code of practice for the law enforcement data service (leds) · leds may also be accessed by some...

Code of Practice for the Law Enforcement Data Service (LEDS)

Public Guide

Consultation June 2020

college.police.uk

http://www.college.police.uk

2OFFICIAL

College of PolicingOFFICIAL

© College of Policing Limited (2020)

This publication is licensed under the terms of the Non-Commercial College Licence v1.1 except where otherwise stated. To view this licence visit http://www.college.police.uk/Legal/Documents/Non_Commercial_College_Licence.pdf

Where we have identified any third-party copyright information, you will need to obtain permission from the copyright holders concerned.

Any enquiries regarding this publication or to request copies in accessible formats please contact us at [email protected]

Code of Practice for the Law Enforcement Data Service (LEDS) 2020 Public Guide Consultation

http://www.college.police.uk/Legal/Documents/Non_Commercial_College_Licence.pdf

http://www.college.police.uk/Legal/Documents/Non_Commercial_College_Licence.pdf

mailto:contactus%40college.pnn.police.uk?subject=

College of Policing

3

OFFICIAL

OFFICIAL

Contents

1 Introduction 5

2 What is the Code of Practice? 6

3 The purpose of the Code 7

4 The scope of the Code 9

5 Responsibilities under the Code 10

6 The Guidance Document 11

7 What underpins the Code? 13

8 Policing purposes and law enforcement purposes 15

9 Who enforces breaches of the Code? 16

10 Other concerned bodies 18

11 Relationship to other guidance 19

12 Background to LEDS 20

13 Who will be using LEDS? 21

14 Who is responsible for LEDS? 22

15 What details might be held on LEDS? 23

16 Can I access my data on LEDS? 26


4OFFICIAL



College of Policing

1

OFFICIAL

OFFICIAL Code of Practice for the Law Enforcement Data Service (LEDS) 2020 Public Guide Consultation

Introduction1

1.1

1

5

This guide is for members of the public, including those whose data may be held on the Law Enforcement Data Service (LEDS) and those interested in the scrutiny of LEDS as a law enforcement data system. The guide explains how a Code of Practice will be used to support the integrity of LEDS and gives some further information on how the data that LEDS holds is managed and protected. LEDS will hold personal data and other factual or intelligence information used by the police and other agencies to protect the public, enforce the law and safeguard vulnerable people (see section 8 for definitions of appropriate policing and law enforcement purposes). As well as explaining how the Code will operate to support the integrity of data held in LEDS, this guide is intended to provide some information about how data accessed through LEDS might be used. Members of the public can also use this guide to understand how they may be able to request to change or delete that data (see section 16).

6Code of Practice for the Law Enforcement Data Service (LEDS) 2020 Public Guide Consultation OFFICIAL


2.1 A code of practice provides guidance on how to comply with the legal obligations and professional standards of a particular industry or profession. The Code of Practice for LEDS serves as statutory guidance for the police forces of England and Wales. The Code describes the lawful, ethical and professional standards expected of police forces when using data and personal information for law enforcement and safeguarding purposes. This is intended to ensure public confidence that data is properly collected, used legitimately and retained only as long as is necessary. Every chief officer of police should have regard to the code in discharging any function in relation to their organisation’s access to LEDS and use of the data from LEDS. Her Majesty’s Inspectorate of Constabulary and Fire & Rescue Services (HMICFRS) is the main body involved in monitoring how LEDS is governed, managed and used, and will apply the Code as a framework to monitor each organisation’s compliance with the expected standards.

2.2 A detailed supplement, the Guidance Document, has been created to provide more detail to user organisations as to how managers and individual users can support their chief officers in complying with the requirements of the Code. This also clarifies some responsibilities for the Home Office as system owner, and the National Police Chiefs’ Council (NPCC), as the coordinating body for chief officers of police across the United Kingdom. Other documents which are useful to read with the Code are a Glossary of Terms, a list of the organisations accessing LEDS and a document entitled ‘Why might my details be on LEDS?’ This document will help members of the public understand whose data is collected and stored and for what purpose (see also section 15).

