Contact Details: Tel: 01476 569597 Homebase SPoC Title: Store Manager
Contact Details: Tel: 01476 515798 House of Fashion SPoC Title: Store Manager
Contact Details: Tel: 01476 979090 Isaac Newton/Savills SPoC Title: Manager
Contact Details: Tel: 07813 529828 Laura Ashley SPoC Title: Store Manager
Contact Details: Tel: 01476 512970
Lloyds pharmacy SPoC Title: Store Manager Contact Details: Tel: 01476 563087
Marks and Spencers SPoC Title: Store Manager
Contact Details: Tel: 01476 468568 Matalan SPoC Title: Store Manager
Contact Details: Tel: 01476 512980
Morrisons SPoC Title: Store Manager Contact Details: Tel: 01476 5579595
NEXT SPoC Title: Store Manager Contact Details: Tel: 01476 584680
O2 SPoC Title: Store Manager
Contact Details: Tel: 01476 578500 Oldrids and Downtown SPoC Title: Store Manager
Contact Details: Tel: 01476 578500
Peacocks SPoC Title: Store Manager Contact Details: Tel: 01476 591931
Pets at Home SPoC Title: Store Manager
Contact Details: Tel: 01476 592745 Poundland SpoC Title: Store Manager
Contact Details: Tel: 01476 978952
Poundstretcher SpoC Title: Store Manager Contact Details: Tel: 01476 574900
Rymans SPoC Title: Store Manager
Contact Details: Tel: 01476 594363
Savers SPoC Title: Store Manager Contact Details: Tel: 01476 575790
Sainsburys SPoC Title: Security Manager
Contact Details: Tel: 01476 592250 Select SPoC Title: Store Manager
Contact Details: Tel: 01476 569509 Sports Direct SPoC Title: Store Manager
Contact Details: Tel: 0344 3325731
Superdrug SPoC Title: Store Manager Contact Details: Tel: 01476 590544
Simmonds Music SPoC Title: Store Manager Contact Details: Tel: 01476 570700
Spar SPoC Title: Store Manager Contact Details: Tel: 01476 562958
Tesco SPoC Title: Store Manager Contact Details: Tel: 03456 102697
TK Maxx SPoC Title: Store Manager
Contact Details: Tel: 01476 577683 Three SPoC Title: Store Manager
Contact Details: Tel: 01476 575666
Tuffies Discount Store Title: Store Manager Contact Details: Tel: 01476 593415
W H Smith SPoC Title: Store Manager Contact Details: Tel: 01476 560655
Wilkinsons SPoC Title: Store Manager
Contact Details: Tel: 01476 590435
Wickes SPoC Title: Store Manager Contact Details: Tel: 01476 590435
8.2 Both contacts have a responsibility to create a file or folder that can record each individual
request for information and the decision made. It must include copies of the request for
information, details of the data accessed and notes of any meeting, correspondence or
phone calls relating to the request.
8.3 In order for Lincolnshire Police to share information, the designated police officer or staff
making the disclosure must ensure that one or more of the policing purposes are met.
Policing Purposes are defined as:
Protecting life and property;
Preserving order;
Preventing the commission of offences;
Bringing offender to justice, and
Any duty or responsibility arising from common or statute law.
8.4 Within Lincolnshire Police, the file must be held and managed centrally by the Grantham
Town Community Beat Manager.
8.5 Information Breaches
Complaints and breaches to this agreement should be dealt with by utilising any established
agency policies and procedures for breaches and complaints made in relation to appropriate
legislation in connection with the agreed information exchange and data processing.
Any disclosure of information by an employee, which is done in bad faith or for motives for
personal gain, will be the subject of an investigation and be treated as a serious matter.
Each party will be accountable for any misuse of the information supplied to it and the
consequences of such misuse by its employees, servants or agents.
All agencies are reminded of the Data Protection Act Principles and Section 55 and Section
61 Offences.
It is the responsibility of all parties to notify the other party of any known breach or
infringement immediately and remedial action must be agreed and actioned by all relevant
agencies concerned.
