Iain Smith's point is fairly substantive, and I am grateful to him for raising it. The Executive has had some discussions with him and the Education Committee during the passage of the bill to try to flesh out some of the issues on accuracy.
Through constituency cases, colleagues will be familiar with issues around the information that is provided on an enhanced disclosure. Iain Smith mentioned one or two of the issues that have been raised with him. The Executive lodged amendments at stage 2 to clarify the rights of individuals to review such information and no further amendments to the bill are required. However, I will give members a bit more information about how the system works.
First, national guidance—in the form of a code of practice and a national manual for the recording and dissemination of intelligence material—provides robust arrangements for governing the collection and retention of information. That guidance is the basis of the Scottish police service's policy for the creation, review and weeding of records on the Scottish intelligence database. Information that the police gather is added to the database only after it has been assessed using a standard grading system that is used by all police forces throughout the United Kingdom; the 5x5x5 system grades information according to the reliability of its source, its accuracy and whether the source needs protection.
The 5x5x5 system covers information that is used for police purposes. That is not quite the same as what will end up on a scheme record, but it means that the accuracy of the information has been assessed before it is added to the Scottish intelligence database. That does not mean that information that cannot easily be verified will not be put on the database, but it means that an operational officer who assesses the information
The police have agreed national guidance on the disclosure of non-conviction information under the bill to ensure a consistent approach. That approach is underpinned by a quality assurance framework, which is being piloted in Fife and which will be rolled out to the other seven forces in the coming months. Her Majesty's chief inspector of constabulary for Scotland will audit compliance with the quality assurance framework as part of his regular inspections of forces, the results of which are published.
The amendments that we made to the bill at stage 2 clarified the fact that individuals will be able to ask for a review of non-conviction information that is included on a scheme record on the basis that it is not relevant, as well as on the basis that it is inaccurate. The short answer to Iain Smith's question about whether individuals will be able to challenge inaccuracies of the kind to which he referred is yes. Chief constables will be required to review the information that has been disclosed. If an individual is unhappy with the outcome of such a review, he or she can ask the chief constable for a review under the Data Protection Act 1998. That act is reserved and therefore it is not open to us to amend it, but it is in the background of such situations. If the request to the chief constable for a review under the act fails, the individual can ask the information commissioner—not Kevin Dunion, but the United Kingdom information commissioner, whose job it is to oversee the operation of the Data Protection Act 1998—to conduct an assessment. If the individual's complaint is upheld, the information commissioner can direct the chief constable to amend or delete information if necessary.
That is the broad assurance on the matter, but it may be worth while saying a little bit beyond that. An individual has the right to ask the chief constable for a copy of all information that is held about them, for which a £10 fee is payable. An individual may find out that the police hold information about them by way of an enhanced disclosure but, at any time, they can get a copy of any information that is held on them.
The chief constable is under a duty to ensure that the information that is held about an individual is accurate and is held for purposes that are allowed under the data protection legislation. I have explained that an individual has the right to explain what is wrong with the information, that the chief constable must consider the request for review and that the case could go to the information commissioner for an assessment. If the commissioner thinks that the law has been broken, he will give the police advice and ask them to solve the problem. If there is any dispute,
An individual also has the right to take the case to court for judicial review following the commissioner's decision. There may be circumstances in which personal data, although inaccurate, accurately reflect information obtained from a third party. In that situation, the court will consider whether the police took reasonable steps to ensure that the data were correct, having regard to the purposes for which they were obtained and processed, whether the individual has notified the police that the data were inaccurate and, if so, whether the data indicate that fact. The court may order the police to amend or destroy the data or may make an order that requires the data to be supplemented by a statement that relates the true facts.
I hope that that provides wider background to this complex and difficult area. My principal point is that there is a procedure, which involves an application to the chief constable to correct or otherwise amend information, then an overview by the information commissioner under the Data Protection Act 1998 and thereafter an appeal to the court.