Gallwch adael y wefan hon yn gyflym drwy wasgu’r fysell Escape Allanfa Gyflym
Rydym yn defnyddio rhai cwcis hanfodol i wneud i’n gwefan weithio. Hoffem osod cwcis ychwanegol fel y gallwn gofio eich dewisiadau a deall sut rydych yn defnyddio ein gwefan.
Gallwch reoli eich dewisiadau a gosodiadau cwcis unrhyw bryd drwy glicio ar “Addasu cwcis” isod. I gael rhagor o wybodaeth am sut rydym yn defnyddio cwcis, gweler ein Hysbysiad cwcis.
Mae eich dewisiadau cwcis wedi’u cadw. Gallwch ddiweddaru eich gosodiadau cwcis unrhyw bryd ar y dudalen cwcis.
Mae eich dewisiadau cwcis wedi’u cadw. Gallwch ddiweddaru eich gosodiadau cwcis unrhyw bryd ar y dudalen cwcis.
Mae’n ddrwg gennym, roedd problem dechnegol. Rhowch gynnig arall arni.
Diolch am roi cynnig ar fersiwn 'beta' ein gwefan newydd. Mae'n waith ar y gweill, byddwn yn ychwanegu gwasanaethau newydd dros yr wythnosau nesaf, felly cymerwch gip a gadewch i ni wybod beth yw eich barn chi.
FOI Reference: 535/2023
Request:
Response 1:
I can confirm that Dyfed-Powys Police does hold the information requested, however some of that information has been exempted by virtue of Section 40(2) – Personal Information. An explanation of the applied exemption has been outlined at the end of the document.
Response 2, 3 & 4:
I can confirm that there is no information held/recorded by Dyfed Powys police as we do not have a specific I.T procurement policy, software asset management policy, a hardware asset management policy and/or a corporate/purchasing credit card policy.
However, under Section 16 of the FOI Act (help and assistance) please see the following hyperlink which may be of use and relates to Corporate Credit Cards, Procurement Cards and Fuel Cards (Section 10.5)
Corporate Governance Framework 2018 Saesneg (dyfedpowys-pcc.org.uk)
Response 6:
I can confirm that Dyfed-Powys Police does hold the information requested, however some of that information has been exempted by virtue of Section 40(2) – Personal Information. An explanation of the applied exemption has been outlined at the end of the document.
Explanation of the applied exemption – Section 40 (Personal Information)
Section 40(2) applies to third party personal data and is exempt from disclosure under the Freedom of Information Act 2000 if disclosure, in relation to data subject to law enforcement processing, would breach any of the data protection principles contained within Part 3 - Chapter 2 of the Data Protection Act 2018.
Under Section 34 within Chapter 2 “The Controller in relation to personal data is responsible for and must be able to demonstrate, compliance with” Chapter 2. Such information would not be released under the Freedom of Information Act 2000 unless there is a strong public interest. One of the main differences between the Freedom of Information Act 2000 and the Data Protection Act 2018 is that any information released under FOI is released into the public domain, not just the individuals requesting the information and disclosure under the Act must be made with that in mind. As such, any release that identifies any individuals through releasing their personal data, even third party personal data is exempt.
Personal data is defined under Section 3 of the Data Protection Act 2018 as:
“(2) ‘Personal data’ means any information relating to an identified or identifiable living individuals (subject to subsection (14)(c)).
(3) ‘Identifiable living individuals’ means a living individuals who can be identified, directly or indirectly, in particular by reference to—
(a) An identifier such as a name, an identification number, location data or an online identifier, or
(b) One or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of the individuals.”
All members of the public including those employed by the force have an intrinsic right to privacy and these rights are protected by virtue of the Human Rights Act, the Data Protection Act 2018 and the UK General Data Protection Regulation (UK-GDPR) and a public authority must not interfere with that right. Any release of the information subject to the exemption is likely to compromise those rights.
Data Protection Act 2018
Part 3 – Law Enforcement – Chapter 2 Principles Section 35
The first data protection principle:
“(1) The first data protection principle is that the processing of personal data for any of the law enforcement purposes must be lawful and fair.”
UK - General Data Protection Regulation
Article 5 of the UK-GDPR – ‘Principles relating to processing of personal data’ provides:
“1. ‘Personal data’ shall be
(a) Processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency);
(b) Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest…
2. The controller shall be responsible for, and be able to demonstrate compliance with, paragraph 1 (‘accountability’).”
Dyfed-Powys Police would not want to disclose any information that could potentially identify any individuals. In this particular case, to release some of the requested information could lead to the identification of individuals. To release such information would be a direct breach of Data Protection legislation and as a consequence I am satisfied that Section 40(2) Personal Information exemption is applicable to the release of the information. The Section 40 exemption is in part qualified and in part absolute, in the present case it would be absolute as to release the information would breach Data Protection legislation and therefore there is no requirement to carry out a public interest test.
It should be noted that owing to the systems adopted by Dyfed-Powys Police in relation to the recording of such matters the information provided may or may not be accurate. It should be noted that for these reasons this Force’s response to your questions should not be used for comparison purposes with any other response you may receive.
(This is a response under the Freedom of Information Act 2000 and disclosed on 26/03/24)