Major breaches may result in this agreement being temporarily suspended or withdrawn
completely.
8.6 Subject Access
Subject Access is an individuals right to have a copy of information relating to them which is
processed by an organisation.
Once information is disclosed from one agency to another, the recipient organisation
becomes the Data Controller for that information. With regards to subject access requests,
the Data Controller has a statutory duty to comply with section 7 of the DPA, unless an
exemption applies. It is good practise for the recipient organisation to contact the originating
organisation. This enables the originating organisation to advise the use of any statutory
exemptions that may need to be applied prior to disclosure to the requesting individual.
Communication should take place speedily thus allowing the servicing of the request to take
place within the Statutory 40 calendar day, time period.
8.7 Freedom of Information
If a party receives a request for information under the Freedom of Information (FOI) Act
[2000] that relates to data that has been disclosed for the purposes of this ISA, it is best
practice to seek advice from the originating organisation prior to release. This allows the
originating organisation to rely on any statutory exemption under the provisions of the FOI
Act and to identify any perceived harms. However, the decision to release data under the
FOI Act is the responsibility of the agency that received the request.
Lincolnshire Police Information Sharing Agreements are made publicly available on the force
website.
9. SECURITY
9.1 Partner agencies should establish common rules for shared data security, in order to ensure
compliance with the Data Protection Act. As best practice the disclosing organisation should
make sure that any personal information they disclose will continue to be protected by
ensuring that the recipient organisation has adequate security measures in place.
9.2 As part of Lincolnshire Police’s responsibility regarding the data they process/control, the
security guidance within this document should be agreed to and signed up to by all the
parties involved within this agreement. However, it must be noted that the recipient
agency/ies has legal responsibility for any information that has been shared as a result of
this information sharing agreement, this includes its security.
9.3 Agencies that have adequate security measures in place to ensure compliance with the Data
Protection Act should apply their own security procedures to any shared information.
9.4 Lincolnshire police may, by arrangement undertake a physical review of a partner agency’s
premises and security procedures.
9.5 Security Guidance
It is essential that the participating agencies provide personal or other sensitive information
only to specific individuals authorised to receive it. The transfer, use, storage and retention
of the information by each participating agency must comply with the Data Protection Act,
and should comply with the security requirements stipulated within this agreement. Any
additional security requirements that an agency wishes to specify must be done so in
agreement with all parties involved within this document.
9.6 General Principles
Ensuring that personal information is protected against accidental or unlawful destruction,
loss, alteration, unauthorised disclosure or access is the seventh principle of the Data
Protection Act 1998. Partners should ensure they have appropriate security in place and
arrangements to monitor these.
A key issue, especially for electronic documentation, is the consistent use of encryption and
secure information exchange. Unguarded exchange of personal information may not only
infringe the rights of the individual subject or others that may be identifiable from the
information, but also compromise the organisations sharing information or jeopardise any
proceedings or legal measure based upon that information.
With remote working there is an issue about storing personalised information on flash
drives/memory sticks and of encryption. Partners sharing personal information are
responsible for ensuring laptops, drive or removable electronic media containing personal
information used for remote working are encrypted, and have Home Office approved levels
of security. To comply with national guidance encryption should be at least 256 bit.
Recent Home Office guidance with respect to third party suppliers suggests that:
a) No unencrypted laptops or drives or removable electronic media containing personal
information should be taken outside office premises.
b) No transferring of any protected personal information from Home Office approved
systems to third party suppliers owned laptops, PCs, USB keys, external drives and any
other electronic media is permitted.
9.7 Secure Information Exchange
Electronic exchange can be the most secure and auditable means of exchanging information
provided this is done using suitable secure technology. Standard e-mail, even with
encryption, is not generally sufficiently secure to protect personal information.
Personal information should only be exchanged electronically using a secure messaging
system.
Attendees at meetings where personal data is discussed must also ensure that controls
applied to agenda and minute documents as are as secure as those used for requesting and
securing personal information, since these will often name the individuals being considered
and contain elements of the information contributory to the decision making process.
