Nid ydym yn gwybod a yw'r ymateb mwyaf diweddar i'r cais hwn yn cynnwys gwybodaeth neuai peidio - os chi ywBilly Briggs mewngofnodwch a gadael i bawb wybod.

Data breaches

Billy Briggs made this Rhyddid Gwybodaeth request to Argyll and Bute Council as part of a batch sent to 32 authorities

Automatic anti-spam measures are in place for this older request. Please let us know if a further response is expected or if you are having trouble responding.

We're waiting for Billy Briggs to read recent responses and update the status.

Dear Argyll and Bute Council,

I wish to make a request for information under FOISA 2002 and would be grateful for a reply to the following questions. My request is with regard to data breaches by staff since January 2017 and cyber attacks over the same period.

1 - How many data breaches have you recorded each year since January 2017, and what were the breaches in relation to please?

2 - Were any staff members disciplined as a result of data breaches? If so, how many please and what action was taken against them? eg Were they dismissed and/or was Police Scotland informed?

3 - What training do you provide staff on data protection please, and how often do they undertake such training?

4 - Are all your staff up to date with GDPR training? If not, how many staff are still to complete such training?

5 - Can you provide details of any fines you've received for data breaches please?

6 - How many cyber attacks have you suffered since January 2017 and how much did each attack cost?

Please send the information by email please.

Yours faithfully,

Billy Briggs

foi, Argyll and Bute Council

Thank you for your email to Argyll and Bute Council in relation to Freedom
of Information Requests. We will endeavour to respond to your email as
soon as possible.  
Many Thanks
FOI team 

══════════════════════════════════════════════════════════════════════════

Argyll and Bute Council's e-mail system (also used by LiveArgyll)
classifies the sensitivity of emails according to the Government Security
Classifications.

Privileged/Confidential Information may be contained in this message. If
you are not the addressee indicated in this message (or responsible for
delivery of the message to such person), you may not disclose, copy or
deliver this message to anyone and any action taken or omitted to be taken
in reliance on it, is prohibited and may be unlawful.

In such case, you should destroy this message and kindly notify the sender
by reply email. Opinions, conclusions and other information in this
message that do not relate to the official business of Argyll and Bute
Council or LiveArgyll shall be understood as neither given nor endorsed by
them.

All communications sent to or from Argyll and Bute Council or LiveArgyll
may be subject to recording and/or monitoring in accordance with relevant
legislation.

This email has been scanned for viruses, vandals and malicious content.

Administrator,


Dear Billy Briggs

Request for information: Freedom of Information request - Data breaches

Thank you for your information request which we have logged as reference
argyllbuteir:14594.

It has been passed to the relevant service(s) for attention and you should
receive a response under either the Freedom of Information (Scot) Act 2002
or the Environmental Information (Scotland) Regulations 2004 by 2022-09-12
00:00:00. We hope to respond within this timescale but, due to the
staffing/capacity issues with COVID-19, some requests may take little
longer.

Please quote the reference number above in any correspondence you may have
with the Council in regard to this request.

Regards

FOI Officer

Privacy information: Any personal information you have provided in
relation to this request will be used only for the intended purpose -
please read the full privacy notice to find out more about how your
personal information will be handled, and your rights under data
protection legislation.

foi, Argyll and Bute Council

1 Atodiad

Classification: OFFICIAL

 

Dear Mr Briggs

 

Request for information: Data breaches

Reference: argyllbuteir:14594.

 

I refer to your request for information which was dealt with in terms of
the Freedom of Information (Scotland) Act 2002 (FOISA).

 

I have provided the following information in fulfilment of your request:

 

My request is with regard to data breaches by staff since January 2017 and
cyber attacks over the same period.

1 - How many data breaches have you recorded each year since January 2017,
and what were the breaches in relation to please?

In relation to information from January 2017-May 2018, I must refuse this
part of your request under Section 17 of FOISA, as this information is not
held.  A central record of data breaches is held from May 2018, and
information is provided below:

May 2018 – December 2018 – 47  

2019 – 71

2020 - 75

2021 - 79

2022 to date – 32

The majority of data breaches (note – not all incidents recorded have
resulted in actual data breaches, although they are recorded as such) have
been in relation to email recipients – either lack of bcc function for a
group email, or emails sent to the wrong recipient.  A summary of the
remainder of the breaches is provided below:

Information/ correspondence posted to wrong or previous address

unauthorised access of records – internal

information issued with incorrect data relating to another customer

information including personal data not disposed of correctly

Loss / theft of devices (phone, laptop, Ipad – process followed to
deactivate devices, no breach

Photos added to social media without consent in place

Information added to wrong account in internal system

 

2 - Were any staff members disciplined as a result of data breaches? If
so, how many please and what action was taken against them? eg Were they
dismissed and/or was Police Scotland informed?

