INFORMATION SHARING AGREEMENT
YOU, THE SCAN NET MEMBER, AGREE TO THE TERMS OF THIS INFORMATION SHARING AGREEMENT EACH TIME YOU SIGN INTO A SCAN.NET SYSTEM
Creating alerts between businesses who use SCAN NET – The Safer Clubbing At Night Network.
Table of contents
2. Policy Statements And Purpose
4. Basis For Sharing
5. SCAN NET Alerts – How do they Work ?
6.1 Generating an Alert
6.3 Information to be Shared
6.4 How Will Information be Transferred ?
6.5 Administrative Guidelines
6.6 Ensuring Data Quality
6.7. Information Use, Review, Retention and Deletion
6.8. Subject Access Requests
7. Roles and Responsibilities Under the Agreement
8. ISA Review
[/text_output][text_output]Title of Agreement
SCAN NET Information Sharing Agreement (ISA)
To facilitate the sharing of alert information between organizations using the SCAN NET System.
The purpose of the information sharing is to satisfy the four main principles of the Licensing Act 2003, namely, to reduce crime, to protect the public, to protect children, and to ensure public safety.
Date agreement comes into force
Revision Date (Ver. 1.1)
Date of agreement review
1.1 This Information Sharing Agreement (“ISA”) has been drawn up under the umbrella of best practice guidance from the National Pubwatch, Thames Valley, Metropolitan Police, Hampshire Police, Cambridgeshire Police and several other ISAs which are currently in place. Collectively these sources set out the core information-sharing principles in this ISA.
1.2 The Licensing Act 2003 embraces four main principles, one of which is the protection of children. Licensed businesses and their staff are legally obliged to ensure that they do not serve alcohol to anyone under the age of 18 years. Licensed businesses are also required by law to prevent crime and disorder, prevent public nuisance and ensure the safety of those using their premises. To assist licensed businesses comply with these legal obligations, the present ISA is established between SCAN NET Members to support the sharing of selected information therebetween.
1.3 For clarity, the term “SCAN NET System” will be used henceforth to refer to the computer system described in Appendix 1 to this ISA. In a corresponding manner, persons or organizations using the SCAN NET System will be referred to henceforth as “SCAN NET Users”.
1.4 Similarly, the term “SCAN NET Network” will be used henceforth to refer to a group of SCAN NET Users agreeing to share information under the terms of this ISA. SCAN NET Users who are signatories to this ISA will be known as “SCAN NET Members”. Consequently, all SCAN NET Members are inherently SCAN NET Users, but unless they are signatories to this ISA, SCAN NET Users are not SCAN NET Members.
1.5 The SCAN NET System allows SCAN NET Users to form their own sub-groups within its environment. However, these sub-groups are independent of the SCAN NET Network and are governed by their own rules, procedures and information sharing arrangements, which are in no way connected with this ISA (and associated policies and procedures).
2. POLICY STATEMENTS AND PURPOSE
Licenced premises are considered in law to be private premises. Businesses operating from such premises who invite members of the public onto the premises are strictly governed by the Licensing Act 2003(http://www.legislation.gov.uk/ukpga/2003/17/contents).
The Licensing Act 2003 covers four main principles, one of which is the protection of children. Licence holders and their staff are legally obliged to ensure that they do not serve alcohol to anyone under the age of 18 years. They are also legally obliged to prevent crime and disorder, prevent public nuisance and ensure the safety of those using their premises. To help licensed businesses comply with these obligations, information processed in an individual SCAN NET System may be shared between SCAN NET Members.
The SCAN NET System is a computer system which takes a scanned copy of an identity document (“ID”) volunteered by a member of the public. From this scanned copy, the SCAN NET System checks the age of the ID-holder and whether the ID-holder is listed on a database of people about whom alerts have been created by other venues in the SCAN NET Network (wherein the or each of these people may or may not have been barred from the venues that created the alert). The SCAN NET Network helps create a safe and enjoyable environment for the public, where only persons of legal age and those unlikely to interrupt other customers’ enjoyment are admitted to a licensed venue.
