Below are some of the frequently asked questions regarding Data Protection and Norfolk Constabulary. If you can not find the answer to your question here please contact us:

The Data Protection Officer
Norfolk Constabulary
Operations and Communications Centre
Falconers Chase
Wymondham
Norfolk NR18 0WW

 

Telephone: 101
Email: dataprotection@norfolk.pnn.police.uk

 

Frequently Asked Questions

1. What laws and policies are relevant to personal information?

Personal information is managed in accordance with the following legislation and policy:

• The Data Protection Act 1998
• Human Rights Act 1998
• Freedom of Information Act 2000 (currently under implementation)
• Computer Misuse Act 1990
• Association of Chief Police Officers Code of Practice for Data Protection
• Her Majesty's Government Manual for Protective Security
• Statutory Code of Practice for the Management of Police Information

Reference will also be made to relevant case law and to legal guidance and codes of practice issued by the Office of the Information Commissioner.

 

2. Who is the Data Controller for Norfolk Constabulary?

The person ultimately responsible for the management of personal information by Norfolk Constabulary is the Chief Constable. All employees of Norfolk Constabulary act as the representatives and agents of the Chief Constable.

 

3. What is the purpose for holding personal information?

The Constabulary has notified the Office of the Information Commissioner that personal information is held and used for the following purposes:

Policing: the prevention and detection of crime; apprehension and prosecution of offenders; protection of life and property; maintenance of law and order; also rendering assistance to the public in accordance with force policies and procedures

Provision of necessary services to support the Policing Purpose including:

Staff administration; occupational health & welfare; management of public relations, journalism & media; management of finance; internal review, accounting and auditing; training; property management; insurance management; vehicle & transport management; payroll & benefits management; management of complaints; vetting; management of IT; legal services; information provision; licensing and registration; pension administration; research, including surveys; performance management; sports & recreation; procurement; planning; system testing; security; health & safety management.

Full details of the Constabulary's notification can be obtained from the Office of the Information Commissioner's website.

 

4. Who might the police pass my personal information to?

Disclosure or passing of personal information to other organisations or individuals is strictly controlled. There are some occasions when we will pass personal information to other official agencies because we are required to do so by law or because that agency has a legitimate reason supported by legislation to be given the information. For example: the Health and Safety Executive when investigating accidents, the Inland Revenue when investigating tax fraud and Social Services when considering child protection and welfare.

The Police work in partnership with other agencies to reduce crime and disorder, reduce the fear of crime and protect the vulnerable. In order to work together it is necessary to share information. Often this information is about crime figures or areas where crime or disorder is a particular problem. However, sometimes it is necessary to share personal information to tackle a particular problem involving an identified offender or victim. Sometimes information is shared to assist the partner agency in carrying out their lawful functions, but only when it is necessary and proportionate to do so.

Agencies we work in partnership with.

The sharing of personal information is covered by documents, known as protocols. These say who the sharing agencies are; when, why and what personal information might be shared and set out procedures for making and responding to requests for information and keeping the information secure.

 

5. Can I get a copy of my personal information?

The Data Protection Act provides the right for the individual to request a copy of personal information held about them by a data controller. This is known as 'subject access' (see Section 7 of the Data Protection Act 1998).

If you would like to find out whether the Constabulary has any personal information about you and would like a copy of that information you can apply by contacting us using the following details OR by going to the links to Access to Personal Information or by looking at the further information in this Frequently Asked Questions section:

Write to:

The Data Protection Officer

Norfolk Constabulary

Operations and Communications Centre

Falconers Chase

Wymondham

Norfolk NR18 0WW

Telephone: 101

Email: dataprotection@norfolk.pnn.police.uk

People want access to their information for a variety of reasons but in general we categorise requests as:

• those wanting details of their criminal convictions history only
• those wanting reports from a specialist unit eg. domestic violence unit reports.
• those wanting access to ALL information

 

6. I need confirmation that I do not have a criminal record or a list of my criminal convictions

Many people need this information as part of their application for visas, residency or work permits for countries abroad. You will be asked to complete an ACRO SA1 in order to provide the information necessary to search against police records. You will also be required to provide two documents that prove your identity and a fee of £10 is charged. More information is given on the form. [NB. If you also want to request access to other information held by Norfolk Constabulary you will be charged one fee of £10 for both applications. Please contact the Data Protection Office for advice.]

The Association of Chief Police Officers Criminal Records Office (ACRO) carries out these checks on our behalf. When you complete this form you will send it directly to ACRO and all queries about the progress of and response to your application must be made with ACRO. ACRO will reply directly to you at the postal address you give on the form.

The response to this application will be a list of convictions issued by the courts, police cautions, juvenile warnings and reprimands and some penalty notices. Only recordable offences will be shown; this excludes speeding, minor traffic offences and some others. An offence is recordable if it could attract a sentence of imprisonment (even if you received a lesser sentence) or it is listed in the National Police Records (Recordable Offences) Regulations 2000. If you live or have lived at some time in the previous 10 years in Scotland you will have to apply separately to the appropriate Scottish police force.

The Data Protection Act requires that you are given a response to any request for your personal information within 40 days. ACRO endeavour to respond in as short a period as possible but due largely to volumes responses may take the full 40-day period.

 

7. My employer has asked me to provide proof that I do not have a criminal record.

You cannot be forced by an employer to make a subject access application in order to provide to them proof of your criminal record. In the near future it will become an offence under the Data Protection Act 1998 for an employer to require an employee or candidate for employment to make a subject access request for this purpose. Most types of employment are subject to the Rehabilitation of Offenders Act 1974, meaning that a person does not need to declare a conviction if a certain amount of time has passed and no further offences have been committed.