Records of meetings and personal information must be subject to the principles set out in the
ISA, particularly in relation to purpose and retention.
If a recipient organisation wishes to remove shared information from their premises, they
must ensure that the information is kept secure at all times, must not be made available to
individuals who are not authorised to see it, and must only be used for the purposes
specified within the ‘Information Sharing Agreement’
9.8 Sharing information securely
It is important that information is shared securely. Those who receive personal data should
take appropriate measures to protect the data against accidental or unlawful destruction or
accidental loss, alteration, unauthorised disclosure or access, and against all other unlawful
forms of processing. This includes when data is being shared and stored both electronically
and manually (e.g. paper).
All designated Officers who have access to personal data should have been assessed for
reliability in line with the employer’s requirements for the role, for example Disclosure and
Barring Scheme (DBS) checks. A greater degree of staff vetting and/or training is needed
where there is a greater importance that relevant data be secure.
The information Commissioner has issued the following guidelines concerning obligations for
agencies:
a) Does the data controller have a security policy setting out management commitment
to information security within the organisation?
b) Is the responsibility for the organisations security policy clearly placed on a particular
person or department?
c) Are sufficient resources and facilities made availability to enable that responsibility to
be fulfilled?
Shared information should be stored securely, and if no statutory guidance dictates
otherwise the recipient organisation should destroy the information when it is no longer
needed for the purpose for which it was provided. If an organisation does not have the
means to securely destroy shared information, they should consider returning the data to the
originating organisation for destruction.
9.9 Government Security Classifications
All Lincolnshire Police information is classified in line with the Government Security
Classifications (GSC). In order to ensure that the same protection is afforded to Lincolnshire
Police data once it has been disclosed to a partner agency, the partner organisation should
handle, store and delete police data according to the Government Security Classifications.
Appendix 2 provides further guidance on the GSC.
Organisations that already have security procedures in place that afford data the same
protection as the GSC controls should apply the same regulations to data disclosed by
Lincolnshire Police or any other partner organisation.
9.10 Transmitting information securely
When sharing information both the sender and the receiver should deal with the information
according to its protective marking. See Appendix 2 for handling requirements in line with
protective marking.
Secure e-mail
Lincolnshire Police documents must display the Protective marking at the top and bottom of
the relevant text or attachments. Insecure e-mail should not be used for any personalised
information. The below secure e-mail addresses may be used for information protectively
marked up to and including OFFICIAL-SENSITIVE:
a) CJSM
b) PNN
c) GSI
d) GSX
e) NHS.net
f) GCSX
g) MOD
Criminal Justice Secure email
When using CJSM.net it is important to remember to correctly align the email suffix for
secure information exchange as outlined below.
Organisation Normal email Suffix Email suffix for secure sharing
with CJSM
Police @pnn.police.uk @pnn.police.uk.cjsm.net
Government Connect
Government Connect is a pan-government programme providing an accredited and secure
network between central government and every local authority in England and Wales. The
network is known as GCSX (Government Connect Secure Extranet). GCSX is part of the
wider Government Secure Intranet (Gsi) and provides connectivity to nearly all central
departments.
GCSX provides secure access form connected Local Authorities to many other secure
networks such as:
• Government Secure Extranet (GSX)
• Government Secure Intranet (Gsi)
• National Health Service (NHS)
• Criminal Justice Extranet (CJX)
• Police National Network (pnn)
10. SPECIFIC PROCEDURES
10.1 Relevant photographs will be supplied by Lincolnshire Police to the Partner Agencies named
within this agreement on a regular basis, providing that they are supported with a Form B
(P698B) – Response to Request for Information, which must be retained by the Police SPoC
within the file created for such purpose.
10.2 The police SPoC will hand deliver relevant photographs to members of the Grantham
Shopwatch and will collect them for destruction upon disclosure of new photographs or when
the reason for the supply of the photograph is no longer valid.
10.3 Any photographs provided will not be displayed in any public areas of the premises, but will
be retained within the ‘private’ parts of the premises so that they can only be viewed by the
manager and relevant staff members. The photographs should be protectively marked
restricted and when not in use be locked behind a least one barrier.