SCANNET IS VOLUNTARY
SCAN NET Users are not obliged to scan IDs through the SCAN NET System. Similarly, customers of SCAN NET Users are not obliged to provide their IDs for scanning through the SCAN NET System. However, should a customer allow a SCAN NET Member to scan their ID, the SCAN NET Member will use information acquired from the ID for the following reasons only:
(a) personal safety;
(b) to create a log of customers on the premises;
(c) to assist the police and local authorities on request therefrom for access to relevant information;
(d) to create an alert to be shared with other SCAN NET Members, in the event the ID-holder has been barred from the SCAN NET Member’s premises and the alert would benefit the public and SCAN NET Members’ staff;
(e) to help SCAN NET Members fulfill any of the four main principles of the 2003 Licensing Act; and
(f) for marketing statistics and direct mailing of marketing information.
The process of creating alerts is implemented and controlled by a network of businesses that have independently chosen to form alliances for the purposes of sharing information. The regulation and legitimacy of these alliances has been tested through Judicial Review and High Court actions on a number of occasions and in each case, the judgment has been that the process is legitimate. The absolute right to refuse entry to licensed premises for any reason other than race or gender is preserved in law and promoted in the Licensing Act 2003.
The key principles to emerge from the judgements are:
1. Individual licensees have an unrestricted right to exclude anyone, particularly those who they see as “trouble-makers” from their premises.
2. Individual licensees have the right to exclude those whom others have found to be “trouble-makers”.
3. Individual licensees are entitled to form groups or associations to pool information and discuss matters of common interest and make the exclusion of potential troublemakers more organised and systematic.
4. The only basis for an argument that such banning decisions are amenable to judicial review lies in the degree of involvement that public bodies, in this context either the Police or the Licensing Authority, have had in the making of that decision.
2.1 The purpose of this ISA is to enable information to be shared between SCAN NET Members
3.1 This ISA is between the SCAN NET Members (i.e. members of the SCAN NET Network). A current list of SCAN NET Members is available on request from Safer Clubbing at Night Network (SCAN NET) Ltd.
4. BASIS FOR SHARING
4.1 This ISA fulfils the requirements of the following
- The Data Protection Act 1998 (Sections 29(3) and 35(2))
- The Data Protection Act 1998 (Principle 1) Schedules 2 and 3
- The Data Protection (Processing of Sensitive Personal Data) Order 2000/417
- The Licensing Act 2003
- Boyle, R (on the application of) v Haverhill Pub Watch and Ors  EWHC 2441 (Admin)
- The Human Rights Act 1998 (Article 8);
- The Freedom of Information Act 2000
- The Crime and Disorder Act 1998 (section 115);
- Civil Contingencies Act 2000
- Common Law Duty of Confidentiality
- Local Government Act
- The Children Act 1989
- The Children Act 2004
4.2 Any information shared between SCAN NET Members and processes used to share such information are compliant with relevant Human Rights legislation.
5. SCAN NET ALERTS – HOW DO THEY WORK ?
Visitors to venues operating the SCAN NET System are asked to volunteer their ID for scanning to help create a safer Night-Time Economy (NTE). However, visitors ARE NOT OBLIGED to provide their IDs for scanning. When a customer’s ID is scanned, it is automatically compared with a list of people about whom a SCAN NET Alert (described below) has been issued.
A “SCAN NET Alert” is a shared digital communication describing an alleged incident that took place at the premises of a SCAN NET Member; who has chosen to share these details with other SCAN NET members, so that they might benefit from the knowledge thereof. For brevity, the creator of a SCAN NET Alert will be referred to henceforth as an “SCAN NET Alert Originator”. Similarly, a SCAN NET Member in receipt of a SCAN NET Alert will be referred to henceforth as an “SCAN NET Alert Recipient”
A SCAN NET Alert identifies a party to a specific alleged incident. For brevity, any such person will be referred to henceforth as a “SCAN NET Alert Subject”. A SCAN NET Alert also specifies the nature of the alleged incident. Such incidents may comprise one or more of a variety of undesirable activities or features including potential criminal, unsafe or nuisance behaviour (e.g. swearing, spitting, abusive or aggressive behaviour). It will be recognized that particular behaviours, features or activities may or may not be acceptable to a given SCAN NET Member depending on conditions attached to their license and/or individual admittance policies. SCAN NET Alert Recipients may use the details contained in a received SCAN NET Alert to make an informed decision (in accordance with their individual license conditions and admission policies) whether to admit a person matching the SCAN NET Alert Subject. In so doing, the SCAN NET Network helps SCAN NET Members to comply with their statutory obligations under the Licensing Act 2003.