What is the Code of Practice?2

College of Policing

7Code of Practice for the Law Enforcement Data Service (LEDS) 2020 Public Guide Consultation

OFFICIAL

OFFICIAL

The purpose of the Code

3.1 The purpose of the Code is to support the ethical, fair, diligent and impartial use of LEDS. The Code, supported by the accompanying Guidance Document, endorses important values in upholding fundamental human rights, demonstrating equal respect to all people and acting in accordance with the law. The Code seeks to achieve this through five equally important aims.

3

Safeguarding people: Facilitating the appropriate use of accurate data by law enforcement agencies to bring offenders to justice, prevent crime and protect vulnerable people. LEDS will also include the National Register of Missing Persons (NRMP) to help agencies locate those who are missing and safeguard people who may be vulnerable.

Promoting accountability: Ensuring that activities undertaken in relation to LEDS have clear lines of responsibility, so each organisation that uses or supplies data can demonstrate that they understand and comply with the principles that support the Code. The Code and the Guidance Document encourage transparency in how personal data within LEDS is used, managed and deleted.

Promoting understanding: Enabling greater understanding of the objectives of LEDS as a law enforcement information system. The Code and Guidance Document use plain language so users of LEDS can be confident in how to use the system to support the prevention and detection of crime, protect the public and safeguard vulnerable people. Members of the public should feel reassured that the protections provided by the Code and the Guidance Document will help to preserve their data and privacy interests.

Enabling performance: Continuously improving the value of the data within LEDS by promoting better data quality, ensuring the relevance of the information and strengthening partnership working where information is shared between organisations. This will be facilitated by training in the use of LEDS and a requirement for organisations to proactively support continuing practice development among all users.

Promoting fairness: The public need confidence in the integrity of data processing within LEDS and have faith that it is compliant with the law. The processing of personal data for law enforcement purposes must be lawful, fair, transparent, and consistent with data protection principles. Information created and retained by law enforcement must be proportionate, lawful, ethical and necessary.



3.2 The College of Policing, the professional body for policing, has written the Code and Guidance Document for LEDS, working with the Home Office. The intention is to enhance public confidence in the management and integrity of LEDS by:

■ supporting the use of LEDS as an effective data-sharing platform

■ providing enough detail for users, managers, suppliers, auditors and trainers regarding their responsibilities in using, managing and applying data within LEDS

■ ensuring that the consequences of breaching the Code are made explicit

■ giving information about which bodies will hold the LEDS user organisations to account and how to contact them if there are concerns

■ ensuring the Code, the Guidance Document and this Public Guide are publicly available online, so there is transparency regarding how LEDS is governed and managed

■ reviewing the Code and Guidance Document regularly to take account of new developments

The Code and Guidance Document support the mechanisms (training, learning, development, audit and inspection) that will ensure LEDS is not used in a discriminatory or unethical manner. The Code and Guidance Document will be reviewed regularly to make sure they are consistent with evolving human rights, data protection and ethical standards, such as the Code of Ethics for policing.

College of Policing


OFFICIAL

OFFICIAL

4.1 The Code has a defined legal status for police forces in England and Wales. The scope of the Code in practice is much wider, supporting the legal and ethical use of LEDS by police forces outside of England and Wales, other law enforcement agencies and some non-law enforcement bodies with a limited law enforcement or safeguarding role. LEDS is intended to provide better access to information for wider law enforcement and safeguarding purposes (see section 13). Although the Code is directed at chief officers of police forces, as the main users of LEDS, all other organisations accessing LEDS will be required to have regard for the principles set out in the Code, and address their responsibilities as detailed in the Guidance Document. All user organisations will be required to sign a ‘joint-controller agreement’ to access the data in LEDS, and this agreement will require compliance with the Code and the Guidance Document. LEDS may also be accessed by some commercial organisations, although such access will be limited to redacted or filtered data for use in applications which support law enforcement purposes, (such as checking for vehicle fraud). The principles of the Code, and the responsibilities detailed in the Guidance Document, will also apply to these organisations (see section 13).

