Find out more about our strategic vision, our performance, how we're governed and what information we share.
Our Strategic Vision
Our Strategic Plan 2021/25 was approved by the Parliament Corporation and was laid before the Scottish Parliament on 24 November 2021. A revised Strategic Plan was laid before the Scottish Parliament on 28 February 2023. Below is a link to the revised plan.
Our purpose and vision
To support and promote the adoption of lawful, effective and ethical practices in relation to the acquisition, retention, use and destruction of biometric data for criminal justice and police purposes in Scotland. Our strategic priorities are directly aligned to the statutory functions of the Commissioner as established in Section 2(3) of the Scottish Biometrics Commissioner Act 2020.
This document sets out the Scottish Biometrics Commissioner's risk management plan in line with the Strategic Plan and annual Business Plan for the period. It sets out our appetite for risk and how we assess the risks to achieving our Business Plan. It should be read in conjunction with our Risk Management Policy, within the Scheme of Governance and Risk Management Handbook.
The Scottish Biometrics Commissioner recognises that to deliver its strategic aims, objectives and priorities successfully, it needs sound corporate governance and control mechanisms in place.
This handbook sets out the roles, responsibilities and procedures for the effective and efficient conduct of the Scottish Biometrics Commissioner's business.
As a Scottish Public Authority, the Scottish Biometrics Commissioner is committed to governance excellence and to being accountable and transparent for its decisions and activities.
The handbook contains details on the following:
- Governance and Internal Control
- Scheme of Delegation
- Code of Professional Conduct
- Whistleblowing Policy
- Anti-Fraud Policy
- Risk Management Policy
This Handbook for staff describes a range of our policies around records management and data protection. The following policies are included:
- Records Management policy
- Business Classification Scheme
- File Management Guidance
- Retention and Disposal policy
- Information Sharing policy
- Records Management and Security Guidance
- Clear Desk and Screen policy
- Protective Marking System
- Complying with Information Legislation
- Data Protection policy and procedure
- Data Protection Impact Assessments
- Protocol for Data Security Incidents
Good records management is essential for the Scottish Biometrics Commissioner to function effectively. Records management is the systematic control of our records throughout their life cycle, in order to meet operational business needs, statutory and fiscal requirements and community expectations. Effective management of corporate information allows fast, accurate and reliable access to records, ensuring the timely destruction of redundant information and the identification and protection of vital and historically important records.
The Public Records (Scotland) Act 2011 places an obligation on named public authorities to prepare and implement a records management plan which sets out proper arrangements for the management of their records.
Systematic management of records allows organisations to:
- know what records they have and locate them easily
- increase efficiency and effectiveness
- make savings in administration costs, both is staff time and storage
- support decision making
- be accountable
- achieve business objectives and targets
- provide continuity in the event of a disaster
- meet legislative and regulatory requirements, particularly as laid down by the Freedom of Information (Scotland) Act and the Data Protection Act
- protect the interests of employees, clients and stakeholders
(The above information has been sourced from National Records of Scotland)
This guidance presents the Scottish Biometrics Commissioner's approach to the effective management of its records through retention and disposal. This guidance is based on the Scottish Government's approach.
This Handbook for staff contains all our finance-related policies. The following policies are included:
- Travel and expenses policy
- Gifts and hospitality
- Budgetary control and financial planning policy
- Budgetary control and financial planning procedure
- Finance processing procedures
- Procurement policy
- Procurement procedure
- Finance policy on fixed assets
This Business Plan for 2023/24 sets out the priorities of the Scottish Biometrics Commissioner (SBC) for the coming year to ensure the delivery of the outcomes set out in our Strategic Plan 2021/25. Our Business Plan is intentionally ambitious and builds on the achievements of earlier fiscal years where we have successfully delivered and consolidated the SBC function, achieving all objectives whilst operating within our allocated budget. In this our third financial cycle, we will do so again.
The Scottish Biometrics Commissioner on 25 October 2022 laid his first Annual Report and Accounts before the Scottish Parliament.
The report provides information on the Commissioner's functions in providing independent oversight of how biometric data and technologies are used for policing and criminal justice purposes in Scotland and information on our performance and finances. A separate report from the external auditor of our financial statements will be published on the Audit Scotland website.
The Commissioner - Dr Brian Plastow said "My overall strategic conclusions from our activity in 2021 to 2022 is that the Parliament should have confidence in the ways in which biometric data and technologies are currently used for policing and criminal justice purposes in Scotland."
After the end of each financial year (1 April - 31 March), the Scottish Biometrics Commissioner must publish statements for that year on:
- expenditure on public relations, overseas travel, hospitality and entertainment and external consultancy
- details of any individual payments made that are over £25,000
View statements of expenditure:
These quarterly governance meetings consider and sign-off corporate governance and strategic issues, and provide the Commissioner with assurance that the Scheme of Control protocols are being implemented effectively.
Governance decisions may be taken between formal meetings but are recorded and ratified at the next quarterly governance meeting.
The agenda, venue and time of the meeting are published no later than 5 working days before the meeting with any supporting papers.
The purpose of the monthly management team meeting is for the Commissioner and staff to share information and discuss tactical issues relating to the discharge of statutory obligations, corporate and operational performance, and progress with activity in support of the strategic plan.
The agenda, venue and time of the meeting is published no later than 5 working days before the meeting with any supporting papers.
The Scottish Biometrics Commissioner is committed to providing high-quality customer services. If something goes wrong or you are dissatisfied with our services, please tell us. This document describes our complaints procedure and how to make a complaints. It also tells you about how we will handle your complaint and what you can expect from us.
Information we share
The purpose of this guide is to:
- allow the public to see what information is and is not available in relation to each class
- state what charges may be applied
- explain how to find the information easily
- provide contact details for enquiries and to get help with accessing the information
- explain how to request information we hold that has not been published
This document sets out a roadmap listing the different records to be maintained by the Scottish Biometrics Commissioner.
The Freedom of Information (Scotland) Act 2002 provides a right of access to all types of recorded information held by public authorities, sets out exemptions to that right and places a number of related obligations on public authorities, particularly in relation to Records Management and Publication Schemes.
Individuals have the right to request access to information, be informed whether or not the public authority holds that information and, subject to various statutory exemptions, be supplied with that information.
Please see our Publication Scheme and Disclosure Log before submitting a request as the information you seek may already be available.
As part of our commitment to demonstrate openness and transparency in respect of the information we hold, an anonymised version of all FOI responses will added to this Disclosure Log once they have been sent to requesters.
Request for information about correspondence between the Commissioner and Hikvision.
Request for information about our Advisory Group meeting on 22 February.
Request for information about meetings the Commissioner has held with private companies and any hospitality received.
Request for information about the Hikvision meeting.
Request for information about trips outside Scotland, training / CPD undertaken by the team and details of gifts and donations to third parties.