Home | Databases | WorldLII | Search | Feedback Privacy Laws and Business International Report

North Wales Police ensures continous training with help of technology [2000] PLBIRp 6; (2000) 52 Privacy Laws and Business International Report 8

North Wales Police ensures continuous training with help of technology

PUBLIC SECTOR ORGANISATIONS often struggle to make ends meet when it comes to organising data protection training. In the UK, the North Wales Police are tackling the need for continuous awareness raising by using computer-based training, and building an interactive Intranet to enhance the current training.

The North Wales Police Data Protection and Audit Team, which consists of five full-time employees, is responsible for providing information on data protection issues for 1,981 police officers and civilians. With the need to train all staff, training has to be tailored according to the requirements of specific groups.

Privacy Laws & Business talked to the Data Protection Co-ordinator, Sandra Davies, at the North Wales Police headquarters in Colwyn Bay about how the organisation organises internal training and awareness raising.

PL&B: What kind of basic data protection training do you provide?

Sandra Davies: We do not only organise set data protection training days, for example for Probationer Constables, but we also involve ourselves in other issues, for example going to and speaking during the computer courses. Everyone in the organisation receives the same basic data protection training, and it is tailored depending on which group we are talking to. There are certain issues that everyone needs to know about, for example subject access.

However, the specific needs of various groups differ. When it comes to operational police officers, we stress how to respond when they are dealing with the general public and need to collect or disclose personal data. On the other hand, with regard to computer operators, the biggest issue for them is the rules and regulations about disclosing personal data. Accuracy, for example, is an issue for all staff.

While everyone will receive basic knowledge of the data protection principles, we present them in a pragmatic way so that the provisions apply to the every-day situations that they come across in their jobs.

I would call all our activities awareness raising rather than training. We concentrate on providing continuous advice, and encourage people to get in touch any time. We have a 24- hour helpline; staff can get hold of us via a mobile phone at any time of the day. The intention is to make data protection an issue that is in the back of the staffs' minds all the time.

PL&B: Apart from the issues related to disclosing personal data, what are the other aspects of the Data Protection Act that you stress when training police officers?

Sandra Davies: One important issue is consent. It is needed, for example, if the police officers ask whether the person they are dealing with wants to take part in a victim support scheme. Most personal data we gather does not need specific consent, but there are these add-on functions, for which we require an informed consent.

PL&B: Which are the main data protection issues for staff working in administration?

Sandra Davies: Again disclosure, and accuracy of data. It is vital that our data is up to date. As most of the data we hold is sensitive, it is absolutely necessary that staff know which information we cannot disclose.

PL&B: How do you ensure that all staff are aware of their responsibilities under the law?

Sandra Davies: We recently carried out a successful marketing campaign in order to increase awareness and get the message across that data protection law does not stop the police from carrying out their duties. When the 1984 Act came into force it was seen very much as a disabling piece of legislation. We wanted to make all staff understand that as long as they tell us what they want to achieve in terms of collecting and handling data, we will be able to tell them the best legal way of conducting that data processing operation.

Our data protection campaign began about twelve months ago and now we are constantly receiving phone calls from individual members of staff who want to check with us that they are doing the right thing. We are also in the process of developing a disclosure policy. It will outline all the situations when we can dis- close personal data as well as when it is forbidden. This will be of great help because at the moment the information is in the form of Home Office circulars, which are kept separately. The disclosure policy will also be put on our Intranet, so it will always be easily accessible.

PL&B: Which methods did you use to raise awareness?

Sandra Davies:We have only had full responsibility for data protection for the last 18 months. Before that, the role was mainly to conduct computer audits and oversee IT security. We then started to bring more and more data protection issues to the attention of the staff during these visits. We also used the "weekly orders," an internal newsletter, to publish small snippets of data protection information every now and again.

As the top management is very committed to data protection issues, all new projects are now evaluated from the point of view of data protection before proceeding with them. The actual training is delivered on a light note, so that it is understandable and interesting.

