FutureScot
Justice & Policing

New biometrics report estimates police hold over 3 million images as commissioner warns of ‘proportionality risks’ of data retention

Dr Brian Plastow. Photograph: Scottish Biometrics Commissioner

A new biometrics report has revealed police in Scotland hold an estimated 3 million images amidst a warning over the ‘proportionality’ of retaining such a vast database.

Scottish Biometrics Commissioner Dr Brian Plastow has raised concerns over Police Scotland’s practice of data retention in a new report laid down at the Scottish Parliament.

Dr Plastow, a former police officer, revealed his findings in an Assurance Review, which indicated that images are by far the biggest volumes of personal biometric data held by the force – and could be significantly higher than estimated.

He said: “There are concerns around the necessity and proportionality of retention policies for images.

“Police Scotland and the SPA [Scottish Police Authority] have established a weeding and retention practice for convicted persons, which follows CHS [Criminal History System] conviction retention periods. This means that there is a risk that images could be retained longer than necessary.

“All reviewed bodies are aware of this issue. Police Scotland’s work on deletion of images not linked to a live prosecution or conviction is ongoing. The SPA FS [Forensic Services] has introduced a manual workaround to ensure weeding is compliant with the 1995 Act and the SBC Code of Practice.”

Dr Plastow highlighted that no “overarching strategy” has been developed by the force and the Scottish Police Authority’s forensic services division with respect to the management of biometric data, including DNA, fingerprints, and in ‘certain circumstances’ images.

He said that unlike DNA and fingerprints, which are largely held in centralised and automated databases, images and recordings are held in different formats and databases, including hard copy. He warned that an underinvestment in ‘ICT solutions’ was hampering the force in its ability to provide effective management of data.

Dr Plastow also raised concerns that police are not being effectively trained in biometrics data management.

He said: “During our review, we found that Police Scotland had not yet provided any training to staff on the applicability of the Scottish Biometrics Commissioner’s Code of Practice, on the Commissioner’s authority to investigate complaints about failure to comply with the Code, and on observing the information rights of data subjects especially where biometrics are obtained without consent, including because of arrest.”

He added that Police Scotland has not yet used controversial live facial recognition technology capable of ‘mass public space surveillance’ but that it should be available to the chief constable as a strategic or tactical option where there is a ‘significant threat’ public safety or security.

He also raised concerns over the Scottish Government’s Digital Evidence Sharing Capability (DESC) programme – which seeks to streamline the sharing of digital evidence between justice agencies, including courts and the police. He said the cloud-based system, hosted in the US, could be in breach of UK data protection laws, and that he was awaiting a ruling by the Information Commissioner.

In numbers:

Related posts

Putting a price on a rooftop

Liam Entwhistle
April 22, 2019

Scottish digital forensics start-up partners with US nonprofit fighting online child abuse

Kevin O'Sullivan
August 14, 2019

Evidence takes a digital-first approach

Axon
December 9, 2021
Exit mobile version