For clarity, it should be understood that a SCAN NET Alert is NOT a ban. A ban is only deemed to be in place at a venue in which an alleged incident took place. A SCAN NET Alert merely relates to an allegation which may or may not have led to the implementation of a ban at the venue in which the relevant alleged incident took place. A SCAN NET Alert does not entitle another SCAN NET Member to automatically ban a SCAN NET Alert Subject from their premises. Instead, a SCAN NET Alert provides information which allows a SCAN NET Alert Recipient to have a discussion with the SCAN NET Alert Subject; and based thereon, make an informed judgement about whether to admit the person to the relevant SCAN NET Member’s premises.
Businesses and communities using the SCAN.NET Network have experienced a 25% to 80% reduction in incidents according to independent reports issued by Devon and Cornwall Police, Kingston First and Herts Police. Further details can be found in the case studies reported on the Safer Clubbing at Night Network (SCAN NET) website at http://nightclub.co.uk/downloads/
In August 2007, the Information Commissioner confirmed that there is nothing inherently illegal in venues using ID scanning equipment and that considerable attention had been paid to ensure the data captured is held securely. The Assistant Commissioner at the Information Commissioner’s Office stated that it is certainly not the case that venues using the SCAN NET System will be inevitably in breach of the Data Protection Act 1988. Furthermore the Information Commissioner issued a press release stating “We are satisfied that the company takes data protection and privacy considerations seriously. Considerable attention has been paid to seeking to ensure the data captured is held securely. In summary, we are satisfied that it is certainly not the case that anyone using the equipment will inevitably be in breach of the Data Protection Act 1998”.
The SCAN NET Alert process comprises a step-wise gated methodology for the tiered delivery of personal data. More specifically, a SCAN NET Alert does not contain personal details of the SCAN NET Alert Subject. On the contrary, a SCAN NET Alert comprises only basic data elements delivered in an encrypted format. A photograph of the SCAN NET Alert Subject is only shared with a SCAN NET Member when a percentage of randomly selected factors relating to the SCAN NET Alert Subject (and packaged into the SCAN NET Alert), matches those in an ID presented by a newly arrived customer to the SCAN NET Member. The technology underpinning this process is described in and protected by UK Patent Application No. GB1415938.8. A key aspect of the SCAN NET Network is the absence of a searchable database of the names of the SCAN NET Alert Subjects.
As shown in Figure 1, when a statistical matching is achieved between details contained in a SCAN NET Alert and the scanned ID of a newly arrived customer, an image of the new customer is presented beside an image of the SCAN NET Alert Subject. The Operator of the SCAN NET System is asked the question “ARE THESE TWO PEOPLE THE SAME PERSON?”
Figure 1: Screen Shot from SCAN NET Software
In the event the Operator indicates that he/she believes the two images are of the same person, the SCAN NET System asks the Operator “DO YOU WANT TO SEE THE ALERT?” In the event of an affirmative response, the Operator is presented with:
- the reason for the SCAN NET Alert;
- the location from which the SCAN NET Alert originated;
- the date of the SCAN NET Alert; and
- any other notes.
The Operator is then asked “DO YOU WANT THIS PERSON TO ENTER THE VENUE?” At this stage, the Operator should speak with the customer and make their own judgement as to whether allowing the customer to enter is likely to cause the business to breach the Licensing Act 2003 (and/or any conditions attached to the venue’s license under the Licensing Act 2003). For emphasis, since a SCAN NET Alert is not a ban, SCAN NET Members must not maintain a default position of automatically refusing entry to any person found to match a SCAN NET Alert Subject. Instead, SCAN NET Members should use the information contained in the relevant SCAN NET Alert as basis for a conversation with the person; and from which decide whether to allow the person entry. With this in mind, it is perfectly normal for the Operator to allow the patron entry, having had the opportunity, using the above information, to make an informed decision and to discuss with the patron the behaviour that is expected of guests visiting the relevant premises.
