Police Scotland five-year digital strategy approved
The Scottish Police Authority (SPA) has approved a five-year digital strategy for Police Scotland that seeks to shift the power from “doing digital” to “being digital” by way of a sequence of investments into each new and current know-how capabilities.
Drafted with the help of consultancy agency Ernst & Young and XXX Capgemini, the strategy outlines priorities for Police Scotland’s ongoing digital transformation efforts, which embrace making body-worn video (BWV) cameras extensively accessible; enhancing its knowledge science and analytics capabilities; changing ageing legacy infrastructure; investing in cyber safety and resilience; and additional creating its digital proof sharing capabilities.
“The Digital Strategy focuses on articulating how digital, data and technology will support Police Scotland to address the increasing digital demands of today,” it stated. “The Digital Strategy consolidates individual project and programme strategies and technology approaches, ensuring alignment of data and digital components, and bringing an architectural and technical cohesion to delivery.”
Specific applied sciences that can be delivered by the strategy embrace real-time biometric analytics, pure language processing and augmented actuality.
Approved by the SPA Board throughout its 24 August assembly, the strategy is underpinned by six “key enablers”, which embrace recognising knowledge as an asset; knowledge ethics; cyber resilience; individuals; sustainability; and worth for cash.
On extra superior capabilities comparable to synthetic intelligence (AI), machine studying (ML) and facial-recognition, the strategy famous “it is essential that these are only considered for introduction into operational policing after the appropriate Data Ethics assessments have taken place”, which incorporates utilizing a mix of inner, impartial and ongoing post-deployment scrutiny to determine and mitigate any dangers.
“As technology continues to advance, we have a positive duty to harness those developments to keep people safe,” stated deputy chief constable designate Fiona Taylor in the course of the SPA Board assembly.
“As we introduce new technologies, we will continue to engage with partners in the public, and we welcome the vital support, challenge and active oversight of the Scottish Police Authority. This will help us to address any concerns and ensure the use of new tech is transparent, ethical and aligned with our values.”
However, she added that whereas “it is vital we continue to set out an ambitious strategic direction … the pace of change will be affected by the availability of funding”.
In the outline business case for the strategy introduced by Andrew Hendry, chief digital and data officer for Police Scotland, it famous the necessity for “staged investment” in order that varied points of the strategy could be applied as funding is supplied.
As a part of this, Police Scotland will even search to attain contract flexibility by together with “off-ramps”, “whereby contracts are let in stages to give us the ability to terminate or change at specified milestones”.
It added that, total, the strategy would require funding of almost £399m throughout the 5 years, however round £184m of it pertains to initiatives which might be already underway.
Data safety points with main mission
In April 2023, Computer Weekly revealed the Digital Evidence Sharing Capability (DESC) service – a key programme outlined within the digital strategy to modernise the felony justice system that has been contracted to body-worn video supplier Axon for supply and hosted on Microsoft Azure – was being piloted regardless of the SPA elevating considerations about how the usage of Azure “would not be legal”.
According to a Data Protection Impact Assessment (DPIA) by the SPA – which notes the system can be processing genetic and biometric data – the system presents a number of dangers to knowledge topics’ rights.
This consists of the potential for US authorities entry by way of the Cloud Act, which successfully provides the US authorities entry to any knowledge, saved wherever, by US firms within the cloud; Microsoft’s use of generic, somewhat than particular, contracts; and Axon’s lack of ability to adjust to contractual clauses round knowledge sovereignty.
Off the again of Computer Weekly’s protection, Scottish biometrics commissioner Brian Plastow served Police Scotland (because the lead knowledge controller for the system) with a proper data discover on 22 April 2023, requiring the power to display that its use of the system is compliant with Part Three of the Data Protection Act 2018 (DPA 18), which comprises the UK’s regulation enforcement-specific knowledge safety guidelines.
While Police Scotland’s response to Plastow has not been publicly disclosed, he confirmed in correspondence with Computer Weekly that the power “uploaded significant image volumes to DESC during this pilot”, which particularly included stills and CCTV photos.
Computer Weekly additionally revealed that whereas Police Scotland was conscious of the info safety points highlighted by each the SPA and Information Commissioner’s Office (ICO) – which was clear that the processing couldn’t go ahead with out formal session with the info regulator – the power determined to press forward with its deployment of the system anyway.
Following the affirmation from Police Scotland that it uploaded important volumes of biometric data in the course of the DESC pilot, Plastow confirmed his workplace can be formally assessing the power’s compliance with Scotland’s statutory Code of Practice on the usage of biometric knowledge in winter 2023, with a report detailing his findings because of be laid earlier than Scottish Parliament in spring 2024.
The ICO has confirmed to Computer Weekly that it’s “actively considering these issues and engaging with relevant authorities”, though no timeline was supplied for a choice.