10.4 Convictions and cautions that are spent within the meaning of the Rehabilitation of Offenders
Act will not be disclosed.
11. REVIEW, RETENTION AND DELETION
11.1 The recipient of the information is required to keep it securely stored and when it is no longer
required for the purpose for which it was requested, will safely dispose of it. In order to
ensure compliance with the Data Protection Act, data should be kept no longer than is
necessary, retention periods may vary between organisations. In accordance, with the
Management of Police Information (MoPI) and the Limitations Act [1980] Lincolnshire Police
will retain copies of the requests and responses for 6 years.
The original police data source will be deleted when it is no longer useful for a policing
purpose, this will be done in line with Lincolnshire Polices Review, Retention and Disposal
policies which are governed by MoPI guidelines.
Partner agencies should retain the shared information in accordance with statutory
guidelines and internal policies. If no statutory guidance exists for the retention and deletion
of data, information should be held in accordance with the fourth and fifth principle of the
DPA.
11.2 Files containing information from partner sources will be reviewed in line with force policy.
12. REVIEW OF THE INFORMATION SHARING AGREEMENT
12.1 This Information Sharing Agreement will be reviewed six months after its implementation
and annually thereafter. The nominated holder of this agreement is Lincolnshire Police. It is
based on the national template for Information Sharing which forms part of the guidance
issued on the Management of Police Information by the Association of Chief Police Officers
(ACPO) and the Home Office.
13. INDEMNITY
13.1 Partners named within this agreement, as receivers of police information will accept total
liability for a breach of this Information Sharing Agreement should legal proceedings be
served in relation to the breach.
13.2 The data recipient shall indemnify the Information Provider in full in respect of any loss or
damage caused to the Information Provider as a consequence of the unauthorised
disclosure of data supplied under this agreement.
14. DISCLAIMER
14.1 The Information Provider disclaims all liability to the data recipient in connection with the
data recipient's use of data supplied under this agreement and shall not, under any
circumstances, be responsible for any special, indirect or consequential loss or damages
including but not limited to loss of profits arising from the use of the data by the data
recipient.
15. SIGNATURE
15.1 By signing this agreement, all signatories accept responsibility for its execution and
agree to ensure that staff are trained so that requests for information and the process
of sharing itself is sufficient to meet the purposes of this agreement.
15.2 Signatories must also ensure that they comply with all relevant legislation.
15.3 It is the responsibility of all signatories to ensure that:
• Realistic expectations prevail from the outset.
• Professional, ethical standards are maintained.
• The Data Protection Principles are upheld.
• The information exchanged is kept secure and confidentiality is maintained as appropriate to the information’s level of protective marking as defined by the Data Controller.
• A mechanism exists by which the flow of information can be controlled.
• Appropriate staff training is provided on this agreement.
