Background

In June 2020, the ICO published reports into the practice of mobile phone data extraction by police forces in the United Kingdom.

In May 2022, the Information Commissioner published an Opinion titled “Who’s Under Investigation? The processing of victim’s personal data in rape and serious sexual offence investigations,” building upon the foundations established through the initial investigation into mobile phone extraction and introducing additional recommendations for police forces when acquiring data from victims’ electronic devices and third party organisations.

The ICO committed to monitoring progress made by police forces towards ensuring that the data protection issues identified were appropriately addressed.

In line with that commitment and with the support of the National Police Chiefs Council, ICO commenced a project to assess the extent to which police forces have implemented the recommendations from their reports and embedded them into operational practice.

The terms of reference for the project stated that the organisations involved in the project would be kept confidential and therefore have not been published.

The review follows up on the recommendations from the 2020 reports, which have been completed or, are superseded by continuous improvement recommendations and highlight any areas of risk to their compliance.

The review also assessed the extent to which PSoS demonstrates best practice in their data protection governance and management of mobile phone data extraction.

Recommendations have been assessed as per Police Scotland’s Internal Audits risk grading structure as Moderate.

Refer to Appendix A – ICO Report

Refer to Appendix B – Dashboard and Action Tracker