4 The scope of the Code



5.1 The Code is addressed to chief officers of police forces, through the powers vested by Section 39A of the Police Act 1996 (as amended by Section 124 of the Anti-social Behaviour, Crime and Policing Act 2014). In the case of other organisations using LEDS, chief officer equivalents, such as chief executive officers, chief executives, directors, permanent secretaries and other individuals with senior responsibility for managing the organisation, will also be accountable, through their joint-controller agreement. It is the responsibility of the chief officer of each organisation to ensure that all personnel who have access, or may be in a position to gain access to LEDS, are fully aware of the Code (and the Guidance Document) and understand the potential consequences of a breach of the Code for the organisation and for themselves as individuals. While chief officers might delegate the execution of those responsibilities to senior managers, they will be held to account for any failures by the organisation in respect of compliance with the Code and relevant legislation.

5.2 The Code identifies 10 principles to ensure the ethical, fair, diligent and impartial use of LEDS and describes how compliance and malpractice will be managed.

5 Responsibilities under the Code

College of Policing


OFFICIAL

OFFICIAL

6.1 The Guidance Document explains the requirements which support the 10 principles of the Code and clarifies how managers of LEDS user organisations and staff who are direct users have supporting responsibilities in relation to the Code. This is structured to reflect data-processing functions and other supporting functions in managing LEDS as a data service, such as auditing and training, and explains the appropriate responsibilities or obligations under those functions at different operating levels. Maintaining integrity and quality assurance of the service are ‘golden threads’ which run through all sections of the Guidance Document.

6.2 As LEDS is being developed by the Home Office’s National Law Enforcement Data Programme (NLEDP), the Home Office holds functions in developing, maintaining and securing the reliability of LEDS as an ongoing information service. The Guidance Document therefore outlines where the Home Office is required to support chief officers in discharging their responsibilities. The NPCC, as the coordinating body for chief officers of police across the United Kingdom, is also expected to support chief officers by setting performance standards in relation to LEDS and setting out more detailed guidance, working with the College of Policing.

6.3 Each section includes a short overview that explains the overall requirement in relation to that function. This may include references to specific guidance or legislation that should be read alongside the Code. This is followed by a description of the responsibilities or obligations at each level:

■ The chief officer of either a police force or another organisation that has been granted access to LEDS through a joint-controller agreement. The responsibilities which support the principles of the Code are directed to the chief officer or equivalent positions (for example, chief executive officers, chief executives, directors, permanent secretaries and other individuals with senior responsibility for managing the organisation).

■ Operational managers within the organisations who will have some responsibility for managing either LEDS access within that organisation or the performance of personnel (staff or contractors) who will be users.

■ LEDS users are individuals who have been vetted and granted access to LEDS. They will be registered as direct users or be members of an organisation that has been granted access through a connecting system, such as a police custody suite. As the Code uses a format aligned to potential data functions, some users will have a specific data role, such as inputting information. Others, such as frontline police officers, will use LEDS data as part of their wider duties.

6 The Guidance Document



■ The NPCC. Working with the College of Policing, the NPCC has responsibilities providing leadership to police forces in using LEDS and applying the data held within it.

■ The Home Office currently hosts the programme that is developing the data platform. The Home Office will not have statutory responsibility for many of the bodies accessing LEDS but, as the current owner of the LEDS platform, it holds some governance and management responsibilities.

College of Policing


OFFICIAL

OFFICIAL

7.1

7.2 Law enforcement organisations must be able to demonstrate compliance with all of the principles described in Part 3 of the DPA 2018:

■ Processing of personal data for any of the law enforcement purposes must be lawful and fair.

■ The law enforcement purpose for which personal data is collected on any occasion must be specified, explicit and legitimate. Personal data collected must not be processed in a manner that is incompatible with the purpose for which it was originally collected.

■ Personal data collected must be adequate, relevant and not excessive.

■ Personal data processed for any of the law enforcement purposes must be accurate and, where necessary, kept up to date. Every reasonable step must be taken to ensure that personal data that is inaccurate, bearing in mind the law enforcement purpose for which it is processed, is erased or rectified without delay.

■ Personal data processed for any of the law enforcement purposes must be kept for no longer than is necessary for the purpose for which it is processed, so organisations must review that data regularly.

