Necessity of ensuring security of ICT systems and personal data included on these.

Adverse and prejudicial impact on the Council's business and its staff and residents if systems are hacked or phished.

In addition such damage to systems would lead to severe commercial prejudice of the Council's operations and additional costs for residents.

Accountability for public finances

It has been established by the Council that ICT systems can be vulnerable to hacking or phishing if sufficient information about the systems is known.

Such attacks on ICT generally have a serious adverse effect on clients and residents, and can lead to theft of personal data, with resultant prejudicial impacts on services and individuals.

They also have commercial implications, in costs to the Council (and residents) to rectify losses or damage to data.

The Information Commissioner has advised all authorities to take security of electronic data seriously and to put in place appropriate safeguards to protect clients and operations.

In response to this, security polices and procedures have been set up to establish what data should be protected or restricted and to withhold this from the public domain.

It is judged that the requested data falls within this definition and consequently a decision has been taken that it will not be released.

While the Council is accountable for its public finances, it is judged that the information requested has no public interest value (it will not increase information on accountability or processes).

The information requested is therefore refused.