DWP Central Freedom of Information Team

e-mail: [DWP request email]

Our Ref: 708

30 April 09

Dear Mr Metcalfe

Freedom of Information Request - 708[Author ID1: at Tue Apr 21 09:41:00 2009 ]

[Author ID1: at Tue Apr 21 09:41:00 2009 ]

Y[Author ID1: at Tue Apr 21 09:41:00 2009 ]y[Author ID1: at Tue Apr 21 09:41:00 2009 ]ou have asked us to review our decision to deny you access to they[Author ID1: at Tue Apr 21 09:41:00 2009 ] documentation that describes the fields that are provided by the Jobcentre Plus (JCP) [Author ID1: at Tue Apr 21 09:46:00 2009 ]website interface API by which JCP job listings are displayed on Directgov, as well as on the websites of partners selected by Department for Work and Pensions ([Author ID1: at Tue Apr 21 09:46:00 2009 ]DWP)[Author ID1: at Tue Apr 21 09:46:00 2009 ].

As promised in the previous reply to you, the review has been conducted by another officer, of a more senior grade to the officer that reviewed your initial request, and this person took no part in the original decision. I'm afraid that after review that I must concur with the initial decision.

As was stated in the Department's previous reply, unfortunately, [Author ID3: at Tue Apr 21 11:12:00 2009 ]Th[Author ID3: at Tue Apr 21 11:12:00 2009 ]is[Author ID3: at Tue Apr 21 11:09:00 2009 ] [Author ID3: at Tue Apr 21 11:12:00 2009 ]information relating to documentation describing [Author ID3: at Tue Apr 21 11:09:00 2009 ]API[Author ID3: at Tue Apr 21 11:11:00 2009 ] fields [Author ID3: at Tue Apr 21 11:09:00 2009 ]is being withheld under the exemption in Section 31 (1) (a) of the Freedom of Information Act. This is being applied because the information, if disclosed, could assist those intent on undermining information security. Disclosure would also prejudice the Department's efforts to protect information in general and personal data in particular, as it could allow the Department's data handling procedures to be exploited for criminal purposes. Section 31 exempts from disclosure information which would or would be likely to prejudice the prevention or detection of crime. I believe that releasing a copy of the documentation that you have requested could facilitate the commission of an offence by rendering the Department's systems vulnerable to attack.

The exemption in Section 31 is a qualified exemption and therefore I have considered the public interest. There is a public interest in understanding that there are robust arrangements in place for the management of information risks, and that the public can have confidence in those arrangements. There is a public interest in maintaining confidence that this Department has policies and procedures in place to deal with threats which may compromise the security of the Department's information.

At the same time, there is a public interest in ensuring that the prevailing particular threats to information are identified, and measures put in place to mitigate those threats, and that they are dealt with appropriately. In most situations, the best interests of those potentially affected will be served by not making these threats - or the strategies and measures which the Department has deployed to address those threats - public. There is also a clear public interest in ensuring that potential vulnerabilities in systems or processes can be addressed without exposing them publicly, and thereby providing an avenue by which those intent on doing harm, or committing illegal acts, might exploit those vulnerabilities.

I have concluded that ensuring that threats to the Department's information can be identified and mitigated without undue media pressure on those potentially affected or involved in developing counter-measures, is in general, of greater public interest. This Department takes very seriously its responsibility as a registered data controller to protect personal data. These obligations are set out in the Seventh Principle of the Data Protection Act. Publication of its detailed measures to address information vulnerabilities is not in the public interest, and will not support the Department's clearly stated responsibilities and the specific obligations as set out in the Act.

Users of the Internet Job Bank [Author ID3: at Tue Apr 21 11:03:00 2009 ](IJB) [Author ID1: at Tue Apr 21 09:49:00 2009 ][Author ID3: at Tue Apr 21 11:03:00 2009 ]API:[Author ID0: at ]

[Author ID3: at Tue Apr 21 11:03:00 2009 ]

In respect of the [Author ID3: at Tue Apr 21 11:03:00 2009 ]IJB API[Author ID3: at Tue Apr 21 11:03:00 2009 ] [Author ID3: at Tue Apr 21 11:03:00 2009 ](and apart Steria Jobs & Skills) [Author ID3: at Tue Apr 21 11:03:00 2009 ]the normal access to the IJB API is:[Author ID0: at ]

If you are still not content with the outcome of this internal review, you have the right to apply directly to the Information Commissioner to look into the way your request has been handled. The Commissioner can be contacted at:

FoI Complaints Resolution

Information Commissioner's Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF
Fax: 01625 545 510

email:[email address]

If you have any queries about this letter, please contact me. Please remember to quote the reference number above in any future communications.

Yours sincerely

DWP Central FoI Team

If yo[Author ID3: at Tue Apr 21 11:03:00 2009 ]u are not satisfied [Ann are you able to top and tail this final bit][Author ID3: at Tue Apr 21 11:03:00 2009 ]