If you chose to make a subject access request for this purpose you should make an application using form an ACRO Data Protection Form. However, you should be aware that the response will include all conviction records, including any that you are not required to declare to an employer under the Rehabilitation of Offenders Act.

The government agency Disclosure Scotland provides a Basic Check which includes only those convictions that a person would have to declare. You can apply for this check yourself by going to http://www.disclosurescotland.co.uk/ or calling 0870 609 6006.

However if your work will involve access to children, vulnerable adults or the elderly please follow this link for further information.

 

8. My work will involve access to children, vulnerable adults or the elderly.

You should not use the subject access procedures if your work will involve these categories of people. The Criminal Records Bureau (CRB) has been established by the Home Office to provide employers with a means of checking the criminal background of potential employees.

If you will be working or volunteering with children, vulnerable adults or the elderly you should ask your employer to contact the Criminal Records Bureau on 0870 90 90 811 or go to the Criminal Records Bureau website.

If you are self-employed and will have access to children or vulnerable adults you should seek advice from the Criminal Records Bureau. A number of employment/recruitment agencies have become registered bodies and can facilitate a CRB check for you – they may charge an administration fee.

 

9. I want access to any information Norfolk Constabulary might have about me or to specific information such as incident records or crime reports.

Such a request is managed via subject access. You will be asked to complete an In-house Data Protection Form A221 in order to provide the information necessary to search against our records. You will also be required to provide two documents that prove your identity and a fee of £10 is charged. More information is given on the form. [NB. If you also want to request access to criminal conviction records held on the Police National Computer you will be charged one fee of £10 for both applications. Please contact the Data Protection Office for advice.]

You may make such a request through your solicitor if appropriate, and give your authority for the information to be disclosed directly to them.

Subject access does not entitle you to receive information that might identify another person, known as a third party. If possible and appropriate we will contact the third party and ask for their consent to disclose their information to you. If we cannot obtain their consent the information may be removed, in the case of whole documents, or obscured in the case of information contained within a document. These issues will be discussed with you or your solicitor as appropriate.

The Data Protection Act requires that you are given a response to any request for your personal information within 40 days. We will always try to respond to your application in the early part of this period and will try to take account of any impending court dates. However, if the enquiry is particularly complicated or there is a lot of information to locate, check and reproduce the response may take the full 40-day period to reach you.

 

10. Is there any reason why I will not get my information?

The Data Protection Act 1998 does contain some exemptions from providing information following a subject access request. In brief, those most likely to be relevant to information held by the police are:

Information held for the purpose of safeguarding national security.

Information held for the purpose of preventing and detecting crime, apprehending and prosecuting offenders BUT only when disclosure to the applicant might prejudice those purposes.

The police service will also consider whether to disclose information to an application might prejudice the wider public interest or might be relevant to current or future criminal proceedings in the courts.

 

11. Will I get ALL the information?

Subject Access entitles you to computerised records, except when an exemption is relevant. Manual or paper records are included if they are held in a 'relevant filing system'. This term is used in the Data Protection Act 1998. Such a system will be managed in a way that is similar to a computer system so that specific information about a person is easily located, using indexes, reference numbers, file dividers etc.

It may be the case that information about you or provided by you is held by the Constabulary in paper form and in an unstructured format, that is, it cannot be easily located without looking through large volumes of information. In this case you would have to specify exactly what the information is that you require. We may also refuse to provide such information if to locate, retrieve and extract it exceeds a total of 18 hours work (as specified under the Freedom of Information Act 2005 Fees Regulations). If the paper records held in an unstructured format relate to matters relating to your employment by Norfolk Constabulary, the information is exempt from subject access.

The Data Protection Act contains a number of exemptions that may be applied to refuse disclosure of information. More information about these exemptions can be found on the Information Commissioner’s website Information Commissoners Office Please note that the legislation does not require that the applicant is informed when an exemption has been applied.

 

12. What do I do if I believe my information is wrong or that the police should not have or use that information?

The Data Protection Act 1998 gives you the right to request that inaccurate information is corrected or deleted. You can also request that your information is no longer used or held if you can show that you are being caused significant and unwarranted damage or distress. In some cases you might be entitled to compensation.

Making such a request will not automatically result in the information being changed or removed. If the Constabulary can show that the information is necessary and relevant to its lawful and legitimate functions as a police force the information will be retained.

These are the actions you can take:

• Contact the Data Protection Officer with your complaint.
• Contact the Chief Constable or the Constabulary's Professional Standards Department.
• Contact the Office of the Information Commissioner. This is the government department responsible for ensuring organisations are using personal information in accordance with the Data Protection Act. They can be contacted as follows:

The Office of the Information Commissioner
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Tel: 01958 545700

website: www.ico.gov.uk

You can of course take advice from a solicitor or the Citizens Advice Bureau.

13, What are the eight principles of data protection?
Data Protection Principles

Principle 1

‘Personal information shall be processed fairly and lawfully and, in particular, shall not be processed unless conditions are met’.

Principle 2

‘Personal information be obtained only for specified and lawful purposes and shall not be further processed in a manner incompatible with those purposes.’

Principle 3

‘Personal information shall be adequate, relevant and not excessive for the purpose’

Principle 4

‘Personal information shall be accurate and, where necessary, kept up to date’

Principle 5

‘Personal information shall not be kept for longer than is necessary for the purpose’

Principle 6

‘Personal information should be processed in accordance with the rights of data subjects’ These rights are:

• access to personal information
• prevent processing likely to cause damage or distress
• prevent processing for direct marketing
• automated decision making
• compensation
• rectification, blocking, erasure & destruction
• jurisdiction & procedure

Principle 7

‘Appropriate measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss, destruction or damage to the data.’

Principle 8

The final principle refers to passing information to countries outside the EU who may not have the same levels of security.