■ Personal data processed for any of the law enforcement purposes must be processed in a way that guarantees the appropriate security of this personal data, using appropriate technical or organisational measures. This includes protection against unauthorised or unlawful processing of data and against accidental loss, destruction or damage of data.

What underpins the Code?7

The Code and Guidance Document describe how to use LEDS fairly and legitimately and for the correct purposes. The Code and Guidance Document reflect the seven principles of public life (‘Nolan Principles’), the Code of Ethics for policing and the law enforcement principles set out in the Data Protection Act 2018, as well as relevant legislation, such as:

■ the Data Protection Act (DPA) 2018

■ the General Data Protection Regulation (GDPR)

■ the Human Rights Act 1998 (HRA)



7.3 Most data in LEDS is collected and used for law enforcement purposes (see section 8). Part 3 of the DPA 2018 sets out specific advice on data management and data protection for law enforcement organisations using data for these purposes. Data used for other policing purposes and for safeguarding will be covered by the GDPR and Part 2 of the DPA 2018. The GDPR describes protections for individuals regarding how their personal information can be captured, stored and applied. The GDPR will still apply, at least for the immediate future, following the UK’s withdrawal from the European Union.

7.4 Part 3 of the DPA 2018 gives individuals various rights in respect of their personal data, including the right for that personal information to be rectified or erased if it is wrong or wrongly held. Restrictions may be placed on the rectification or erasure of personal data that supports law enforcement activity (for example, the issue of a warrant for arrest). The procedure for access to personal data held is discussed in section 16 of this Public Guide. Information should be proactively disclosed to aid with accountability and governance, provided that publication does not prejudice an ongoing investigation. Further details will be given in a Data Protection Impact Assessment for LEDS, available online.

7.5 Information should only be retained on LEDS for ‘a lawful and proportionate period’. For policing, this has been determined by the NPCC and supported by College of Policing guidance. The underlying principle is that organisations should consistently review stored data, actively delete information that does not meet a law enforcement purpose and automatically delete data that meets set criteria.

7.6 Section 3 of the HRA requires all public authorities, including the police, to act in a manner that is compatible with the European Convention on Human Rights (ECHR). Personal data (for example, an individual’s name, address, date of birth and national insurance number) is protected by Article 8 of the ECHR as part of an individual’s private life. This has to be read in conjunction with the provisions of the DPA 2018.

College of Policing


OFFICIAL

OFFICIAL

The Code of Practice on the Management of Police Information formally defines policing purposes as:

■ protecting life and property

■ preserving order

■ preventing the commission of offences

■ bringing offenders to justice

■ any duty or responsibility of the police arising from common or statute law

Policing purposes and law enforcement purposes8

8.1

8.2 Law enforcement purposes are defined under section 31 of the DPA 2018 as:

The prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security.

The Code addresses policing, but informs the lawful and ethical use of LEDS by wider law enforcement bodies and other partner agencies using LEDS for law enforcement or other policing purposes. Law enforcement purposes (as defined above) may encompass the majority of policing responsibilities but some police activities, such as providing educational programmes or supporting immigration enforcement, fall outside that definition. The Code also addresses more extensive applications of LEDS data in safeguarding children and vulnerable adults. These are referred to as safeguarding purposes, a term that encompasses protection of the health, wellbeing and human rights of individuals at risk, enabling them to live safely, free from abuse and neglect. Data processing for the wider policing purposes and safeguarding activities will be governed by the GDPR.



9 Who enforces breaches of the Code?

9.1 The Code of Practice is statutory guidance for policing in England and Wales, but has been written in such a way that it can apply to wider users of LEDS. This means that all law enforcement and safeguarding agencies using LEDS will take account of both the Code and its associated Guidance Document, follow the relevant sections or provide a good reason why they are not doing so (for example, because they can prove they are providing an equivalent or better alternative) as part of their access agreements. The Code and the Guidance Document give direction that supports specific legal requirements, as well as including good practice and suggested actions that build on the statutory requirements and existing guidance. Organisations or individuals who do not comply with legal requirements will be treated in accordance with that legislation.