6.1 Generating an Alert[/custom_headline][text_output]6.1.1 The content of a SCAN NET Alert will vary according to the circumstances of the alleged incident which occurred in the premises of the SCAN NET Alert Originator. Similarly, the decision about whether or not to create a SCAN NET Alert for a given alleged incident and the specific details to be included therein, is at the discretion of an individual SCAN NET Member. However, it will be recalled that the purpose of a SCAN NET Alert is to provide sufficient information regarding an alleged incident to other SCAN NET Members to enable informed decision-making regarding the admittance of a SCAN NET Alert Subject to a premises; thereby supporting compliance with statutory obligations under the Licensing Act 2003. To fulfil this purpose, a SCAN NET Alert must contain:
- the reason for the SCAN NET Alert (e.g. threatening behaviour);
- the creation date of the SCAN NET Alert;
- the originating venue;
- any additional comments (e.g. evidence base witnesses/CCTV, action taken by the venue etc.);
- the expiry date for the SCAN NET Alert (see section 6.7.3 – 6.7.4 below); and
- the date on which the SCAN NET Alert is to be reviewed (see section 6.7.5 below).
6.1.2 The SCAN NET Alert Originator may use their discretion to choose the expiry date for the SCAN NET Alert. In many cases, the expiry date may be only a short time (e.g. a fortnight) after the creation date of the SCAN NET Alert. However, in any event, the expiry date must be no more than 1 year after the creation date of the SCAN NET Alert.
6.1.3 When a SCAN NET Alert is created, the Super Administrator (see Figure 2 below) in the SCAN NET Alert Originator is immediately emailed a notification of the same, thereby establishing a complete audit trail of the SCAN NET Alerts created by staff members within the relevant SCAN NET Member
6.2.1 Personal information (acquired from a presented ID) is volunteered to the SCAN NET Network by members of the public. Information is gathered in accordance with the Information Commissioner’s Data Protection Good Practice Notice for the Use of ID Scanning Devices in Pubs and Clubs.
6.2.2 Thus, SCAN NET Members must follow the following guidelines:
- SCAN NET Members must have Data Protection Notices (as provided in Appendix 1 to the Agreement) on display at the point of entry to participating venues.
- SCAN NET Members must either have the Data Protection Notices on their website or provide a link on their website to the Data Protection Notices on the SCAN NET website (http://nightclub.co.uk/downloads/DataNoticeCard.pdf)
- In accordance with the Information Commissioner’s advice, SCAN NET Members must supply door staff with Data Protection Notice Cards which are to be distributed to patrons on entry to participating venues. Data Protection Notice Cards are identical to the above-mentioned Data Protection Notices but are smaller in size, to enable the said Data Protection Notice Cards to be conveniently carried on the person.
- All door staff and management must read the Data Protection Notices and the Information Commissioner’s Good Practice Note.
6.3 Information to be Shared
6.3.1 There is no searchable database of the names of SCAN NET Alert Subjects.
6.3.2 Details of a SCAN NET Alert Subject are only shared with a SCAN NET Member when a statistical match is achieved between the details of a customer newly arrived at the premises of the SCAN NET Member and those of the relevant SCAN NET Alert Subject.
6.3.3 More specifically, only segments of an individual’s personal data (e.g. 3rd and 4th letter of first name, 2nd, 6th and 8th letters of address, last two digits of year of birth and photograph) are shared with SCAN NET Members. It is not possible to identify an individual from the shared segments of data. The comparison between the shared data segments and the details of the new customer is inherently statistical in nature. When a match is detected between the received data segments and corresponding data elements in the new customer’s ID, the SCAN NET System reveals only the photograph of the SCAN NET Alert Subject and asks the operator of the relevant SCAN NET System whether the photograph of the SCAN NET Alert Subject is of the same person as the new customer. Only if the two are judged to be the same by the operator (and the operator indicates this to the SCAN NET system) will the SCAN NET Member be asked if they wish to proceed and gain further information about the SCAN NET Alert Subject.
6.3.4 SCAN NET Members must not automatically deny a person entry to SCAN NET Members’ premises on the basis of a received SCAN NET Alert. SCAN NET Alert Recipients must avail of the information contained in a SCAN NET Alert to make aninformed decision about admitting a person who matches the SCAN NET Alert Subject. SCAN NET Members should normally caution any such person on entry and warn them of the expected standards of behaviour for visitors to their premises.
