The Data Integrity Agreement is also available as a download for easy printing
and presentation
 
                                                                                    
 
   

Retail Crime Operation (Birmingham) Ltd
DATA INTEGRITY AGREEMENT


Confidentiality Agreement incorporating

Partnership Protocols.

This agreement has been approved by the Chairman of ACPO Data Protection Portfolio Group - Deputy Chief Constable Ian Readhead from Hampshire Constabulary.
  1.0 The Data Protection Act 1998

1.1

The above act is concerned with the proper use and handling of information (Personal Data) processed by computers and information held on manual records. It aims to provide a framework of good practice by establishing Data Protection Principles. The purpose of the Data Protection Act 1998, which is published as making provisions for the regulation of the processing of information relating to individuals including the obtaining, holding, use or disclosure of such information. All processing must be in compliance with the provisions of the Act and in the event of non-compliance the Information Commissioner may take enforcement action.

1.2

Particular obligations are placed upon the Retail Crime Operation (Birmingham) Ltd (which shall be referred to hereafter as Birmingham RCO and known as the Data Controller) and you as a member of the partnership must comply with the Data Protection Principles.

  2.0 Definition of Terms

2.1

Birmingham RCO is an initiative operated by the retailers/businesses in partnership with the police and other relevant agencies and organisations, through a partnership agreement with each of the signed up members who have agreed to the principles outlined in the protocols document entitled Scheme Acceptance” specifically, the Constitution, Code of Practice, Operating Procedures, Data Integrity Agreement and other agreed partnership procedures contained therein.

2.2

Authorised Persons
For the purpose of this agreement are the Signatories to the “Scheme Acceptance” agreement.

2.3

Data Controller
Birmingham RCO is regarded as the Data Controller as it runs the Partnership. The Management will determine the purposes for which and the manner in which any personal data are, or to be, processed.

2.4

Personal Data
Data consisting of information, which relates to a living individual, who can be identified from that information.

2.5

 Data
“Data” means information which –

a)

 is being processed by means of equipment operating automatically in response to instructions given for that purpose.

b)

 is recorded with the intention that it should be processed by means of such equipment.

c)

 is recorded as part of a relevant filing system, or with intention that it should form part of a relevant filing system, or

d)

 does not fall within paragraph a), b) or c) but forms part of an accessible record.

2.6 Data Subject
A living individual who is subject of personal data

2.7

In or Near
Is the Birmingham postcode, an area coterminous with the defined  geographical boundary of the Birmingham RCO.

2.8

Disclosure of Information
The Data Controller will approve Disclosure of Personal Data and information about Data Subjects to Signatories of this agreement, where relevant and appropriate, for the purposes of:

  •  The prevention and detection of crime or:

  • The apprehension or prosecution of offenders or suspected offenders

      Information should only be passed where it is relevant to do so.

2.9

The Data Controller will disclose Personal Data to Signatories, where it is relevant to do so in connection with:

  •  Person(s) who are identified as legitimate “Targets”, under the partnership protocols or:

  • Person(s) who are strongly believed to be in the Birmingham RCO area (hereafter referred to as the area of operation) and in respect of whom there is clear evidence of their propensity to commit criminal offences in the area or against particular premises in the area.
2.10 Data Processor means any person who processes the data on behalf of the data controller.

2.11

Processing, in relation to information or data, means obtaining, recording or holding the information or data or carrying out any operation or set of operations on the information or data, including-
  •  organisation, adaptation or alteration of the information or data.
  •  retrieval, consultation or use of the information or data.
  • disclosure of the information or data by transmission, or otherwise making available.
  • alignment, combination, blocking, erasure or destruction of the information or data.
  3.0 Definition of a Target

3.1 For the purpose of this agreement a “Target” means and includes:

  • A person who is known (from a reliable source) to be currently, persistently and actively involved in committing or attempting to commit crime or disorder, in or near the area of operation of the Birmingham RCO Scheme. This will be the main criteria. In addition, a target will have a criminal record, e.g.

