Data breaches

Jonathan Bull made this Freedom of Information request to Angus Council This request has been closed to new correspondence. Contact us if you think it should be reopened.

The request was successful.

Dear Angus Council,

Dear Allerdale Borough Council,

Dear Aberdeenshire Council,

I am investigating and researching data breaches and cyber crime in the UK.

I am requesting the following information from you:-

How many times have you reported any data breaches in the past 6 years?

If you have.

Did you report these data breaches to the ICO?

For each separate breach case, please tell me the following:-

How many people were affected by the data breach?

Please send me a copy of the correspondence that you sent to the people affected by the data breach to notify them their data had been breached.

What information was breached?

Have you received any complaints about the data breach by victims? If so, how many?

Have you paid out any compensation to any of the victims that made complaints? If so, how many?

If you have paid out compensation, how much have you paid out in total?

Please send me a list of each complaint reference and how much compensation you paid out per complaint.

Who is your data protection officer?

What is their contact details?

On a separate matter, I would also like the following information:-

Who is your energy provider?

When is your contract renewal date?

How much do you spend annually on energy?

When you signed your most recent energy contract, did you go through a third party broker who brokered the deal for you?

Who is the person who makes the decision on which energy provider you go with?

What is their contact details?

I look toward to your prompt response!

Yours faithfully,

Jonathan Bull

Angus Council Information Governance, Angus Council

1 Attachment

Reference: FOI-345096868
Date of request: 28/06/2021
Title of request: Data Breaches

Dear Jonathan Bull,

Thank you for completing the FOI Request form. We have received your
request and will be in touch shortly.

If we are unable to provide you with a response within 20 working days, we
will advise you of this. Please refer to the attachment which gives a
summary of your request and explains your right to ask for a review if you
are unhappy with how the Council is dealing with your request.

Yours sincerely

Information Governance

 

This message is strictly confidential. If you have received this in error,
please inform the sender and remove it from your system. If received in
error you may not copy, print, forward or use it or any attachment in any
way. This message is not capable of creating a legal contract or a binding
representation and does not represent the views of Angus Council. Emails
may be monitored for security and network management reasons. Messages
containing inappropriate content may be intercepted. Angus Council does
not accept any liability for any harm that may be caused to the recipient
system or data on it by this message or any attachment.

Angus Council Information Governance, Angus Council

1 Attachment

Reference: FOI-345096868
Date of request: 28/06/2021
Title of request: Data Breaches
Information request: <div><div>Dear Angus
Council,</div><div></div><div>Dear Allerdale Borough
Council,</div><div></div><div>Dear Aberdeenshire
Council,</div><div></div><div>I am investigating and researching data
breaches and cyber crime in the UK.&nbsp;</div><div></div><div>I am
requesting the following information from
you:-&nbsp;</div><div></div><div>How many&nbsp; times have you reported
any data breaches in the past 6 years?&nbsp;</div><div></div><div>If you
have.</div><div></div><div>Did you report these data breaches to the
ICO?</div><div></div><div>For each separate breach case, please tell me
the following:-</div><div></div><div>How many people were affected by the
data breach?&nbsp;</div><div></div><div>Please send me a copy of the
correspondence that you sent to the people affected by the data breach to
notify them their data had been breached.&nbsp;</div><div></div><div>What
information was breached?&nbsp;</div><div></div><div>Have you received any
complaints about the data breach by victims? If so, how
many?</div><div></div><div>Have you paid out any compensation to any of
the victims that made complaints? If so, how many?</div><div></div><div>If
you have paid out compensation, how much have you paid out in
total?</div><div></div><div>Please send me a list of each complaint
reference and how much compensation you paid out per
complaint.&nbsp;&nbsp;</div><div></div><div>Who is your data protection
officer?&nbsp;</div><div></div><div>What is their contact
details?</div><div></div><div><div>I look toward to your prompt
response!&nbsp;</div><div></div><div>Yours
faithfully,</div><div></div><div>Jonathan
Bull</div></div></div><div></div>

Dear Jonathan Bull,

Request for Information

Thank you for your request for information dated 25 June 2021 (received by
the Council 28 June 2021) which has been passed to me for attention.

You have requested the following information:

I am investigating and researching data breaches and cyber crime in the
UK. 

I am requesting the following information from you:- 

 

Please note there are 2 departments within Angus Council who collate this
information. For ease I have kept these separate.