6.4 How Will Personal Data Be Transferred ?
6.4.1 Personal data is transferred on a peer-to-peer basis through an encrypted and secure process. SCAN NET (and/or Safer Clubbing at Night Network Ltd) does not host the personal data. The SCAN NET Members share and receive the personal data. SCAN NET Members have full control of what personal data they receive or share and with whom they share it.
6.4.2 Information created or received through the SCAN NET System and/or the SCAN NET Network should not be transferred outside the EEA.
6.5 Administrative Guidelines
6.5.1 SCAN NET Members must ensure that each member of staff using the SCAN NET System has their own unique login profile. This ensures that each venue is able to maintain an audit log of users, indicating who logged onto the SCAN NET System and when.
6.5.2 Referring to Figure 2 below, SCAN NET Members must ensure that use of the SCAN NET System is hierarchically restricted. More specifically, SCAN NET Members ensure specified types of users access correct levels of information. In particular, Door Staff must be provided with limited access to the SCAN NET System, so that they are permitted only to receive, process and create alerts.
6.5.3 SCAN NET Members will designate at least one individual at management level as a “Super Administrator” who shall be permitted access to all levels of the SCAN NET System. A Super Administrator will typically be General Manager or Director of the SCAN NET Member. The Super Administrator will be the only member of staff in the SCAN NET Member capable of deleting an alert, amending the alert distribution and amending the watch list etc. Referring to Figure 2 above, depending on the organisational structure of a given SCAN NET Member, a “Supervisor” and a “Administrator” access level may be accorded to a junior manager and senior manager respectively.
Figure 2 – User Access Levels in SCAN NET NETWORK
6.5.4 SCAN NET Members will ensure that all their employees, and most especially the designated Super Administrator, receive appropriate information security training.
6.6 Ensuring Data Quality
6.6.1 Everyone sharing data under this ISA is responsible for the quality of the data they are sharing.
6.6.2 Before sharing a SCAN NET Alert, a SCAN NET Alert Originator will check that the information contained in the SCAN NET Alert is accurate and up to date. Particular care must be taken if the SCAN NET Alert contains sensitive data which could harm the SCAN NET Alert Subject were it inaccurate.
6.6.3 If a complaint is received about the accuracy of personal data which forms the basis of a shared SCAN NET Alert
- the relevant SCAN NET Alert(s) will be removed by the SCAN NET Alert Originator;
- the SCAN NET Alert Originator will investigate the complaint in accordance with their internal policies, but in each case reasonable steps will be taken to ensure the accuracy of the allegation at the heart of the SCAN NET Alert;
- the SCAN NET Alert Originator will update the relevant SCAN NET Alert (up to and including deleting the relevant SCAN NET Alert), in the event the SCAN NET Alert is not deleted, SCAN NET Alert Originator will annotate the SCAN NET Alert to record that the SCAN NET Alert Subject considers the allegation to be inaccurate;
- the SCAN NET Alert Originator will communicate the updated SCAN NET Alert to the rest of the SCAN NET Members; and
- the SCAN NET Members will replace the previous version of the SCAN NET Alert with the revised version thereof.
6.7. Information Use, Review, Retention and Deletion
6.7.1 SCAN NET Members undertake that personal data shared under the ISA will only be used for the specific purpose for which it was shared. The purpose of sharing a SCAN NET Alert is to provide information about an alleged incident sufficient to enable informed decision-making by the SCAN NET Alert Recipients regarding the admittance of a person to further venues; thereby helping SCAN NET Members to comply with their statutory obligations under the Licensing Act 2003. Personal data must not be shared between SCAN NET Members for any other purpose.
6.7.2 In each case, a SCAN NET Alert Originator remains the primary information owner and record keeper of the SCAN NET Alert. A SCAN NET Alert Recipient may edit a received SCAN NET Alert. However, the SCAN NET Alert Recipient must clearly annotate the SCAN NET Alert to record that the receiving SCAN NET Member made the amendment thereto. It should be understood that the amending SCAN NET Member will also technically be a “Data Controller” in respect to the amended SCAN NET Alert.
