UNIVERSITY of GLASGOW

DP and FOI office
home > services > DP and FOI office > A-Z topics > Police Requests for Personal Data

Police Requests for Personal Data

The Police, and other authorised agencies, may request personal data about specific individual(s) from the University for the purposes of the prevention or detection of crime, the apprehension or prosecution of offenders, and in emergency situations. Section 29(3) and Schedule III(3) of the DPA provides authorised agencies with the mechanism to request, and the University the authority to either release or decline to release, personal data without the explicit consent of the individual(s).

Schedule III(3) of the DPA allows the release of personal data about an individual in an emergency [e.g. for medical, accident, next-of-kin, situations, etc] in order to protect the vital interests of that individual or another individual. See separate entry Emergency Requests for Personal Data elsewhere in this A to Z Guide.

Section 29(3) of the DPA allows the University to hand over personal data on specific individual(s) to the Police, or other authorised agencies, if the University is convinced that failure to disclose the information would prejudice the Police investigation. A standard Police form, approved by the Association of Chief Police Officers, is used for making requests under Section 29(3) of the DPA. The completed form will briefly outline:

  • the nature of the investigation and the reason that information is required,  
  • the individual(s) about whom the Police require data,
  • the individual(s) role in that investigation,
  • the information required about the individual(s),
  • the name and number of both the requesting and authorising Police Officers.

The completed form must be signed by both the requesting Officer and the authorising Officer. The authorising Officer must be senior to the requesting Officer and of a rank no lower than Inspector. There may be rare cases where the nature of the investigation may not be specified on the form as it would itself prejudice an investigation - In such a case the authorising Officer must be of the rank of Superintendent or above.

In all cases, including those refused, the request must be logged for audit purposes including:

  • details of the request,
  • an assessment of the veracity of the request,
  • the requestor(s) name and role [eg: Police Officer, Immigration Officer, Tax Authority],
  • the requestor(s) warrant card number or similar official identification details - when appropriate
  • the University person(s) handling the request,
  • the action(s) taken,
  • the date/time for each action,
  • the information released.

A request by phone is not generally acceptable but the University may accept a faxed section 29(3) form.

If in doubt about a request, particularly where:

  • the request is for extensive data on multiple individuals, or
  • the request form contains inadequate information to identify the individual(s), or
  • there are concerns about the veracity or appropriateness of the request,

you must seek advice from the Head of Registry, the Director of Human Resources, the Head of Central Services, or the University's Data Protection Officer.