POLICY ON THE SECURE HANDLING, USE, STORAGE, RETENTION AND DESTRUCTION OF PERSONAL INFORMATION
1 . The Code of Practice (“the Code”) is published by Scottish Ministers under section 122 of Part V of The Police Act 1997 (“the 1997 Act”). The Code sets out obligations for registered bodies, countersignatories and other recipients of personal information issued under the 1997 Act and the Protection of Vulnerable Groups (Scotland) Act 2007 (“the 2007 Act”).
2. We comply with the Code and the 1997 and 2007 Acts regarding the handling, holding, storage, destruction and retention of personal information. We comply with the Data Protection Act 1998 (“the 1998 Act”). We will provide a copy of this policy to anyone who requests to see it.
3. We will use personal information only for the purpose for which it was requested and provided. Personal information will not be used or disclosed in a manner incompatible with that purpose. We will not share disclosure information with a third party unless the subject has given their written consent and has been made aware of the purpose of the sharing.
4. We recognise that, under section 1241 of the 1997 Act and sections 66 and 67 of the 2007 Act, it is a criminal offence to disclose personal information to any unauthorised person. Personal information is only shared with those authorised to see it in the course of their duties. We will not disclose information provided under subsection 113B(5)2 of the 1997 Act, namely information which is not included in the certificate, to the subject.
Access and Storage
5. We do not keep personal information on an individual’s personnel file. It is kept securely, in lockable, non-portable storage containers. Access to storage units is strictly controlled and is limited to authorised named individuals, who are entitled to see such information in the course of their duties.