Brentwood Borough Council

Brentwood Borough Council

Quick Links

Skip Navigation | Home page | Site map | Search | Help | Complaints procedure | Disclaimer | Feedback | Access key details
Brentwood Borough Council

FOI 12643

Data Protection

Request

I am writing under the Freedom of Information Act 2000 to request details of breaches of the Data Protection Act within in your organisation; specifically I am asking for:

1a.Approximately how many members of staff do you have?
1b.Approximately how many contractors have routine access to your information?
(see http://webdefence.global.blackspider.com/urlwrap/?q=AXicDcoxEsIgEAXQb-Vtlmi2cKxsU3iImKBhBJaBJYythbfQ1mvqq99mi-8T-LyA7B99N1LJK4XR-UmiZvE0SUDl8zBw6HZ7Zj7gKu50yTZqE5npJivVOxbVdDSmtUalZlucWopWzT9TWhKAdwV-6r8kbA&Z for clarification of contractors if needed)

2a.Do you have an information security incident/event reporting policy/guidance/management document(s) that includes categorisation/classification of such incidents?
2b.Can you provide me with the information or document(s) referred to in 2a? (This can be an email attachment of the document(s), a link to the document(s) on your publicly facing web site or a 'cut and paste' of the relevant section of these document(s))

3a.Do you know how many data protection incidents your organisation has had since April 2011? (Incidents reported to the Information Commissioners Office (ICO) as a Data Protection Act (DPA) breach)
Answer:Yes, No, Only since (date):
3b. How many breaches occurred for each Financial Year the figures are available for?
Answer FY11-12: FY12-13: FY13-14: FY14-15:

4a.Do you know how many other information security incidents your organisation has had since April 2011? (A breach resulting in the loss of organisational information other than an incident reported to the ICO, eg compromise of sensitive contracts or encryption by malware. )
Answer:Yes, No, Only since (date):
4b.How many incidents occurred for each Financial Year the figures are available for?
Answer FY11-12: FY12-13: FY13-14: FY14-15:

5a.Do you know how many information security events/anomaly your organisation has had since April 2011? (Events where information loss did not occur but resources were assigned to investigate or recover, eg nuisance malware or locating misfiled documents.)
Answer:Yes, No, Only since (date):
5b.How many events occurred for each Financial Year the figures are available for?
Answer FY11-12: FY12-13: FY13-14: FY14-15:

6a.Do you know how many information security near misses your organisation has had since April 2011? (Problems reported to the information security teams that indicate a possible technical, administrative or procedural issue.)
Answer:Yes, No, Only since (date):
6b.How many near-misses occurred for each Financial Year the figures are available for?
Answer FY11-12: FY12-13: FY13-14: FY14-15:

If the specific answers to 4, 5 and 6 are not readily available, I am content for these questions to be modified/replaced with similar questions that are derived from your organisations categorisation/classification system within the documents requested in question 2. I would need to first make an FoI request for question 2 in order to frame suitable questions 4, 5 and 6, then make a second request. If you are considering a manual review of all incidents to satisfy 4, 5 and 6, please re-read this section and interpret it as latitude to reuse information that you are currently recording (manual review may be the best for some organisations). Similarly calendar year can replace financial year. Please state in the reply if this option has been implemented.

Response

1a.Approximately how many members of staff do you have? 348
1b.Approximately how many contractors have routine access to your information?
None

There also have no recorded data protection breaches since Midland took over HR in 2014