15.4 Adequate arrangements exist to test adherence to the agreement.
Signed on behalf of Lincolnshire Police Original Signed
Title: Chief Superintendent
Rank / Position: Area Commander
Date: 23/05/2018
Signed on behalf of ALDI
Original Signed
Title:
Rank / Position:
Date: 10/04/2018
Signed on behalf of ASDA
Original Signed
Title:
Rank / Position:
Date: 07/014/2018
Signed on behalf of B & M Original Signed
Title:
Rank / Position:
Date: 29/03/2018
Signed on behalf of B & Q Original Signed
Title:
Rank / Position:
Date: 03/04/2018
Signed on behalf of Bon Marche Original Signed
Title:
Rank / Position:
Date: 16/04/2018
Signed on behalf of Boyes
Original Signed
Title:
Rank / Position:
Date: 03/04/2018
Signed on behalf of Carphone Warehouse Original Signed
Title:
Rank / Position:
Date: 10/04/2018
Signed on behalf of Cash Brokers
Original Signed
Title:
Rank / Position:
Date: 27/04/2018
Signed on behalf of CEX Original Signed
Title:
Rank / Position:
Date: 29/03/2018
Signed on behalf of Clintons Cards
Original Signed
Title:
Rank / Position:
Date: 10/04/2018
Signed on behalf of Co-op- Dysart Retail Park
Original Signed
Title:
Rank / Position:
Date: 21/04/2018
Signed on behalf of Co-op – Princess Drive Original Signed
Title:
Rank / Position:
Date: 12/04/2018
Signed on behalf of Currys Original Signed
Title:
Rank / Position:
Date: 09/04/2018
Signed on behalf of Dunelm Mill Original Signed
Title:
Rank / Position:
Date: 10/04/2018
Signed on behalf of EE
Original Signed
Title:
Rank / Position:
Date: 11/04/2018
Signed on behalf of Empire Clothing Original Signed
Title:
Rank / Position:
Date: 16/04/2018
Signed on behalf of Estilo
Original Signed
Title:
Rank / Position:
Date: 03/04/2018
Signed on behalf of Farm Foods
Original Signed
Title:
Rank / Position:
Date: 16/04/2018
Signed on behalf of George Centre Security
Original Signed
Title:
Rank / Position:
Date: 10/04/2018
Signed on behalf of Grace and Co Jewellers Original Signed
Title:
Rank / Position:
Date: 03/04/2018
Signed on behalf of Holland and Barratt Original Signed
Title:
Rank / Position:
Date: 10/04/2018
Signed on behalf of Homebargins
Original Signed
Title:
Rank / Position:
Date: 09/04/2018
Signed on behalf of Homebase
Original Signed
Title:
Rank / Position:
Date: 09/04/2018
Signed on behalf of House of Fashion Original Signed
Title:
Rank / Position:
Date: 09/04/2018
Signed on behalf of Isaac Newton
Security/Savills
Original Signed
Title:
Rank / Position:
Date: 03/04/2018
Signed on behalf of Laura Ashley Original Signed
Title:
Rank / Position:
Date: 03/04/2018
Signed on behalf of Marks and Spencers Original Signed
Title:
Rank / Position:
Date: 03/04/2018
Signed on behalf of Matalan
Original Signed
Title:
Rank / Position:
Date: 09/04/2018
Signed on behalf of Morrisons
Original Signed
Title:
Rank / Position:
Date: 03/04/2018
Signed on behalf of Next
Original Signed
Title:
Rank / Position:
Date: 29/03/2018
Signed on behalf of O2
Original Signed
Title:
Rank / Position:
Date: 13/04/2018
Signed on behalf of Peacocks Original Signed
Title:
Rank / Position:
Date: 29/03/2018
Signed on behalf of Pets at Home
Original Signed
Title:
Rank / Position:
Date: 29/03/2018
Signed on behalf of Poundland Original Signed
Title:
Rank / Position:
Date: 24/03/2018
Signed on behalf of Poundstretcher
Original Signed
Title:
Rank / Position:
Date: 16/04/2018
Signed on behalf of Rymans Original Signed
Title:
Rank / Position:
Date: 29/03/2018
Signed on behalf of Savers Original Signed
Title:
Rank / Position:
Date: 03/04/2018
Signed on behalf of Sainsburys Original Signed
Title:
Rank / Position:
Date: 16/04/2018
Signed on behalf of Select Original Signed
Title:
Rank / Position:
Date: 29/03/2018
Signed on behalf of Sports Direct
Original Signed
Title:
Rank / Position:
Date: 29/03/2018
Signed on behalf of Superdrug Original Signed
Title:
Rank / Position:
Date: 29/03/2018
Signed on behalf of Tesco Original Signed
Title:
Rank / Position:
Date: 21/04/2018
Signed on behalf of TK Maxx
Original Signed
Title:
Rank / Position:
Date: 09/04/2018
Signed on behalf of Three
Original Signed
Title:
Rank / Position:
Date: 03/04/2018
Signed on behalf of Tuffies Discount Store Original Signed
Title:
Rank / Position:
Date: 21/04/2018
Signed on behalf of W H Smith
Original Signed
Title:
Rank / Position:
Date: 03/04/2018
Signed on behalf of Wilkinsons Original Signed
Title:
Rank / Position:
Date: 13/04/2018
Additional Signatories – Version 2:
Signed on behalf of Age Uk
Original Signed
Title:
Rank / Position:
Date: 21/04/2018
Signed on behalf of Boots Original Signed
Title:
Rank / Position:
Date: 29/03/2018
Signed on behalf of Boundary Mill Original Signed
Title:
Rank / Position:
Date: 07/04/2018
Signed on behalf of British Heart Foundation Original Signed
Title:
Rank / Position:
Date: 03/04/2018
Signed on behalf of British red Cross Original Signed
Title:
Rank / Position:
Date: 21/04/2018
Signed on behalf of Cancer Research
Original Signed
Title:
Rank / Position:
Date: 17/04/2018
Signed on behalf of Lloyds Pharmacy
Original Signed
Title:
Rank / Position:
Date: 17/04/2018
Signed on behalf of Oldrids & Downtown Original Signed
Title:
Rank / Position:
Date: 07/04/2018
Signed on behalf of Spar Original Signed
Title:
Rank / Position:
Date: 21/04/2018
Signed on behalf of Savills Management
Original Signed
Title:
Rank / Position:
Date: 03/04/2018
Signed on behalf of Wickes Original Signed
Title:
Rank / Position:
Date: 12/04/2018
Appendix 1
Appendix 1– Principles of the Data Protection Act
Principle
1
Personal data shall be processed fairly and lawfully and, in particular, shall not
be processed unless:
• At least one of the conditions in Schedule 2 is met and;
• In the case of sensitive data at least one of the conditions in Schedule 3 is
also met.
Principle
2
Personal data shall be obtained only for one or more specified and lawful
purposes and shall not be further processed in any manner incompatible with
that purpose or those purposes.
Principle
3
Personal data shall be adequate, relevant and not excessive in relation to the
purpose or purposes for which they are processed.
Principle
4
Personal data shall be accurate and, where necessary, kept up to date.
Principle
5
Personal data processed for any purpose or purposes shall not be kept for
longer than is necessary for that purpose or those purposes.
Principle
6
Personal data shall be processed in accordance with the rights of data
subjects under this Act.
Principle
7
Appropriate technical and organisational measures shall be taken against
unauthorised or unlawful processing of personal data and against accidental
loss or destruction of, or damage to, personal data.
Principle
8
Personal data shall not be transferred to a country or territory outside the
European Economic Area, unless that country or territory ensures an adequate
level of protection for the rights and freedom of data subjects in relation to the
processing of personal data.
Appendix 2
SENSITIVE DOCUMENTS SUPPLIED BY LINCOLNSHIRE POLICE – SECURITY REQUIREMENTS
Some of the electronic or hardcopy documents that you receive from Lincolnshire Police will contain sensitive or personal information. These documents will be provided to you on the understanding that you apply the protective measures described below.
GENERAL REQUIREMENTS
You must only use the information supplied by Lincolnshire Police for one or more of the following purposes:
For the detection or prevention of crime;
As specified in an Information Exchange Protocol that has been agreed between your organisation and Lincolnshire Police;
For a specific purpose that has been agreed, in writing, by Lincolnshire Police. You may not disclose, copy, or onwardly transmit information provided by Lincolnshire Police without its express, written permission, unless this is permitted within the terms of an Information Exchange Protocol agreed between your organisation and Lincolnshire Police. You may only retain the information for a period of time that will enable you to fulfil the purpose for which it has been has been provided. The information must then either be securely destroyed or returned to Lincolnshire Police as detailed in these instructions. It is your responsibility to contact Lincolnshire Police to establish if any relevant change has occurred since the information was provided to you, and upon which you intend to base any decision or action.
