Transparency data

Data Usage Agreement: Scottish Courts Tribunal Services

Published 19 October 2023

© Crown copyright 2023

This publication is licensed under the terms of the Open Government Licence v3.0 except where otherwise stated. To view this licence, visit nationalarchives.gov.uk/doc/open-government-licence/version/3 or write to the Information Policy Team, The National Archives, Kew, London TW9 4DU, or email: psi@nationalarchives.gov.uk.

Where we have identified any third party copyright information you will need to obtain permission from the copyright holders concerned.

This publication is available at https://www.gov.uk/government/publications/scottish-courts-and-tribunal-services-debt-collection-pilot/data-usage-agreement-scottish-courts-tribunal-services

This Data Usage Agreement between HMRC and Scottish Courts and Tribunal Services for debt collection was approved and put in place in 2023.

1. Conditions of disclosure of information by HMRC to Scottish Courts and Tribunal Services for the purposes of debt collection

HMRC disclose this information to the Scottish Courts and Tribunal Service (SCTS) by virtue of the legal basis of section 48 of the Digital Economy Act 2017. Disclosure is for the purpose of taking action in connection with debt owed to the public sector.

1.2 Reason for variation request to pilot

The initial 12-month pilot agreed by the Digital Economy Act (DEA) Board in February 2022 was restricted to data sharing for months one to six (December 2022 to May 2023) with analysis agreed for months 7 to 12 (June 2023 to December 2023) to allow for HMRC and SCTS to assess the efficiency of the pilot data share.

Both HMRC and SCTS agree that the data sharing has continued to receive a high match rate (over 75%) over months one to six and supports SCTS in performing their statutory duties for the purposes of debt collection.

HMRC and SCTS would therefore like to extend the data sharing to a full 12 months (December 2022 to December 2023), with analysis and evaluation ongoing. There are no barriers to extending beyond the 6 months data sharing as the pilot will expire as agreed in December 2023. The extension will also not impact the timescale for SCTS providing the DEA board with evaluation reports.

To further improve the data matching results, HMRC will also provide a ‘deceased flag indicator’ from month 7 (June 2023) onwards, in order for SCTS to identify those individuals who are deceased but would have previously been returned as a ‘non match’. This additional information will allow SCTS to:

  • help ensure that correspondence is not issued to deceased persons
  • be used by the SCTS Fines Enforcement Officers (FEOs) to prepare a report to the judiciary who have the power to discharge (write-off) the outstanding penalty bringing a conclusion to the matter

This Data Usage Agreement (DUA) and accompanying Data Protection Impact Assessments (DPIAs) have been reviewed and amended to reflect the changes to the length of data sharing for this pilot and addition to the dataset for HMRC to include a deceased indictor flag.

1.3 Purpose

SCTS Fines Enforcement Officers (FEOs) perform a statutory law enforcement role in executing criminal financial penalties by providing information and advice to fine payers or by applying administrative sanctions to secure compliance.

The absence of up-to-date information prevents FEOs in carrying out their statutory function meaning that they are:

  • unable to proactively contact fine payers to provide support and advice
  • unable to deploy administrative sanctions to secure compliance where default or non-engagement continues
  • have no option but to take enforcement action that could have been avoided if engagement had been secured

FEOs issue correspondence and proactively contact fine payers by telephone to offer information and advice to deal with default. Whilst some fine payers respond to that offer, a large proportion do not and continue to ignore warnings. The absence of data sharing arrangements results in FEOs often having to rely on limited and/or out of date information, which prevents them from making contact to offer support and leads to inefficient processes and enforcement action being taken that could potentially be avoided.

SCTS have identified that sharing fine payers’ personal data with HMRC to obtain up to date contact information, as well as Pay as You Earn (PAYE) and Self Assessment information, should enable FEOs to proactively engage with fine defaulters to offer them information and advice, allowing them to maintain responsibility for complying with any agreed payment plans.

Apply sanctions to deal with wilful default allowing criminal penalties to be collected on a timelier and more efficient basis.

This processing is for law enforcement purposes, the processing is necessary for the performance of a task carried out for the purpose by a competent authority.

1.4 Benefits of the exchange

HMRC considers that the disclosure of information to SCTS is necessary and proportionate to assist with their collection and enforcement of unpaid fines. The potential SCTS benefits for this exchange are as follows:

  • increased fine collections rates
  • reduction in debt
  • reduced Experian tracing costs
  • consistency of approach to fines enforcement across all home nations
  • reduced number of fines enquiry hearings and arrest warrants, meeting a key policy objective of minimising police and court involvement in the fines process
  • improved efficiency in relation to sanctions deployed
  • improved support for those having genuine difficulty in paying their fines
  • help ensure that correspondence is not issued to deceased persons
  • be used by the Fines Enforcement Officers to prepare a report to the judiciary who have the power to discharge (write-off) the outstanding penalty bringing a conclusion to the matter

There are no direct benefits to HMRC for this data share other than to assist SCTS with this pilot.

