Skip to site content Skip to main menu

Tell us whether you accept cookies

Published: 02 February 2024

ICO Audit - Mobile Phone Data Extraction Project – Review Report - 6 February 2024

Report Summary

This report provides members of the Scottish Police Authority's Audit, Risk & Assurance Committee with an overview of Police Scotland’s mobile phone data extraction processing activities.

To access the full document please open the PDF document above.

To view as accessible content please use the sections below. (Note that tables and some appendixes are not available as accessible content). 

Meeting

The publication discussed was referenced in the meeting below

Audit, Risk and Assurance Committee - 6 February 2024

Date : 06 February 2024

Location : online


Background

In June 2020, the ICO published reports into the practice of mobile phone data extraction by police forces in the United Kingdom.

In May 2022, the Information Commissioner published an Opinion titled “Who’s Under Investigation? The processing of victim’s personal data in rape and serious sexual offence investigations,” building upon the foundations established through the initial investigation into mobile phone extraction and introducing additional recommendations for police forces when acquiring data from victims’ electronic devices and third party organisations.

The ICO committed to monitoring progress made by police forces towards ensuring that the data protection issues identified were appropriately addressed.

In line with that commitment and with the support of the National Police Chiefs Council, ICO commenced a project to assess the extent to which police forces have implemented the recommendations from their reports and embedded them into operational practice.

The terms of reference for the project stated that the organisations involved in the project would be kept confidential and therefore have not been published.

The review follows up on the recommendations from the 2020 reports, which have been completed or, are superseded by continuous improvement recommendations and highlight any areas of risk to their compliance.

The review also assessed the extent to which PSoS demonstrates best practice in their data protection governance and management of mobile phone data extraction.

Recommendations have been assessed as per Police Scotland’s Internal Audits risk grading structure as Moderate.

Refer to Appendix A – ICO Report

Refer to Appendix B – Dashboard and Action Tracker


Related Publications

The documents below are related by Topic and are the most recently published

Green icon showing a magnifying glass with eye in the middle.

Taser – Public Briefing

Published: 23 September 2024

Policy Technology

Green icons showing 7 inter-connected circles.

Memorandum of Understanding (MOU) - May 2024

Published: 19 September 2024

Policy Technology

Green icon showing a magnifying glass with eye in the middle.

Data Ethics Governance Framework - 4 May 2022

Published: 31 August 2022

Policy Technology