Law enforcement processing
Part 3 of the Data Protection Act 2018 transposes the EU Data Protection Directive 2016/680 (Law Enforcement Directive) into domestic UK Law and sets out the requirements for the processing of personal data for criminal ‘law enforcement purposes’ (LEP).
Law enforcement purposes include processing for the prevention, investigation, detection or prosecution of criminal offences, or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security.
Any processing which is carried out for a primary purpose, other than a law enforcement purpose, will be covered by the Part 2 of the DPA 2018 under the general processing regime. For example, this may include internal HR processes and procedures.
In the context of law enforcement, the personal data we are processing will often be sensitive. When it is, we must be able to demonstrate that the processing is strictly necessary and satisfy one of the conditions in Schedule 8 of the DPA 2018 or is based on consent.
Whose personal data we process for law enforcement purposes
In order to carry out the purposes described above, Northamptonshire Police may obtain, use and disclose personal information relating to a wide variety of individuals including but not limited to;
- offenders and suspected offenders
- witnesses or reporting persons
- individuals passing information to Northamptonshire Police
- victims, whether current, past or potential.
Types of personal information we process for law enforcement purposes
In order to carry out our statutory responsibility we will process varying types of personal data, this includes;
- your name and address
- employment details
- financial details
- racial or ethnic origin
- political opinions
- religious or other beliefs of a similar nature
- physical or mental health
- sexual life
- offences and alleged offences
- criminal proceedings
- outcomes and sentences
- physical identifiers including DNA, fingerprints, and other genetic samples
- photograph, sound and visual images
- criminal intelligence
- information relating to safety
- incidents, and accident details.
We will use only the minimum amount of personal information necessary to fulfil a particular purpose or purposes. Personal information can be held on a computer, in a paper record such as a file or images, but it can also include genetic and biometric data as well as other types of electronically held information such as body worn or CCTV images.
Where we get personal information from
The data we process for law enforcement purposes come from a wide variety of sources, including;
- other law enforcement agencies
- HM Revenue and Customs
- international law enforcement agencies and bodies
- licensing authorities
- legal representatives
- prosecuting authorities
- Prisons and Young Offender Institutions
- security companies
- partner agencies involved in crime and disorder strategies
- private sector organisations working with the police in anti-crime strategies
- voluntary sector organisations
- approved organisations and people working with the police
- Independent Office for Police Conduct
- Her Majesty’s Inspectorate of Constabulary
- government agencies and departments
- emergency services such as the Fire Brigade, National Health Service or Ambulance
- persons arrested
- relatives, guardians or other persons associated with the individual
- individuals passing information
- Northamptonshire Police and local authority CCTV systems
- body worn video
- correspondence sent to us.
There may be times where we obtain personal information from sources such as other police services and our own police systems such as our local information system.
How we handle personal information
We handle personal information according to the requirements of Part 3 of the new Data Protection Act 2018. Your personal information held on our systems and in our files is secure and is accessed on a need to know basis by our staff, police officers, or data processors working on our behalf.
We will ensure that your personal information is handled fairly and lawfully with appropriate justification. We will only use your information for lawful purposes and in connection with our requirement to uphold the law, prevent crime, bring offenders to justice, and protect the public.
We will strive to ensure that any personal information used by us or on our behalf is compliant in terms of accuracy, relevance, and adequacy and will not be excessive. We will attempt to keep it as up to date as possible and will protect your data from unauthorised access or loss.
We will review your data to ensure it is still required and we have a lawful purpose to continue to retain it. If there is no lawful purpose then your data will be securely destroyed.
Who we share personal information with
To enable Northamptonshire Police to meet their statutory duty, we may be required to share your data with other organisations that process data for a law enforcement purpose, in the UK and/or overseas, or in order to keep people safe. These organisations include;
- other law enforcement agencies (including international agencies)
- partner agencies working on crime reduction initiatives
- partners in the criminal justice arena
- local government
- authorities involved in offender management
- international agencies concerned with the safeguarding of international and domestic national security
- third parties involved with investigations relating to the safeguarding of national security
- other bodies or individuals where it is necessary to prevent harm to individuals.
We are also required to share law enforcement data for another purpose where an exemption applies or the organisation demonstrates there is a lawful basis for doing so. These organisations include, but are not limited to;
- family courts and individuals party to proceedings
- solicitors or individuals in connection with legal advice or proceedings
- housing associations
- regulatory bodies
- licensing authorities
- central and local government departments/agencies
- Social Services
- other emergency services
- court ordered disclosures.
Disclosure of personal information will be considered on a case-by-case basis, to ensure that only personal information appropriate for the identified purpose and circumstances is disclosed, with necessary controls in place.
Some of the bodies or individuals to which we may disclose personal information are situated outside of the European Union - some of which do not have laws that protect data protection rights as extensively as in the United Kingdom. If we do transfer personal data to such territories, we undertake to ensure that there are appropriate safeguards in place to certify that it is adequately protected as required by the legislation.
How long personal information is kept
Northamptonshire Police holds your personal information as long as is necessary for the particular purpose or purposes for which it is processed. Personal information which is placed on the Police National Computer is retained, reviewed and deleted in accordance with the Retention Guidelines for Nominal Records on the Police National Computer.
Other records that contain your personal information and are processed for law enforcement purposes are retained in accordance with the College of Policing guidance on the Management of Police Information (MoPI) and the National Police Chief’s Council Retention Schedule.