1.5 Procedure

Data matching is carried out in accordance with the agreed Risk and Intelligence Service (RIS) team quality assurance standards framework and only the most up to date information available to HMRC will be shared with SCTS.

This is a one-off pilot, consisting of 12 separate monthly data shares containing approximately 600 customers per month.

The pilot commenced in December 2022 and will cease in December 2023 to allow SCTS to analyse the data and produce a final report.

This content has been withheld because of exemptions in the Freedom of Information Act 2000.

Where there is a confirmed match, HMRC will return data for these individuals as outlined below. If there are no positive matches, HMRC will confirm this in their response.

This content has been withheld because of exemptions in the Freedom of Information Act 2000.

1.6 Data items

The data items sent from SCTS to HMRC are as follows:

  • SCTS unique identifier
  • forename
  • surname
  • date of birth format (DD/MM/YYYY)
  • address
  • postcode
  • National Insurance number

This content has been withheld because of exemptions in the Freedom of Information Act 2000.

If the address provided by SCTS does not match the address held by HMRC, then previous addresses will be used as a match.

The following data items will be returned to SCTS from HMRC:

  • SCTS unique identifier
  • forename
  • surname
  • date of birth
  • address
  • postcode
  • National Insurance name
  • HMRC name
  • HMRC date of birth (Format DD/MM/YYYY)
  • latest HMRC address
  • latest HMRC postcode
  • telephone number
  • mobile number
  • email address
  • HMRC National Insurance number
  • deceased flag (to be shared from June 2023)

The matched data will be run through the RTI system and the following data items will be provided:

  • employer yes or no indicator
  • employer name
  • employer address

  • PAYE latest payment data

  • PAYE latest payment amount
  • PAYE pay year to date
  • PAYE tax year to date

The matched data will also be matched against internal systems for self-employment and the following data items will be provided:

  • self-employment yes or no indicator
  • self-employment net profit
  • self-employment tax year
  • self-employment address

The only data to be returned from HMRC to SCTS will be where a match has been successful.

1.7 Data Protection Impact Assessment (DPIA)

This content has been withheld because of exemptions in the Freedom of Information Act 2000.

HMRC DPIA Reference Number: 9825

Date of DPIA: 12 October 2022

Last reviewed: 9 May 2023

SCTS DPIA reference number: 2022-009

Date of DPIA: 26 July 2022

Last reviewed: 26 April 2023

This content has been withheld because of exemptions in the Freedom of Information Act 2000.

1.8 Data retention and storage

HMRC

This content has been withheld because of exemptions in the Freedom of Information Act 2000.

Scottish Courts and Tribunal Services

This content has been withheld because of exemptions in the Freedom of Information Act 2000.

1.9 Data security

HMRC and SCTS agree to:

  • move, process and destroy data securely i.e. in line with the principles set out in HM Government Security Policy Framework, issued by the Cabinet Office, when handling, transferring, storing, accessing or destroying information
  • only use it for the purposes that it has been disclosed for and ensure that only those with a genuine business need to see the information will have access to it
  • only keep it for the time it is needed, and then destroy it securely
  • not onwardly disclose that information without the prior authorisation of HMRC
  • comply with the requirements in the Security Policy Framework, and be prepared for and respond to security incidents and to report any data losses, wrongful disclosures or breaches of security relating to information

This content has been withheld because of exemptions in the Freedom of Information Act 2000.

  • mark information assets with the appropriate security classification and apply the appropriate baseline set of personnel, physical and information security controls that offer an appropriate level of protection against a typical threat profile as set out in Government Security Classifications (GSC) and in particular as set out in the Annex – Security Controls Framework to the GSC

1.10 Data controller

HMRC is acting as the data controller when HMRC are processing that data. When it has been received by SCTS, then SCTS will be acting as the data controller.

1.11 Freedom of Information (FOI) requests

If an FOI request relating to this information is made to SCTS, SCTS’s FOI team will engage with HMRC’s FOI team regarding the potential impact of disclosure.

Any Freedom of Information request received by SCTS is subject to the Freedom of Information (Scotland) Act, 2002 (FOISA).

1.12 Rights of individuals

SCTS will not need to engage with HMRC if an individual rights request is received.

The rights of individuals and how those may be exercised are set out in the updated SCTS privacy notice, a link to which, will be provided in the pilot warning letters.

1.13 Costs

HMRC will recharge SCTS for the time taken to provide the data and the governance documents for SCTS to have the relevant data to assist in this project.

SCTS have confirmed that they have funds available for reasonable costs incurred by HMRC for this data share.

1.14 Disputes

This content has been withheld because of exemptions in the Freedom of Information Act 2000.

1.15 Signatures

This content has been withheld because of exemptions in the Freedom of Information Act 2000.

Back to top