Response:  No staff have been disciplined in relation to data breaches

3 - What training do you provide staff on data protection please, and how
often do they undertake such training?

All staff are required to complete an internal data protection e-learning
course.  The full course is required to be completed once by each
employee, and a short refresher course is provided annually.

4 - Are all your staff up to date with GDPR training? If not, how many
staff are still to complete such training?

Response:  Information from our internal e-learning system shows that 64%
of staff have completed the e-learning course.  This accounts for staff
who have access to our internal network only, and does not include
non-office based staff (for example:  refuse collectors, catering and
cleaning staff)  Data Protection training has been delivered to these
“offline” groups of staff through team meetings and toolbox talks.  Over
the past year, the Council has been moving to a new learning management
system, and work is ongoing to capture an accurate record of training
delivered to “offline” staff.   

5 - Can you provide details of any fines you've received for data breaches
please?

Response:  No fines have been issued to Argyll and Bute Council in
relation to data protection.

6 - How many cyber attacks have you suffered since January 2017 and how
much did each attack cost?

Response:  Zero attacks

 

If you are dissatisfied with the way in which your request for information
has been dealt with you are entitled to request a review by writing to the
Executive Director Customer Services, Argyll and Bute Council, Kilmory,
Lochgilphead, Argyll PA31 8RT, or by email to [Argyll and Bute Council request email].

 

Your request for review must state your name and address for
correspondence, specify the request for information to which your request
for review relates and why you are dissatisfied with the response.

 

You must make your request for review not later than 40 working days after
the expiry of the 20 working day period for response to your initial
request by the Council, or not later than 40 working days after the
receipt by you of the information provided, any fees notice issued or any
notification of refusal or partial refusal.

 

If you make an application for review and remain dissatisfied with the way
in which the review has been dealt with you are entitled to make an
application to the Scottish Information Commissioner, Kinburn Castle,
Doubledykes Road, St Andrews, Fife KY16 9DS (Tel: 01334 464610) for a
further review. You can now do this online here -
www.itspublicknowledge.info/Appeal.

 

You must make representation to the Scottish Information Commissioner no
later than 6 months after the date of receipt by you of the notice or
decision you are dissatisfied with or within 6 months of the expiry of the
period of 20 working days from receipt by the Council of your request for
review.

 

Regards

 

Fiona Anderson   [2]CSE
Small
Compliance and Regulatory (7)
Officer

Legal and Regulatory
Support

Argyll and Bute Council

Kilmory

Lochgilphead

Argyll

PA31 8RT

 

[1]www.argyll-bute.gov.uk

Argyll and Bute -
Realising our potential
together

 

 

══════════════════════════════════════════════════════════════════════════

Argyll and Bute Council's e-mail system (also used by LiveArgyll)
classifies the sensitivity of emails according to the Government Security
Classifications.

Privileged/Confidential Information may be contained in this message. If
you are not the addressee indicated in this message (or responsible for
delivery of the message to such person), you may not disclose, copy or
deliver this message to anyone and any action taken or omitted to be taken
in reliance on it, is prohibited and may be unlawful.

In such case, you should destroy this message and kindly notify the sender
by reply email. Opinions, conclusions and other information in this
message that do not relate to the official business of Argyll and Bute
Council or LiveArgyll shall be understood as neither given nor endorsed by
them.

All communications sent to or from Argyll and Bute Council or LiveArgyll
may be subject to recording and/or monitoring in accordance with relevant
legislation.

This email has been scanned for viruses, vandals and malicious content.

References

Visible links
1. http://www.argyll-bute.gov.uk/

Nid ydym yn gwybod a yw'r ymateb mwyaf diweddar i'r cais hwn yn cynnwys gwybodaeth neuai peidio - os chi ywBilly Briggs mewngofnodwch a gadael i bawb wybod.