9.2 The first step in enforcing the Code and the Guidance Document should be internally within organisations. For example, police forces have professional standards departments that play an important role in the maintenance of public trust and confidence. Professional standards actively examine counter corruption, vetting and misconduct. As explained by the Code of Ethics, it is a principle of policing that such issues are reported and dealt with openly and robustly.

9.3 Police forces also have specific audit departments for the Police National Computer (PNC) and the Police National Database (PND). These departments have a responsibility to carry out audit functions for LEDS. In this context, auditing refers to the systematic examination of the operation or procedures in accessing LEDS. Designated auditors for LEDS will have higher access levels and will look for any use of the system that causes a concern, such as access outside of shift hours or access to specific data that may require an explanation. Auditors pick random transactions (about 5% of transactions each week) and check back with the user to ensure that these transactions were appropriate. The platform allows for ‘keystroke’ monitoring, which enables auditors to review the text entered by a specific user. Auditors check every registered user at least once per year. The system also requires a user to apply a ‘reason code’ which identifies how their use of the system assisted a law enforcement or safeguarding purpose. Users may be required to justify how their use of LEDS was proportionate to that purpose. If auditors have any concerns, they can report these to professional standards for a detailed investigation.

College of Policing


OFFICIAL

OFFICIAL

9.4 A user who accesses LEDS data without good reason is liable to disciplinary proceedings. Examples might include a user accessing data out of curiosity because it might refer to a celebrity or performing checks on a vehicle for a friend who wants to buy it. LEDS users who access computer systems for a non-authorised purpose are liable to be prosecuted for the criminal offence of unauthorised access under section 1 of the Computer Misuse Act 1990, or for obtaining or disclosing or procuring the disclosure of personal data for an unlawful purpose under section 170 of the DPA 2018.



10.1 The Information Commissioner’s Office (ICO), the UK’s independent body set up to uphold information rights, was consulted in the development of the Code and the Guidance Document. The Code and Guidance Document help to uphold these information rights, for example, by increasing the level of transparency in relation to processing activity. Other audit and oversight bodies will have an interest where the use of the LEDS touches upon their responsibilities, including the Independent Office for Police Conduct, Police Investigations and Review Commissioner, the Biometrics Commissioner and the Investigatory Powers Commissioner’s Office.

10 Other concerned bodies

College of Policing


OFFICIAL

OFFICIAL

11 Relationship to other guidance

11.1 The UK data protection regime is set out in the DPA 2018 and the GDPR, which form part of UK law. Guidance on the application of data protection regulations is supplied by the ICO on its website and referenced in the Code of Practice and Guidance Document.

11.2 The Protection of Freedoms Act 2012 set out provision for deleting biometric data (DNA and fingerprints) in compliance with the circumstances and timeframes set in place under the Act. The Act removed existing police powers to retain biometric data from suspects who are not charged with, or convicted of, any offence. It also reduced the length of time for which data can be retained, with only the data of those convicted of the most serious offences being subject to indefinite retention. The Home Office (2017) Review of the Use and Retention of Custody Images set out further guidance about the retention of custody images of individuals without a conviction.

11.3 The Investigatory Powers Act 2016 and the Data Retention and Acquisition Regulations 2018 provide guidance on retention and disclosure of communications and data acquired under the provisions of the Act.

11.4 The Code of Practice on the Management of Police Information 2005 references data- retention policy. This is currently under review by the College of Policing and the NPCC.

11.5 The College of Policing produces Authorised Professional Practice (APP), which provides further detail to support expectations of good practice in policing. Although this does not have a statutory mandate, its inclusion within the Code should be considered as a further indication of the standards of practice and performance expected of LEDS users. Most APP is available online. The NLEDP will in due course be replaced by a longer-term governance body for LEDS which will be responsible for monitoring changes to the practice guidance and legislation referenced within the Code, and will make recommendations for further guidance, as required.



12 Background to LEDS?

12.1 The NLEDP was established to design, develop and manage LEDS as a replacement for the critical national public services of the PNC and the PND. The PNC allows the police and other law enforcement agencies to share information about suspects, convicted individuals, vulnerable people, vehicles and stolen property. The PND stores local information for police forces and other law enforcement organisations to share intelligence on suspects and people of interest (see section 15).