 

How many times have you reported any data breaches in the past 6 years? 

Department 1: 63 breaches in relation to Integrated Joint Board (IJB)
services carried out by Angus Council between April 2018 and May 2021 (no
records earlier than this held by adult services)

Department 2: 28

 

If you have. Did you report these data breaches to the ICO?
Department 1: One breach between April 2018 and May 2021 was reported to
the ICO.

Department 2: Yes

 

For each separate breach case, please tell me the following:-

How many people were affected by the data breach? 

Department 1: See Spreadsheet – Dept 1

Department 2: See Spreadsheet – Dept 2

 

Please note: Where small numbers are involved the figure has been
presented as <5. To provide actual figures would identify individuals,
s38(1)(b) of the Act refers – personal information relating to a third
party.

 

Please send me a copy of the correspondence that you sent to the people
affected by the data breach to notify them their data had been breached. 

Department 1: In most cases data subjects were contacted face to face or
by telephone so there is no correspondence.  Where correspondence exists
it is exempt under section 38(1)(b) of the Freedom of Information
(Scotland) Act 2002 as it is will largely consist of personal data as
defined by the UK GDPR.

Department 2: This is not held each one would be treated individually

 

 

What information was breached? 

Department 1: See Spreadsheet – Dept 1

Department 2: See Spreadsheet – Dept 2

 

Please note: To provide further details of each breach would identify
individuals, s38(1)(b) of the Act refers – personal information relating
to a third party.

 

Have you received any complaints about the data breach by victims? If so,
how many?

Department 1: No

Department 2: Yes – <5

 

Have you paid out any compensation to any of the victims that made
complaints? If so, how many?

Department 1: No

Department 2: No

 

If you have paid out compensation, how much have you paid out in total?

Department 1: Not applicable

Department 2: Not applicable

 

Please send me a list of each complaint reference and how much
compensation you paid out per complaint.  

Department 1: Not Applicable

Department 2: Not applicable

 

Who is your data protection officer? 

Department 1: Keith Whitefield

Department 2: Alison Watson

 

What is their contact details?

Department 1: Tel: 03452 777 778 or E-mail:
[1][email address]

Department 2: [2][email address]

In compiling responses to information requests we invariably use
information which is routinely published on the [3]Council’s
website (opens in a new window) or through its [4]Publication Scheme
(opens in a new window). If you require further information please first
check that the information you want is not routinely published as any such
information is exempt from release in terms of Section 25 of the Freedom
of Information (Scotland) Act 2002 or Regulation 6(1)(b) of the
Environmental Information (Scotland) Regulations 2004.

Please note that the information contained in this reply is believed to be
accurate as at today's date (unless otherwise indicated) but no warranty
is given.  Further, Angus Council does not accept liability for any loss,
injury or damage which arises from the use of the information contained in
this reply either by you or by any other party.  Please refer to the
request summary document sent to you as part of your request
acknowledgement which explains your right to ask for a review if you are
unhappy with the Council’s decision on this matter.

If you have any queries, please contact
[email address].

Yours sincerely

Alison Duthie
Acting Paralegal - FOI

FREEDOM OF INFORMATION (SCOTLAND) ACT 2002

ENVIRONMENTAL INFORMATION (SCOTLAND) REGULATIONS 2004

INSPIRE (SCOTLAND) REGULATIONS 2009

Your Right to Request a Review by the Council

If you are dissatisfied with the way in which Angus Council has dealt with
your request for information under any of the above legislation, you have
a right to ask the council to review its actions and/or decisions
regarding your request. If you wish to do this, you should make your
request to the Service Leader - Legal, Angus Council, Angus House, Sylvie
Way, Orchardbank Business Park, Forfar DD8 1AN or
email [5][Angus Council request email] within 40 working days.

Your request must:

* be in writing (or recordable format),
* give your name and address for correspondence,
* give details of the information which you originally requested from
the council, and
* give the reasons why you are dissatisfied with the way in which your
application for information has been dealt with.

Your application for review will then be considered by the council's
review panel. The review panel will write to inform you of its decision
not later than 20 working days after receipt of your request for review.
The review panel will also provide you with a statement of its reasons for
arriving at the decision it has made.

Your Right to Appeal to the Scottish Information Commissioner

If you are dissatisfied with a decision of the council's review panel (or
where the review panel has not provided you with a response), you have the
right to apply to the Scottish Information Commissioner for a decision as
to whether your request for information has been dealt with by the council
in accordance with the above statutory instruments.

