CPS Response to HMCPSI Inspection of CPS Information Management

HMCPSI has today (12 November 2020) published a report into the work of the CPS in relation to information management.

The CPS welcomes this report and is pleased that Inspectors recognise the work that is being undertaken to improve information management and the considerable amount of policy and guidance that has been developed in this area.

Inspectors have also recognised that challenges remain in the digital receipt of case material in line with expected data protection standards from police and the pressurised timescales for service. We accept this is an issue that will require continued focus and we continue to work with our partner agencies to improve performance.

We are keen to further improve our information management systems and are developing national guidance on information management that will set out consistent principles around what material requires redaction for both legal and operational delivery staff.

We recognise the importance of effective handling of information and are committed to taking action to address all the issues raised in this report.

Inspectorate’s recommendations:

1. Crown Prosecution Service should develop consistent principles and guidance for operational delivery and legal staff around information management when handling casework material and ensure this is implemented in all Areas. Guidance should be developed that includes both clarity about what constitutes a security breach in case material and principles to support what material should be redacted.

CPS Response:

CPS Headquarters will develop national guidance on information management with principles for legal and operational delivery staff on what material should be redacted. In addition, an IT solution is being developed to aid redaction that will be aligned to the principles.

2. The facilities, estates and security manager role should be reviewed. The review should clarify the skills and experience required by the role holder and set out with clarity the responsibilities around information management, particularly around logging and quality assurance in case material handling.

CPS Response:

CPS Headquarters is currently undertaking a review of the FESM role with a view to creating two distinct and skilled roles of Estate Manager and Security Information Officer, each with designated roles and responsibilities.

3. A bespoke quality assurance check or process should be implemented to support the identification and logging of redactions and security breaches.

CPS Response:

CPS Headquarters will work with Areas to implement a management check as part of the Standard Operating Practice (SOP) to identify instances of data breaches. We will review the assurance regime to identify instances of redactions and breaches, engaging with senior managers to identify good practice and lessons learnt.

4. A consistent process for the logging of redactions and security breaches should be defined and implemented in all Areas to ensure consistency and accuracy of data.

CPS Response:

We will reissue the national redaction log and will develop guidance with Area leads to ensure this is implemented consistently.

5. The Crown Prosecution Service should develop bespoke training modules for operational delivery and legal staff in Areas defining roles and responsibilities in handling casework material and processes around logging of redactions and breaches. This training should be mandatory for all Area staff and a record retained of completion with a return required to Crown Prosecution Service Headquarters. In addition, this should also be mandatory as part of induction for staff in all roles.

CPS Response:

Specialist case file information management training will be developed and delivered to all legal and operational delivery staff. Information management training will be role specific and form part of staff induction.

6. Performance data around volumes of redactions and security breaches locally and nationally should form part of the Crown Prosecution Services’ data pack to raise awareness with all staff and to ensure that Areas are accountable for their performance in this aspect of work. This information should form part of the performance data discussed at Area performance review (APR).

CPS Response:

CPS Headquarters will revise the Area breach report to focus on redaction performance data. This data will form part of the APR. Area Performance managers will disseminate redaction and breach data within Areas, to increase visibility and staff accountability.