12.2 The PNC and the PND are outdated systems. Due to their age and limitations, they cannot be enhanced by new technology and data sources. LEDS, using a new IT platform and with a broader remit, will deliver improved data services for law enforcement. Serious Case Reviews – multi-agency practice reviews in cases where a child has been abused or neglected, resulting in serious harm or death, such as that following the Soham murders – have identified that police forces and other agencies have previously failed to share information that may have helped to prevent the tragedies that unfolded. This is why the PND was created and LEDS will enable closer cooperation between individual police forces and between police forces and other law enforcement bodies. This is essential, as organised criminal activity increasingly crosses regional and national borders.

12.3 LEDS has a modern, easy-to-use interface and includes mobile handset access. It will provide law enforcement bodies and other agencies with current and joined-up information, which will help to prevent crime and safeguard the public. The platform will also hold the first National Register of Missing Persons (NRMP), a new safeguarding resource. LEDS will offer more agencies working in law enforcement and safeguarding the potential to directly access wider data sources, although access to more sensitive information will be restricted depending on the organisation and the user’s role within that organisation. Organisations will have strict controls on access to datasets and all individuals granted access to LEDS will have to be security vetted and trained to an agreed standard.

12.4 Users will receive full training and guidance to maximise the benefits of the platform’s enhanced capabilities. LEDS will not replace all local policing data systems. Some data will therefore exist in two places simultaneously: on the originating data system (such as the local police system) with a copy going into LEDS. Some data will also be entered directly into LEDS by users approved and vetted by their organisation. Users will need to indicate a justified reason to see data and access will be monitored for audit purposes.

College of Policing


OFFICIAL

OFFICIAL

13.1 LEDS is designed to be used by law enforcement agencies, which the DPA 2018 defines as organisations that can legitimately use data for law enforcement purposes. This includes police, prisons, law enforcement bodies and other bodies with statutory functions to exercise public authority or public powers for law enforcement purposes. Non-governmental bodies will have very limited access to LEDS. This will follow an assessment of their need to access information and their ability to protect that data. Data on LEDS may also be disclosed to organisations working to safeguard vulnerable children and adults, particularly the data that is held within the NRMP. LEDS data may also be accessed by some commercial organisations under data processing contracts, albeit only for activity that supports policing and law enforcement purposes, such as checking for vehicle fraud. These agencies will only be able to see the data for which they have been given permission to access. Access to data that originates in local form on the PND, for example, is restricted to only a few agencies outside police, such as the National Crime Agency (NCA). These agencies share the same policing purposes: the protection of children and young people, understanding and reducing the threat posed by terrorism, and disrupting and preventing major, serious and organised crime. All private sector companies, law enforcement and police organisations which have direct access to LEDS information will be included on a public list alongside the purpose for which they have access, and that list will be made available online.

13.2 Requests for access to LEDS will be considered by a LEDS approval body. The members of this body will likely include the NPCC and the Home Office, together with other critical stakeholders. Following the approval of an application, a joint-controller agreement will be issued. This agreement will outline the conditions of access and the expectations for compliance with requirements for data security and confidentiality. Non-policing organisations include bodies such as the Charity Commission for England and Wales, the Department for Work and Pensions, the Disclosure and Barring Service (DBS), the Driver and Vehicle Licensing Agency (DVLA), the National Crime Agency (NCA), HM Prison and Probation Service, Royal Mail Security, Trading Standards and charities such as Missing People. Such organisations will access limited datasets for use in applications which support law enforcement and safeguarding purposes, and will have to follow the same precautions of limiting that access to fully vetted personnel with specific role requirements.

Who will be using LEDS?13



14.1 The Home Office set up the NLEDP, which is responsible for the design, development and governance of LEDS. Once the platform is fully in use, management will eventually fall under a dedicated LEDS governance body, which will include police and other representatives. The Home Office shares some of the current management responsibilities with the NPCC, which provides leadership and direction to the police forces who will use LEDS. The Home Office will continue to manage and run LEDS.

