In April 2009, the Crown Office and Procurator Fiscal Service (COPFS) introduced new disclosure procedures whereby information disclosed to defence agents is provided electronically on pen drives.
One of the main driving forces behind this change is a need for COPFS to comply with the seventh data protection principle to ensure that any information disclosed by them is adequately protected against accidental loss or damage. The pen drives, which are encrypted, can only be accessed by solicitors on receipt of a password, provided by COPFS.
Defence agents as data controllers
As recently highlighted in this magazine (Journal, August, 27), solicitors are considered processors of personal information for the purposes of the Data Protection Act 1998. As solicitors determine the purpose for which and the manner in which personal data are processed, they are also data controllers. If any of that information is processed electronically, even if it is just to complete legal aid applications or write submissions, then solicitors must notify the Information Commissioner’s Office (ICO) under the 1998 Act that they are data controllers.
Failure to notify the ICO is a strict liability offence under the 1998 Act and the ICO is currently targeting solicitors’ and accountants’ firms on a regional basis, including legal firms across Scotland.
As data controllers, solicitors also have a duty to comply with the seventh data protection principle by putting in place such measures as are necessary to ensure that all information they process is kept secure.
Greener Scotland
In addition, by reducing the amount of paper generated by cases, these new disclosure processes will also comply with the Government’s Greener strategic objective to improve Scotland’s natural and built environment.
Defence agents are then able to print only such information as they require in the preparation and presentation of the defence.
The new process is also in line with the current Government agenda in relation to the expansion and encouragement of electronic business in Scotland in the 21st century.
Implementation of the new processes COPFS has introduced this new policy following consultation with the Assistant Information Commissioner for Scotland and the Law Society of Scotland.
As defence agents must be registered as data controllers if they process information electronically, COPFS must be satisfied prior to disclosure on pen drive that the agent has notified the ICO. Defence agents are, therefore, asked to sign an undertaking confirming that they registered prior to receiving their first pen drive.
With effect from 31 October 2009, COPFS has adopted disclosure by encrypted pen drive as the primary method of disclosure and COPFS will cease to provide information hard copy, except in exceptional circumstances or where the information cannot be uploaded onto a pen drive.
As a responsible public authority, COPFS will not provide disclosure information to any agent who refuses to provide the written undertaking confirming that they are registered as data controllers.
COPFS secure website
The pen drive, however, is only the first stage in COPFS’s shift towards electronic disclosure. COPFS is working with an external software company to design a secure website through which information will be disclosed to the defence.
An electronic disclosure file will be created on the COPFS database and then downloaded onto a secure disclosure website which defence agents can then access to obtain the disclosure information in respect of a particular case for which they have been instructed.
Testing of this new website is currently underway with a small number of defence agents in Glasgow and it is anticipated that this new system will be rolled out in early 2010.
There is no doubt that the introduction of these new processes by COPFS will be a culture change for all concerned, but it should provide a more efficient and secure method of disclosure of personal, and often sensitive, information to defence agents.
Angela Farrell, Policy Division, COPFS
Legal requirement
The seventh data protection principle states: “Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.”
In this issue
- Home reports have devastated the Scottish house market
- Review of the Fatal Accident Inquiry Legislation
- The Gill Review: a personal injury practitioner’s perspective
- A tale for our times
- A step too far?
- Report card
- Down the slipway
- Homing instinct
- Bottle for a contest
- Ready for the VAT rise?
- New website to promote training openings
- First solicitor advocates approved as "senior"
- Your feedback
- The very definition of paralegal
- Law reform update
- Lawyers can network too
- Ask Ash
- Welcome, user! (and you're sued)
- Communication, communication, communication
- Keeping the peace
- On the mark?
- Crown disclosure: the next level
- Tackling improvements
- Camera angles
- Cutting red tape in Europe
- Scottish Solicitors' Discipline Tribunal
- Website review
- Book reviews
- Calling the shots
- Sector "rising to challenge": Millar
- "One size" is a dodgy fit
- BSA brings in standard instructions
- A new burden is born