  •  A person who has been convicted within the previous twelve months of any crime, nuisance or disorder in or near your area of operation which may impact on the trading environment. The crime, nuisance or disorder must be relevant and appropriate to the purpose (that is the prevention and detection of crime, disorder and anti-social behaviour and the apprehension and prosecution of offenders). This would not include parking offences and or other minor incidents which are not relevant or 

  • A person who lives in or near the area of operation and who has been convicted within the previous twelve months of any crime, nuisance or disorder which may impact on the trading environment.  The crime, nuisance or disorder must be relevant and appropriate to the purpose (that is the prevention and detection of crime, disorder and anti-social behaviour and the apprehension and prosecution of offenders).  This would not include parking offences and or other minor incidents which are not relevant or 

  • A person who, following conviction for any offence arising in or directly relating to Birmingham RCO member premises, has been served with an exclusion notice preventing him/her from attending Birmingham RCO member premises.
3.2

Personal Data shall be constantly reviewed and shall not be retained for    any longer than necessary. In particular “Target” photographs and “Target” information shall be reviewed every 3 months to ensure that the Data reflects the Data Subject’s current circumstances. Personal data shall not normally be retained for any longer than twelve months.
  4.0 Data Security

4.1

Data shall not be disclosed to any non-signatory, either directly or indirectly  unless required to do so by law or by the order or ruling of a Court or Tribunal or regulatory body. If required to do so the member will, unless prohibited from doing so, notify Birmingham RCO promptly in writing of that fact and in any event, prior to making such a disclosure

4.2

Personal Data shall be transmitted to Authorised Persons via secure channels.

4.3 

Appropriate security measures shall be employed to prevent unauthorised access to, or alteration, disclosure or destruction of Personal Data and against accidental loss or destruction of Personal Data. (The absence of appropriate security measures may lead to a Data Subject being entitled to claim compensation from the Data Controller and/or other Signatories and must be guarded against at all times).

4.4

Personal Data relating to “Targets” or persons strongly believed to be in the Defined area of Birmingham RCO for the purposes of committing crime, nuisance and/or disorder shall immediately be returned to Birmingham RCO or destroyed upon request to do so by a written notice to that effect.

4.5

Personal Data relating to “Targets” or persons strongly believed to be in the Defined area of Birmingham RCO for the purposes of committing crime, nuisance and/or disorder will be retained in accordance with the procedures outlined in the partnership protocols and documentation pack.

  5.0 The Commitment

5.1

In consideration of the Personal Data being made available between the Data Controller and the Data Signatories, both parties (Controller and Signatories) irrevocably undertake the following:

  1.  To keep the Data received confidential at all times.
     

  2. They will obtain and process Data and information fairly and lawfully.

  3. Data shall be collated solely for the purposes of the prevention and detection of crime, or the apprehension or prosecution of offenders.

  4. Non police Data held will consist solely of descriptions, habits, movement details, and criminal intelligence relating to “Target” offenders and person(s) who are strongly suspected of committing crime, nuisance and/or disorder in or near the area of operation.

  5.  Police data will consist solely of the circulation of photographs.

  6. Data held will relate solely to “Target” offenders, current and past and person(s) who are strongly suspected of committing crime, nuisance and/or disorder in or near the area of operation.

  7. Data shall be disclosed to both parties solely for the information of their staff, to Police Forces, Prosecuting Authorities, Courts, Judges, and Magistrate.

  8. Data shall be adequate, relevant, and not excessive for the purpose it is intended.

  9. Data shall only be accessed or disclosed by or to Authorised Persons.
5.2

Any breach of this agreement will be dealt within accordance to the disciplinary procedures outlined in the partnership protocols and documentation guide. Making an unauthorised disclosure of data may lead to criminal prosecution.

RCO Member responsible for Photo Album to sign: -


Signed: ………………………………………………………

(PRINT NAME)…………………………………………….

 Company……………………….…………………………

 (POSITION)…………………………………… 



Date….…../…..…./….…

 

(Witnessed for and on behalf of the Retail Crime Operation (Birmingham) Ltd

Signed:………………………………………………………

(PRINT NAME)..................................………………………


Date…..../……./