14.2 HMICFRS will have a role in monitoring how LEDS is being governed, managed and used. It will issue recommendations on improvements in the use and management of LEDS at all levels. As well as its statutory remit inspecting police forces in England and Wales, HMICFRS has an arrangement to inspect the Police Service of Northern Ireland (PSNI) at least once a year. Scotland has its own inspectorate, which operates separately, but all organisations using LEDS must agree to engage with HMICFRS for oversight of compliance with the Code of Practice and Guidance Document. This will be included as a condition in the joint-controller agreements with LEDS users.

Who is responsible for LEDS?14

College of Policing


OFFICIAL

OFFICIAL

15.1 Initially, data from the PNC and the DVLA will move into LEDS in phases, expected to be complete by 2022, followed by data from the PND. The NRMP will be created within LEDS during that period. When fully functional, LEDS will hold personal biographical information that may have been collected by police (such as name and date of birth) and contact information. LEDS will also provide access by application program interface (API) to other databases, such as those holding DVLA driver records and photo images, biometric data (fingerprints and DNA), body-worn video and CCTV images. Access will be determined by permissions levels set in data-sharing agreements.

15.2

15What details might be held on LEDS?

LEDS will hold details of people who are, or were, of interest to UK law enforcement agencies because they:

■ have convictions for criminal offences

■ have been arrested

■ have been charged

■ have been legally detained (arrested or under investigation)

■ are under suspicion

■ are subject to the legal process (for example, waiting to appear at court)

■ are wanted

■ have certain court orders made against them

■ have absconded (escaped) from specified institutions

■ are disqualified from driving by a court

■ have a driver record held at the DVLA

■ hold a firearm certificate

■ have been victims of crime or witnesses to criminal acts



Information held on LEDS will be subject to the Management of Police Information (MoPI) guidelines. This is currently under review. Information held on children or in relation to law enforcement contact while under 18 will be managed in alignment with MoPI. A further document has been produced: ‘Why might my details be on LEDS?’ This explains more about the reasons why data is held on individuals. Members of the public can make enquiries about whether their data is held on LEDS and how it is used.

15.3 Records of people who are missing or have been found will be held on the NRMP within LEDS. In the past, details of missing people have only been kept on the PNC until they are known to have been located, with information only retained on local force systems. This data will be kept on the LEDS until six years have passed since the missing person was last found. Capturing and retaining such information nationally is in the public interest, because the ability to look back at past episodes of absence, to spot patterns of people going missing, or to check identities in different locations would help to safeguard vulnerable individuals.

15.4 LEDS also holds details of lost or stolen property (including domestic animals and wildlife) and details of UK registered vehicles, which are copied from DVLA records. These include vehicle details, owner details, DVLA markers (alerts to special details), police reports and vehicle insurance details. Sensitivity markers indicate, for example, where some details concerning public figures can be blocked from general view.

15.5 LEDS will contain intelligence, such as records of allegations or investigations that concluded, but did not result in a caution or conviction. Intelligence information on LEDS could form part of an Enhanced DBS certificate (see section 12), although this is done on a case-by-case basis following the exercise of police discretion.

College of Policing


OFFICIAL

OFFICIAL

15.6

15.7 LEDS is a tool for law enforcement and will offer joined-up access to records already held by the police and law enforcement agencies. Information about school, government records such as tax or medical details, or items such as supermarket loyalty cards are not in the scope of PNC or LEDS. There are no plans to use facial recognition, in which cameras are linked to databases of suspects, within LEDS. There are no plans for algorithms to be used to predict offending within LEDS. To include this data or any other new dataset within LEDS would require assessment in the Data Protection Impact Assessment (DPIA) and appropriate consultation.

As well as sharing data between police services, the data LEDS will process for law enforcement purposes will come from a wide variety of sources, including:

■ international law enforcement agencies and bodies

■ emergency services, such as fire and rescue and ambulance services

■ courts

■ security companies that transfer prisoners

■ partner agencies involved in crime and disorder strategies

■ private sector organisations working with the police in anti-crime strategies

■ voluntary sector organisations

■ approved organisations and people working with the police

■ people arrested

■ victims

■ witnesses

■ relatives, guardians or other individuals associated with missing people

■ individuals passing information

■ local authority and private CCTV systems

■ body-worn video operated by police officers

■ custody images



Although LEDS is not open for public access, there are a number of ways in which members of the public can enquire about whether their data is held on LEDS and how it is used.