Your application to the Scottish Information Commissioner must:

* be in a recordable format (letter, e-mail, audio tape etc),
* give your name and address for correspondence,
* give details of the request for information which you originally
requested from the council,
* give details of why you were dissatisfied with the council’s response
to your original request,
* give details of why you were dissatisfied with the decision of the
council's review panel.

In the case of an EIR or FOI request your application to the Scottish
Information Commissioner must be made within 6 months of receipt of the
decision of the council’s review panel (or within 6 months of the date
that the review panel should have responded).  No such time limit applies
under the 2009 Regulations. 

Appeals to the Commissioner can be lodged online through the following
hyperlink:

[6]http://www.itspublicknowledge.info/YourR...
by contacting:

Scottish Information Commissioner, Kinburn Castle, Doubledykes Road, St
Andrews, Fife, KY16 9BS; Telephone - 01334 464610; Fax - 01334 464611;
Email - [7][email address]

 

This message is strictly confidential. If you have received this in error,
please inform the sender and remove it from your system. If received in
error you may not copy, print, forward or use it or any attachment in any
way. This message is not capable of creating a legal contract or a binding
representation and does not represent the views of Angus Council. Emails
may be monitored for security and network management reasons. Messages
containing inappropriate content may be intercepted. Angus Council does
not accept any liability for any harm that may be caused to the recipient
system or data on it by this message or any attachment.

References

Visible links
1. mailto:[email address]
2. mailto:[email address]
3. Council’s website
https://www.angus.gov.uk/
4. Publication Scheme
https://www.angus.gov.uk/council_and_dem...
5. mailto:[Angus Council request email]
6. http://www.itspublicknowledge.info/YourR...
7. mailto:[email address]

Angus Council Information Governance, Angus Council

1 Attachment

Reference: FOI-345098417
Date of request: 28/06/2021
Title of request: Energy Provision

Dear Jonathan Bull,

Thank you for completing the FOI Request form. We have received your
request and will be in touch shortly.

If we are unable to provide you with a response within 20 working days, we
will advise you of this. Please refer to the attachment which gives a
summary of your request and explains your right to ask for a review if you
are unhappy with how the Council is dealing with your request.

Yours sincerely

Information Governance

 

This message is strictly confidential. If you have received this in error,
please inform the sender and remove it from your system. If received in
error you may not copy, print, forward or use it or any attachment in any
way. This message is not capable of creating a legal contract or a binding
representation and does not represent the views of Angus Council. Emails
may be monitored for security and network management reasons. Messages
containing inappropriate content may be intercepted. Angus Council does
not accept any liability for any harm that may be caused to the recipient
system or data on it by this message or any attachment.

Angus Council Information Governance, Angus Council

Reference: FOI-345098417
Date of request: 28/06/2021
Title of request: Energy Provision

Dear Jonathan Bull,

Request for Information

Thank you for your request for information dated 28/06/2021 (received by
the Council that same date) which has been passed to me for attention.

You have requested the following information, the responses are provided
against each request:

Who is your energy provider?

Electricity: EDF Energy (EDF Energy Customers Ltd)

Gas: TOTAL Energies (TOTAL Gas and Power Ltd)

When is your contract renewal date?

Electricity: 31/03/2024. (including extensions)

Gas: 31/03/2025. (including extensions)

How much do you spend annually on energy?

Last full year not Covid affected:

Electricity 2019/20: £3,254,576.

Gas 2019/20: £1,036,590.

When you signed your most recent energy contract, did you go through a
third party broker who brokered the deal for you?

 Yes, Scottish Procurement.

Who is the person who makes the decision on which energy provider you go
with?

Scottish Procurement: Link to Public Sector Procurement -
[1]https://www.gov.scot/policies/public-sec...

Electricity Framework
link: [2]https://www.gov.scot/publications/electr...

Gas Framework
Link: [3]https://www.gov.scot/publications/electr...

What is their contact details?

[4][email address]

In compiling responses to information requests we invariably use
information which is routinely published on the [5]Council’s
website (opens in a new window) or through its [6]Publication Scheme
(opens in a new window). If you require further information please first
check that the information you want is not routinely published as any such
information is exempt from release in terms of Section 25 of the Freedom
of Information (Scotland) Act 2002 or Regulation 6(1)(b) of the
Environmental Information (Scotland) Regulations 2004.