Government Security Classification – Control Measures at OFFICIAL
OFFICIAL including OFFICIAL-SENSTIVE
Personnel Security o All staff, volunteers, contractors etc. must have appropriate vetting clearance
Physical Security a. Document handling
o No requirement to mark documents with OFFICIAL marking o Comply with the Clear Desk – Clear Screen policy o OFFICIAL-SENSITIVE the document must be marked at the top and bottom of each page and handling instructions
considered, e.g. o FOR POLICE EYES ONLY o TO BE OPENED BY ADDRESSEE ONLY o NOT FOR FORWARD DISSEMINATION o NO PHOTOCOPYING WITHOUT PERMISSION OF AUTHOR
b. Storage o Storage behind a single locked barrier. OFFICIAL – SENSTIVE – consider a second locked barrier. o OFFICIAL-SENSITIVE - Consider use of approved physical security equipment/furniture (Contact Information Security
Officer in PSD for advice)
c. Remote Working o Ensure information cannot be inadvertently overlooked whilst being accessed remotely o Store assets under lock and key at remote locations
d. Moving assets by hand o Single cover with no external markings – sealed transit envelope is acceptable o OFFICIAL-SENSITIVE – Sealed envelope – no external markings o Precautions against overlooking when working in transit (e.g. whilst travelling by train)
e. Moving assets by post/courier
o Sealed envelope, never mark classification on envelope o OFFICIAL-SENSITIVE - Consider double enveloping o If sending sensitive personal data externally use registered Royal Mail service or reputable commercial courier’s ‘track
and trace’ service
f. Moving assets overseas o Sealed envelope, include return address, never mark classification on envelope o Trusted hand under single cover (Contact Information Security Officer in PSD for advice)
g. Bulk Transfers o Authorisation from Information Asset Owner required for significant volume of records/files o Contact Force Information Security Officer for advice and risk assessment
OFFICIAL including OFFICIAL-SENSTIVE
INFORMATION SECURITY a. Electronic Information at Rest
o Electronic data at rest can be found on computers, mobile devices etc. This information is protected according to its sensitivity; for portable devices data will be encrypted.
o Appropriate controls to protect the information may be physical protection, such as a locked door or may involve encrypting data that would be classified as OFFICIAL-SENSITIVE
b. Electronic Information in Transit e.g. e-mail
o Remember, ALL emails are at least OFFICIAL o Information between Police forces, government and trusted organisations is via secure networks, e.g. ‘.pnn’ e-mail o If the email does not contain sensitive information you can send it over the insecure internet e.g. [email protected] o Do not send sensitive information to insecure internet domain addresses, such as Google mail, Hotmail, Yahoo, consider
redacting the information if appropriate o Where more sensitive information must be shared with external partners or members of the public, consider using secure
mechanisms such as password protected documents. Consider file encryption for OFFICIAL-SENSITIVE together with handling instructions.
o Where more sensitive information must be shared with external partners, ensure secure mechanisms (e.g. browser sessions using SSL/TLS) are used. Consult the Information Security Officer in PSD for advice
o You should provide handling instructions if necessary, based on your risk assessment and at OFFICIAL-SENSITIVE o In exceptional circumstances, where there is a requirement for information to be sent unencrypted over the Internet, you
have to make a risk-balanced decision; there is always a risk of information being intercepted and exposed. It is very important to stipulate handling instructions in this scenario.
o You must follow any handling guidance stipulated by the relevant Force Information Asset Owner
c. Removable Media (data bearing)
o All portable and removable media must be encrypted and only Force supplied devices are to be used
o Any information moved to or transferred by removable media must be minimised to the extent required to support the business requirement
d. Telephony (mobile and landline), Radio, Video Conference and Fax
o Details of sensitive material should be kept to a minimum – be aware of being overheard and your surroundings o Your conversation, video conference etc. may be recorded by the other or a third party o Faxing is only acceptable as a last resort, where the recipient does not have a secure e-mail and there isn’t time to send
via post o Recipients should be waiting to receive faxes containing personal data and/or data marked with the OFFICIAL –
SENSITIVE caveat
Disclosure
o Where appropriate, non-sensitive information should be published by the Force for reuse. o Statutory disclosures are separate from the classification scheme and require case-by-case assessment o Requests for release under the Freedom of Information Act should be referred to the Freedom of Information Unit o The release of personal data is subject to the Data Protection Act principles. Contact the Data Protection Unit for advice.