16.1 The DBS helps employers make safer recruitment decisions each year by processing and issuing DBS checks for England, Wales, the Channel Islands and the Isle of Man. The DBS also maintains the adults’ and children’s barred lists and makes considered decisions as to whether an individual should be included on one or both of these lists and barred from engaging in regulated activity, such as working with children or in healthcare. A basic DBS check is for any purpose, including employment. The certificate will contain details of convictions and conditional cautions considered to be unspent under the terms of the Rehabilitation of Offenders Act 1974. An individual can apply for a basic check directly to the DBS through their online application route.

16.2 AccessNI performs the service of checking for criminal records for people living or working in Northern Ireland. Individuals with an NIdirect account can apply online for a basic check. Disclosure Scotland provides the same service in Scotland.

16.3 Data protection legislation protects personal data. It gives individuals the legal right to access information held about them by making a subject access request. The right of access allows you to see personal information held about you by organisations, including police forces and the wider criminal justice system. The ICO provides guidance on how to make such a subject access request. These are generally made in writing but all requests (written or verbal) need some form of identity check before disclosure is possible. Historically, ACRO Criminal Records Office has processed data subject access requests on behalf of most UK police forces although, legally, the responsibility to respond lies with the data-processing organisation (for example, the local police force). If you are unsure what information may be held on your record, or whether you have a record held on the PNC or LEDS, you can apply for a subject access request here.

16.4 Information relating to certain types of victim or witness will not be disclosed under the data subject access request process if the circumstances suggest that they might come to harm as a result. For example, a victim or witness could be pressured into revealing that they have sought police protection or have made a complaint.

16 Can I access my data on LEDS?

https://www.gov.uk/guidance/basic-dbs-checks-guidance

https://www.gov.uk/request-copy-criminal-record

https://www.acro.police.uk/Subject-access

College of Policing


OFFICIAL

OFFICIAL

16.5 Individuals may want to have their data on LEDS corrected if there is an inaccuracy, for example, in the details of a criminal conviction. An individual may receive a copy of their criminal record and request that an incorrect entry, for example for grievous bodily harm, is corrected to actual bodily harm, or vice versa, to reflect the correct conviction. Individuals who believe that their data may be in LEDS without a just reason have the right to request the deletion or removal of their personal data, and also have a right to block or restrict processing of their personal data. This is usually done by making a direct application to the force or agency that entered the original data. The Home Office is seeking to provide a ‘one-stop shop’ for email/online enquiries about LEDS. It will remain the case that queries about some data will need to be referred to other law enforcement partners for determination. This will include the ability to make corrections to information held on LEDS and the ability to make representations about how information on LEDS could be improved, limited, changed or deleted. The ICO provides guidance on how to make a request to have data rectified or removed. The ACRO website also provides a form to enable a request for record deletion to be made in writing.

16.6 The Freedom of Information Act 2000 provides any person the right to access information held by public authorities, subject to a number of exemptions. Police forces and some other LEDS user organisations which are separate public authorities will be subject to this Act. Although this is not a route to obtain personal data from LEDS, it allows rights to information about processes or procedures.

16.7 The Home Office is the interim governance body for LEDS. Individuals who have reason to believe that there may be evidence of a breach of the Code of Practice or a failure to comply with responsibilities outlined in the Guidance Document should, in the first instance, report those concerns to the Home Office. The Home Office will then direct any concerns to the responsible body. The mechanism for reporting concerns will be confirmed in due course.

https://www.acro.police.uk/Record-deletion

http://www.legislation.gov.uk/ukpga/2000/36/contents

https://www.app.college.police.uk/app-content/information-management/freedom-of-information/#stage-4-exemptions

C067I0520

Follow us@CollegeofPolice

About the CollegeWe’re the professional body for everyone who works for the police service in England and Wales. Our purpose is to provide those working in policing with the skills and knowledge necessary to prevent crime, protect the public and secure public trust.

college.police.uk