Handling Information Policy
1. The Code of Practice (“the Code”) is published by Scottish Ministers under section 122 of Part V of The Police Act 1997 (“the 1997 Act”). The Code sets out obligations for registered bodies, countersignatories and other recipients of disclosure information issued under the 1997 Act and the Protection of Vulnerable Groups (Scotland) Act 2007 (“the 2007 Act”).
2. We comply with the Code and the 1997 and 2007 Acts regarding the handling, holding, storage, destruction and retention of disclosure information provided by Disclosure Scotland. We comply with the Data Protection Act 1998 (“the 1998 Act”). We will provide a copy of this policy to anyone who requests to see it.
3. We will use disclosure information only for the purpose for which it was requested and provided. Disclosure information will not be used or disclosed in a manner incompatible with that purpose. We will not share disclosure information with a third party unless the subject has given their written consent and has been made aware of the purpose of the sharing.
4. We recognise that, under section 1241 of the 1997 Act and sections 66 and 67 of the 2007 Act, it is a criminal offence to disclose disclosure information to any unauthorised person. Disclosure information is only shared with those authorised to see it in the course of their duties. We will not disclose information provided under subsection 113B(5)2 of the 1997 Act, namely information which is not included in the certificate, to the subject.
Access and Storage
5. We do not keep disclosure information on an individual’s personnel file. It is kept securely, in lockable, non-portable storage containers. Access to storage units is strictly controlled and is limited to authorised named individuals, who are entitled to see such information in the course of their duties.
6. To comply with the 1998 Act, we do not keep disclosure information for longer than necessary. For the 1997 Act, this will be the date the relevant decision has been taken, allowing for the resolution of any disputes or complaints. For the 2007 Act, this will be the date an individual ceases to do regulated work for this organisation. We will not retain any paper or electronic image of the disclosure information. We will, however, record the date of issue, the individual’s name, the disclosure type and the purpose for which it was requested, the unique reference number of the disclosure and details of our decision. The same conditions relating to secure storage and access apply irrespective of the period of retention.
7. We will ensure that disclosure information is destroyed in a secure manner i.e. by shredding, pulping or burning. We will ensure that disclosure information which is awaiting destruction will not be kept in any insecure receptacle (e.g. a waste bin or unlocked desk/cabinet).
8. Before acting as an Umbrella Body (a body which countersigns applications for Standard or Enhanced Disclosures or makes declarations in relation to PVG disclosure requests on behalf of other organisations) we will take the following steps. We will ensure that the organisation on whose behalf we are acting complies with the Code and the 1997 and 2007 Acts. We will take all reasonable steps to satisfy ourselves that they will handle, use, store, retain and dispose of disclosure information in full accordance with this policy. We will also ensure that any body or individual for whom applications or requests are countersigned, has such a written policy. If necessary, we will provide a model policy for that body or individual to use or adapt for this purpose.
1 The Serious Organised Crime and Police Act 2005 (“the 2005 Act”) schedule 14, paragraph 12 amended section 124
2 Subsection 163(2) of the 2005 Act inserted subsection 113B into the 1997 Act. Subsection 113B(5) of the 2005 Act replaces subsection 115(8) of the 1997 Act.
Policy last reviewed 8th May 2023