Garda Data Protection Guidance
-
Upload
tj-mcintyre -
Category
Documents
-
view
218 -
download
0
Transcript of Garda Data Protection Guidance
-
7/30/2019 Garda Data Protection Guidance
1/3
An Garda Siochana
Coirnisinir Carita
Forbartha Agrafochta agus
Pleanail Straitiseach
Ceanncheathru~ An Gharda Siochana
Pairc an Fhionnul~sce
Daile ha Cliath 8
Teileaf6n/Tel: (01) 666 1901
Facs/Fax: (01) 666 1905
Luaigh an uimhir thagartha seo a /eanas.'
PLease quote the following ref. number.-
Assistant Commissioner
Organisation Developm~ent
Strategic ~Planning
Garda Headquarters
Phoenix Park
Dublin 8
Lai~thre Grdan/Web Site:
www.garda.ie
Riomhphost:/Email:
Treoir Ceanncheathn !
HQ Directive No: 95/2012
Gach Oifigeach, Cigire agus Staisiun - Each Officer, Inspector and Station
Is doicimid faoi iontaoibh seo le h-usaid ag pearsanra den Gharda Siochana amhain
This is a confidential document for use only by personnel of An Garda Sfocharla
RE: Data Protection in An Garda Siochana
Data Protection Acts 1988 & 2003
In accordance with HQ Directive 158/2007, the Garda Commissioner is the Data Controller
~forthe purposes of the Data Protection Acts 1988/2003 and has ultimate responsibility for the
compliance by every employee of An Garda Siocha with the Acts.
In this regard the Code of Practice for Data Protection has been issued to every staff
member of An Garda Siocha. The aim of the Code of Practice is to ensure each employee
has a clear understanding of his/her responsibilities regarding these Acts.
Definition of Data
The term `data` means information in a form that can be processed It includes both
automated or electronic data and manual data. Automated data means any information on a
computer or information recorded with the intention of putting it on a computer. Examples
of this are entries on the PULSE system or any other electronic database. Manual data means
information that is kept as part of a relevant ming system or with the intention that it should
form part of a relevant filing system. Examples of this are all traditional paper files such as
investigation files and reports and statements as well as personnel and financial records and
duty rosters prepared as part of normal operational duties.
Section 4 Data Protection Code of Practice (page 7)
DATA PROTECTION RULES EACH MEMBER OF AN GARDA SjOCIIANA MUST
ADHERE TO:
I. Obtain and process information fairly
2. Keep it only for one or more specified, explicit and lawful purposes
3. Use and disclose it only in ways compatible with these purposes
4. Keep it safe and secure
5. Keep it accurate, complete and up-to-date
6. Ensure that it is adequate, relevant and not excessive
7. Retain it for no longer than is necessary for the purpose or purposes
8. Give a copy of his/her personal data to the relevant individual, on request
Ag obair /e Pobai/ Chan !ad a chosaint agus Chan freastaX orthu I Working with Communities to Protect and Serve
-
7/30/2019 Garda Data Protection Guidance
2/3
Ownership of Data Protection and Data Protection Code of Practice
In accordance with HQ Directive 93/2011 and HQ Directive 36/2012. ownership of Data
Protection and the Data Protection Code of Practice transferred from Assistant Commissioner
Crime and Security to Assistant Commissioner Organisation Development and Strategic
Planning on 1 May 2012.
Data Protection Access Requests
Data Protection Access Requests made to An Garda Sfocha by individuals seeking accessto their persona! data are processed at the Data Protection Processing Unit which is located
within the Garda Central Vetting Unit. A statutory timeframe of 40 days exists for the
processing of such a request. Accordingly all Data Protection Access Requests received
from individual Data Subjects at any Garda Station or office of An Garda Sfochana will be
immediately forwarded for processing to:
Superintendent
Data Protection Processing Unit
An Garda Siochana
Racecourse Road
Thurles
Co. Tipperary
Data Protection Access Requests may, in some instances, be transmitted from the Data
Protection Processing Unit to divisions, districts and sections to establish the existence of
personal data. In such cases ALL information related to the person will be forwarded to the
Data Protection Processing Unit not later than I O days before the 40 day time limit where the
material will be assessed and a decision on disclosure will be made on a case by case basis.
District and Divisional Officers may make recommendations as to disclosure or non"
disclosure of material but a final decision will be made in all cases by Superintendent, Data
Protection Processing Unit.
Compliance with Data Protection Acts: PULSE Reason for EnquirySignificant concerns have been raised about PULSE usage and compliance with the Data
Protection Act 1988/2003 within An Garda Siochana. Areas of PULSE usage which are
causing concerns are searches on persons, vehicles and organisations where the Reason for
Enquiry box is not being completed or is only partially completed. This is not acceptable.
The Data Protection code of Practice states that accessing or disclosing personal data for
any purpose other than that for which it is obtained is prohibited , therefore it is essential
when enquiries are carried out on Items of interest i.e. Persons Vehicles Locations, full
informatl~on should be included in the reason' for enquiry field in accordance with the
instructions at Code 32.15(3) and HQ Directive 14/2001. There will be no exceptions to
this.
Audit of PULSE enquiries
Accessing information that is in possession of An Garda Siocharia for non-business purposes
is prohibited. In order to protect the reputation of An Garda Siocha in this regard,
individual enquiries conducted by Garda personnel on PULSE will be audited forthwith. The
audit will take the form of a district/station/individual audit of all person, vehicle and
organisation searches in report format. The Garda Professional Standards Unit are
responsible for the examination of the implementation of Data Protection Policy, Procedures
and Legislative requirements. The examinations will include random electronic audits of
District/Station/Individual records of all Person Vehicle and Location searched and any
irregularities identified will be reported to local management for necessary attention.
Random auditing will occur from 6 December 2012.
41gobair LePobail chun lad a chosa!nt agus Chan freastal orthu\ Works~ng with Communities to Protect and Serve
-
7/30/2019 Garda Data Protection Guidance
3/3
Inappropriate disclosure of information
Inappropriate release of any data in the possession of An Garda Sfochana to external agencies
or individuals is prohibited. Unauthorised release of Garda information to any source
external to An Garda Siocharla will be fully investigated and processed in accordance with
the Garda SiochSn~a (Discipline) Regulations 2007. The cn'rninal aspects of any
inappropriate disclosure of information will also be fully investigated.
Certification
Divisional Officers will certify in writing to Assistant Commissioner Organisation
Development and Strategic Planning that each employee has read and understood this
directive and the documents referenced within~
Bring to the notice of all concerned.
FOR STRICT COMPLIANCE
~ Assistant CommissionerA.J. Nolan
6 December 2012
Ag obas'r le Pobai/ Chan lad a chosaint agus Chanfreastal orthu / Working with Communities to Protect and Serve