Scottish police reprimanded for illegally storing biometrics
The Scottish Police Authority (SPA)’s Policing Performance Committee met in June to discuss assurance reviews from the Scottish Biometrics Commissioner, which found that the police had stored large amounts of biometric data from arrests on a cloud-based server, in violation of Scottish law.
The SPA agreed to accept the recommendations from the assurance reviews, which the commissioner, Dr. Brian Plastow, said would “enhance the ‘right to information’ for data subjects, better protect children, and place better information in the public domain to maintain public confidence and trust in the use of biometric data for policing and criminal justice purposes.”
“The Joint Assurance Review on the acquisition of biometric data from vulnerable persons in police custody requiring the support of an Appropriate Adult under (Scottish law)” report contains three recommendations. They cover the improved communication of information about biometric data collection, and the appropriate management of collected information.
“The Joint Assurance Review on the acquisition of biometric data from children arrested in Scotland” report lists four recommendations, which cover similar concerns, but add the need for accessible operational policies, procedures, and practices in line with Scottish law, to avoid a blanket solution in cases involving children, which it emphasizes should be assessed individually.
Despite acknowledged cooperation, Scottish police were reprimanded by the biometrics commissioner for piloting a digital evidence-sharing system that stores body camera footage on an Azure cloud server, due to the potential for U.S. government access via the Cloud Act. A report in Computer Weekly says that police have uploaded “significant volumes” of biometric images to the server, putting the data at risk and “bringing into question the effectiveness of the current regulatory approach and the overall legality of using hyperscale public cloud technologies in a policing context.”
Article Topics
biometric data | biometrics | data collection | data storage | police | regulation | Scotland | Scottish Biometrics Commissioner
Comments