PL&B: What are the training sessions like?

Sandra Davies: The initial training for the probation officers takes 2.5 hours. It is tailored to the level of the audience and their job tasks. After that, they can visit our Intranet which is just being set up. It will include questions that are typically asked, and answers to them. Staff will also be able to post their own questions and we will reply to them within a week. We will also constantly update the Intranet to make it interesting and worth visiting often.

In addition to this, we will start using a computer-based training programme. This is being developed specifically for the police by Easy-i, and we are involved in testing it for them. We are hoping to tailor our own questions according to our view of the data protection issues that the staff generally do not understand.

In order to make sure that staff actually use the programme, we intend to include data protection in the Personal Development Reviews, which are part of the annual staff appraisals. Everyone will be expected to have completed the data protection computer training as part of their personal development programme. We can easily verify that because the computer programme includes an audit trail.

PL&B: Do you have enough resources to organise all the training you would like to?

Sandra Davies:We do have a problem with scarce resources. Another problem is finding enough time. Police officers need to know about every piece of legislation that is adopted, as well as be trained on all the special skills. Therefore, there is a lack of time. We cannot expect that they can dedicate as much time to data protection training as we would perhaps like.

It is important that there is a rolling programme so that they can get the information when they need to. The Intranet and the computerbased training will provide just that. Everyone has access to a computer, and they can sit down to get more information about data protection in their own work place.

PL&B: Is it possible to receive extra training?

Sandra Davies: Yes. We can organise it on one-to-one basis, and often do.

PL&B: Do you organise ad hoc training if there are specific training needs?

Sandra Davies: Yes, we identify the needs in various ways, or if there are one-off issues such as the millennium bug, we can organise specific training quite quickly. We also provide training to our partners, which are outside agencies we operate with, such as the Mountain Rescue team. They need to be made aware of our data protection issues, and it is in our interest that they receive some training.

We have also offered training to local councils on matters related to the use of closed circuit television. We also train the Special Constabulary, who are volunteer police officers.

PL&B: How much data protection training would an employee have had, who has worked for the police force for a year?

Sandra Davies: It depends on their role. A station assistant working on the front desk at a police station, for example, would have had the initial induction, updating training on the police command and control system, and an update on the use of the PNC, the Police National Computer. This amounts to about six hours of training.

PL&B: What training materials do you use and what are the advantages and disadvantages?

Sandra Davies: First of all handouts and videos. We have used the videos produced by the Data Protection Registrar's office. Handouts tend not to work so well as they are just one more thing to read for police officers, who are inundated with information. Verbal training works best, especially if delivered in small groups. Our induction training classes consist of 6- 8 people. The small size of the group encourages people to ask questions during the training and also come back to us afterwards with any further queries. Also, a quiz we make the trainees do at the end of a training session works very well.

We are now working on a booklet, which will include the basic data protection issues. This will be given to all members of staff. Hopefully the booklet will be very helpful. However, best of all will be the website because of its timeliness and interactive features.

PL&B: How do you ensure that the training has been well received?

Sandra Davies: At the end of the training sessions our Training Department hands out feedback and evaluation forms. There are no tests or exams because they could be seen as off-putting. However, with the Easy-i disk, we will be able to see which questions the staff gets wrong. It won't be seen as a test, though, because the programme is in the form of a game, and if you give the wrong answer, the programme alerts you to it and asks you to answer again.

PL&B: Will you receive extra resources because of the need to inform staff of the new provisions under the Data Protection Act 1998?

Sandra Davies: No, there won't be more finance. As for training, we already cover the differences between the old and the new law in our current training sessions. It is possible, though, that we will have to organise additional training for specific groups on how to deal with manual records. That is the biggest issue for the police when talking about the new Act. We are currently converting some of our paper records into electronic form, but much will be left as we need to keep our records for such a long time.

With regard to future training, there will be new issues, which may require more resources. We will need to train everyone on the Human Rights Act when it comes into force, as well as the future Freedom of Information legislation.