Please note that the information contained in this reply is believed to be
accurate as at today's date (unless otherwise indicated) but no warranty
is given.  Further, Angus Council does not accept liability for any loss,
injury or damage which arises from the use of the information contained in
this reply either by you or by any other party.  Please refer to the
request summary document sent to you as part of your request
acknowledgement which explains your right to ask for a review if you are
unhappy with the Council’s decision on this matter.

If you have any queries, please contact Douglas Henderson at
[email address].

Yours sincerely

Douglas Henderson
Manager Property Asset

FREEDOM OF INFORMATION (SCOTLAND) ACT 2002

ENVIRONMENTAL INFORMATION (SCOTLAND) REGULATIONS 2004

INSPIRE (SCOTLAND) REGULATIONS 2009

Your Right to Request a Review by the Council

If you are dissatisfied with the way in which Angus Council has dealt with
your request for information under any of the above legislation, you have
a right to ask the council to review its actions and/or decisions
regarding your request. If you wish to do this, you should make your
request to the Service Leader - Legal, Angus Council, Angus House, Sylvie
Way, Orchardbank Business Park, Forfar DD8 1AN or
email [7][Angus Council request email] within 40 working days.

Your request must:

* be in writing (or recordable format),
* give your name and address for correspondence,
* give details of the information which you originally requested from
the council, and
* give the reasons why you are dissatisfied with the way in which your
application for information has been dealt with.

Your application for review will then be considered by the council's
review panel. The review panel will write to inform you of its decision
not later than 20 working days after receipt of your request for review.
The review panel will also provide you with a statement of its reasons for
arriving at the decision it has made.

Your Right to Appeal to the Scottish Information Commissioner

If you are dissatisfied with a decision of the council's review panel (or
where the review panel has not provided you with a response), you have the
right to apply to the Scottish Information Commissioner for a decision as
to whether your request for information has been dealt with by the council
in accordance with the above statutory instruments.

Your application to the Scottish Information Commissioner must:

* be in a recordable format (letter, e-mail, audio tape etc),
* give your name and address for correspondence,
* give details of the request for information which you originally
requested from the council,
* give details of why you were dissatisfied with the council’s response
to your original request,
* give details of why you were dissatisfied with the decision of the
council's review panel.

In the case of an EIR or FOI request your application to the Scottish
Information Commissioner must be made within 6 months of receipt of the
decision of the council’s review panel (or within 6 months of the date
that the review panel should have responded).  No such time limit applies
under the 2009 Regulations. 

Appeals to the Commissioner can be lodged online through the following
hyperlink:

[8]http://www.itspublicknowledge.info/YourR...
by contacting:

Scottish Information Commissioner, Kinburn Castle, Doubledykes Road, St
Andrews, Fife, KY16 9BS; Telephone - 01334 464610; Fax - 01334 464611;
Email - [9][email address]

 

This message is strictly confidential. If you have received this in error,
please inform the sender and remove it from your system. If received in
error you may not copy, print, forward or use it or any attachment in any
way. This message is not capable of creating a legal contract or a binding
representation and does not represent the views of Angus Council. Emails
may be monitored for security and network management reasons. Messages
containing inappropriate content may be intercepted. Angus Council does
not accept any liability for any harm that may be caused to the recipient
system or data on it by this message or any attachment.

References

Visible links
1. https://www.gov.scot/policies/public-sec...
2. https://www.gov.scot/publications/electr...
3. https://www.gov.scot/publications/electr...
4. mailto:[email address]
5. Council’s website
https://www.angus.gov.uk/
6. Publication Scheme
https://www.angus.gov.uk/council_and_dem...
7. mailto:[Angus Council request email]
8. http://www.itspublicknowledge.info/YourR...
9. mailto:[email address]

WhatDoTheyKnow left an annotation ()

The initial outgoing correspondence here contains two requests which have been dealt with separately by Angus Council.

We at WhatDoTheyKnow briefly thought there had been an error here so the responses relating to Energy Provision were moved off this thread for a few hours. We've now moved them back. This explains the fact some of the messages are now shown out of chronological order.

The issue with HTML appearing in some correspondence is not a bug with WhatDoTheyKnow.co but is how the council responded. The WhatDoTheyKnow.com team are corresponding with the council to seek to understand what happened there.