Destruction of Hard Drives etc. o All disposal of IT equipment must be carried out by the Information Services Department
OFFICIAL including OFFICIAL-SENSTIVE
Disposal / Destruction of paper o Destroy using equipment which meets a recognised international paper destruction standard, designed to consistently
destroy to particles no larger than 4 x 15 mm
Incident Reporting o Inform your line manager and complete the relevant Force Incident reporting form o Follow incident reporting procedures set out in the relevant Force Security Policy
Appendix 3
Rehabilitation Periods: 1) Prison sentences of more than four years never become spent. 2) The rehabilitation periods for the main sentences are set out in the table below:
Sentence End of rehabilitation period for
adult offenders
End of rehabilitation period for
offenders under 18 at date of
conviction
A custodial sentence of
more than 30 months
and up to, or consisting
of, 48 months
The end of the period of 7 years
beginning with the day on which
the sentence (including any licence
period) is completed
The end of the period of 42 months
beginning with the day on which the
sentence (including any licence
period) is completed
A custodial sentence of
more than 6 months and
up to, or consisting of, 30
months
The end of the period of 48 months
beginning with the day on which
the sentence (including any licence
period) is completed
The end of the period of 24 months
beginning with the day on which the
sentence (including any licence
period) is completed
A custodial sentence of 6
months or less
The end of the period of 24 months
beginning with the day on which
the sentence (including any licence
period) is completed
The end of the period of 18 months
beginning with the day on which the
sentence (including any licence
period) is completed
Removal from Her
Majesty’s service
The end of the period of 12 months
beginning with the date of the
conviction in respect of which the
sentence is imposed
The end of the period of 6 months
beginning with the date of the
conviction in respect of which the
sentence is imposed
A sentence of service
detention
The end of the period of 12 months
beginning with the day on which
the sentence is completed
The end of the period of 6 months
beginning with the day on which the
sentence is completed
A fine The end of the period of 12 months
beginning with the date of the
conviction in respect of which the
sentence is imposed
The end of the period of 6 months
beginning with the date of the
conviction in respect of which the
sentence is imposed
A compensation order The date on which the payment is
made in full
The date on which the payment is
made in full
Sentence End of rehabilitation period for
adult offenders
End of rehabilitation period for
offenders under 18 at date of
conviction
A community or youth
rehabilitation order
The end of the period of 12 months
beginning with the day provided for
by or under the order as the last
day on which the order is to have
effect
The end of the period of 6 months
beginning with the day provided for
by or under the order as the last day
on which the order is to have effect
A relevant order The day provided for by or under
the order as the last day on which
the order is to have effect
The day provided for by or under the
order as the last day on which the
order is to have effect
3) Where no provision is made by or under a community or youth rehabilitation order or a relevant
order for the last day on which the order is to have effect, the rehabilitation period for the order is to
be the period of 24 months beginning with the date of conviction.
4) There is no rehabilitation period for—
a) An order discharging a person absolutely for an offence, or
b) Any other sentence in respect of a conviction where the sentence is not dealt with in the Table
above or where no provision is made by or under a community or youth rehabilitation order or a
relevant order.
In such cases mentioned above, any rehabilitation period is to be read as if the period of time is nil.
For example, a caution becomes spent immediately, and a conditional caution becomes spent after
three months from the date on which the caution is given, or, if earlier, when the caution ceases to
have effect.
5) Consecutive terms of imprisonment or other custodial sentences are to be treated as a single
term,
6) Terms of imprisonment or other custodial sentences which are wholly or partly concurrent (that is
terms of imprisonment or other custodial sentences imposed in respect of offences of which a
person was convicted in the same proceedings) are to be treated as a single term.
For further information on the rehabilitation periods, see Chapter 8 of the Legal Aid, Sentencing and
Punishment of Offenders Act 2012, which can be accessed using the following link:
http://www.legislation.gov.uk/ukpga/2012/10/part/3/chapter/8/enacted