6.7.3 A SCAN NET Alert should only be kept active for as long as deemed necessary. SCAN NET Members should establish their own internal guidelines for establishing the lifetime of a given SCAN NET Alert. In many cases, a short period (e.g. a fortnight) is sufficient to deter the SCAN NET Alert Subject from attempting to move onto other SCAN NET Members and potentially engage in undesirable behaviour therein. Similarly, a SCAN NET Alert Originator must check on a three-monthly basis whether the SCAN NET Alert is still necessary. The SCAN NET Alert Originator must record the check against the relevant SCAN NET Alert.
6.7.4 In any event, a SCAN NET Alert shall not remain active for more than 12 months. The SCAN NET System is adapted to automatically delete a SCAN NET Alert of more than 12 months old (or that have not been updated for more than 12 months).
6.7.5 A SCAN NET Alert Originator must check that SCAN NET Alerts created thereby are accurate and up to date on a three monthly basis. In the event the lifetime of a given SCAN NET Alert is less than three months, the check on the accuracy of the SCAN NET Alert will not be required.
6.7.6 In the event an organisation leaves the SCAN NET Network (and the present ISA), all SCAN NET Alerts shared therewith are to be immediately deleted by the departing organisation.
6.8 Subject Access Requests
6.8.1 A subject access request (SAR) is a request made by or on behalf of an individual for information about them held by an organisation. A SAR needs to be made in writing. However, individuals may make a SAR using any Facebook page or Twitter account your organisation has, other social-media sites to which it subscribes, or possibly via third-party websites.
6.8.2 A SAR may extend beyond a request for the provision of a copy of the information an organisation holds about them. In particular, an individual is entitled to be:
- told whether any personal data is being processed;
- given a description of the personal data, the reasons it is being processed, and whether it will be given to any other organisations or people;
- given a copy of the personal data; and
- given details of the source of the data (where this is available).
6.8.3 Accordingly, a SCAN NET Alert Originator may be required to provide details of a SCAN NET Alert created thereby (and any subsequent amendments made to the SCAN NET Alert). A SCAN NET Alert Recipient may also be required to provide details of a SCAN NET Alert received from another SCAN NET Member (wherein the statistical matching and photo matching as described above has been achieved). Similarly, a SCAN NET Alert Recipient may be required to provide any further personal information they have appended to a received SCAN NET Alert (e.g. photograph of a patron entering a venue). Finally, since a SCAN NET Member is also a SCAN NET User, a SCAN NET Member may also be required to provide a copy of any personal information in their possession, outwit the personal information shared with (or received from) other SCAN NET Members.
6.8.4 For further information about your responsibilities in connection with Subject Access Requests, refer to the Information Commissioner’s Subject Access Code of Practice (http://ico.org.uk/for_organisations/data_protection/subject_access_requests/~/media/documents/library/Data_Protection/Detailed_specialist_guides/subject-access-code-of-practice.PDF)
7. ROLES AND RESPONSIBILITIES UNDER THIS AGREEMENT
7.1 Information shared between SCAN NET Members must not be disclosed to any third party without the written consent of the SCAN NET Member that provided the information. For the purposes of this Agreement, approval for such sharing lies with the Single Point of Contact (SPOC) of the SCAN NET Alert Originator.
7.2 However, where a SCAN NET Member in receipt of shared data under this Agreement discloses the data (either on its own or in combination with other data) to the Police or a Local Authority to assist with the prevention of a crime, the consent of the SCAN NET Alert Originator is not required.
8. ISA REVIEW
8.1 This ISA will be reviewed in 2020.
8.2 Should a significant change take place which causes the ISA to be an unreliable reference point, the ISA will be updated as needed and a new version circulated to SCAN NET Members. Any such updated version of the ISA will replace all previous versions thereof.[/text_output]
SCAN NET Members as receivers of information covered under this ISA will accept total liability for a breach of this ISA should legal proceedings be served in relation to the breach.
10.1 By signing this ISA, all SCAN NET Members accept responsibility for its execution and agree to ensure that staff are trained so that processes for sharing SCAN NET Alerts and responding to Subject Access Requests are sufficient to meet the purpose of this ISA.
10.2 Signatories must also ensure that they comply with all relevant legislation and with the provisions set out in the Cambridgeshire Information Sharing Framework.