Quickly exit this site by pressing the Escape key Leave this site
We use some essential cookies to make our website work. We’d like to set additional cookies so we can remember your preferences and understand how you use our site.
You can manage your preferences and cookie settings at any time by clicking on “Customise Cookies” below. For more information on how we use cookies, please see our Cookies notice.
Your cookie preferences have been saved. You can update your cookie settings at any time on the cookies page.
Your cookie preferences have been saved. You can update your cookie settings at any time on the cookies page.
Sorry, there was a technical problem. Please try again.
This site is a beta, which means it's a work in progress and we'll be adding more to it over the next few weeks. Your feedback helps us make things better, so please let us know what you think.
FOI Reference: 535/2023
Request:
Response 1:
I can confirm that Dyfed-Powys Police does hold the information requested, however some of that information has been exempted by virtue of Section 40(2) – Personal Information. An explanation of the applied exemption has been outlined at the end of the document.
Response 2, 3 & 4:
I can confirm that there is no information held/recorded by Dyfed Powys police as we do not have a specific I.T procurement policy, software asset management policy, a hardware asset management policy and/or a corporate/purchasing credit card policy.
However, under Section 16 of the FOI Act (help and assistance) please see the following hyperlink which may be of use and relates to Corporate Credit Cards, Procurement Cards and Fuel Cards (Section 10.5)
Corporate Governance Framework 2018 Saesneg (dyfedpowys-pcc.org.uk)
Response 6:
I can confirm that Dyfed-Powys Police does hold the information requested, however some of that information has been exempted by virtue of Section 40(2) – Personal Information. An explanation of the applied exemption has been outlined at the end of the document.
Explanation of the applied exemption – Section 40 (Personal Information)
Section 40(2) applies to third party personal data and is exempt from disclosure under the Freedom of Information Act 2000 if disclosure, in relation to data subject to law enforcement processing, would breach any of the data protection principles contained within Part 3 - Chapter 2 of the Data Protection Act 2018.
Under Section 34 within Chapter 2 “The Controller in relation to personal data is responsible for and must be able to demonstrate, compliance with” Chapter 2. Such information would not be released under the Freedom of Information Act 2000 unless there is a strong public interest. One of the main differences between the Freedom of Information Act 2000 and the Data Protection Act 2018 is that any information released under FOI is released into the public domain, not just the individuals requesting the information and disclosure under the Act must be made with that in mind. As such, any release that identifies any individuals through releasing their personal data, even third party personal data is exempt.
Personal data is defined under Section 3 of the Data Protection Act 2018 as:
“(2) ‘Personal data’ means any information relating to an identified or identifiable living individuals (subject to subsection (14)(c)).
(3) ‘Identifiable living individuals’ means a living individuals who can be identified, directly or indirectly, in particular by reference to—
(a) An identifier such as a name, an identification number, location data or an online identifier, or
(b) One or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of the individuals.”
All members of the public including those employed by the force have an intrinsic right to privacy and these rights are protected by virtue of the Human Rights Act, the Data Protection Act 2018 and the UK General Data Protection Regulation (UK-GDPR) and a public authority must not interfere with that right. Any release of the information subject to the exemption is likely to compromise those rights.
Data Protection Act 2018
Part 3 – Law Enforcement – Chapter 2 Principles Section 35
The first data protection principle:
“(1) The first data protection principle is that the processing of personal data for any of the law enforcement purposes must be lawful and fair.”
UK - General Data Protection Regulation
Article 5 of the UK-GDPR – ‘Principles relating to processing of personal data’ provides:
“1. ‘Personal data’ shall be
(a) Processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency);
(b) Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest…
2. The controller shall be responsible for, and be able to demonstrate compliance with, paragraph 1 (‘accountability’).”
Dyfed-Powys Police would not want to disclose any information that could potentially identify any individuals. In this particular case, to release some of the requested information could lead to the identification of individuals. To release such information would be a direct breach of Data Protection legislation and as a consequence I am satisfied that Section 40(2) Personal Information exemption is applicable to the release of the information. The Section 40 exemption is in part qualified and in part absolute, in the present case it would be absolute as to release the information would breach Data Protection legislation and therefore there is no requirement to carry out a public interest test.
It should be noted that owing to the systems adopted by Dyfed-Powys Police in relation to the recording of such matters the information provided may or may not be accurate. It should be noted that for these reasons this Force’s response to your questions should not be used for comparison purposes with any other response you may receive.
(This is a response under the Freedom of Information Act 2000 and disclosed on 26/03/24)