Data Protection Officer

Roedd y cais yn llwyddiannus.

Dear Stirling Council,

1. Could you let me know?

a. What position in the Council is designated as Senior Information Risk Owner (SIRO)?
b. The name of your Data Protection Officer (DPO)?
c. Job title of the DPO, if not just DPO?
d. If the DPO also has other duties, approximately how much of their time is spent on DPO work?
e. If the DPO has other responsibilities, has a risk assessment been carried out to ensure that any potential conflicts of interest as identified in the GDPR and the guidance from the European Data Protection Board are managed? If so, has this been reviewed in light of the recent decision of the Belgium Data Protection Authority (28 April 2020): https://edpo.com/news/dpo-and-conflict-o...
f. The line manager of the DPO – i.e. the post that the post holder reports to. Is it the SIRO?
g. Who the DPO reports to in their role as DPO if that differs from the line manager? Is it the SIRO?
h. At what spinal point is the DPO paid?
i. Key relevant qualifications that the DPO and SIRO hold or relevant training completed.

2. And could you provide the relevant extract of the Council’s Organisational Chart that shows the DPO, the DPO’s line manager, the post holder that the DPO reports to, the SIRO and Chief Executive?

Yours faithfully,

Caroline Smith

FOI, Stirling Council

Thank you for your email which we will endeavour to respond to as quickly
as possible.  
Important information regarding COVID-19 and Freedom of Information
requests
If you are contacting us in relation to a new or existing Freedom of
Information (FOISA) request, please note that whilst we will make every
effort to process your request within the normal timescales, there may be
occasions when this is not possible due to the COVID-19 situation.  Where
this is the case, we will let you know as soon as we become aware that
there may be a delay in providing you with the requested information.  
The Scottish Information Commissioner (SIC) has provided a statement in
relation to the processing of requests and the time it may take public
authorities to complete them during these exceptional and challenging
times.  You can view the Commissioner's statement on the OSIC website
[1]here.   
 

This email and any attachments are intended solely for the individual or
organisation to which they are addressed and may be confidential and/or
legally privileged. If you have received this email in error please
forward it to [email address] and then delete it. Please check
this email and any attachments for the presence of viruses as Stirling
Council accepts no liability for any harm caused to the addressees'
systems or data. Stirling Council may monitor its email system. Stirling
Council accepts no liability for personal emails.

[2]Stirling Council.

[3]Living Wage Employer

References

Visible links
1. http://www.itspublicknowledge.info/home/...
http://www.itspublicknowledge.info/home/...
2. http://www.stirling.gov.uk/

FOI, Stirling Council

Dear Ms Smith,

 

Your request for information has been logged and allocated reference
FOI/14364.

 

Your request will be dealt with under the Freedom of Information
(Scotland) Act 2002 (FOISA) under the Coronavirus (Scotland) Act 2020, and
if determined appropriate to do so during the course of your request, also
the Environmental Information (Scotland) Regulations, 2004 (EIRs).

 

Your request will be forwarded to the service area(s) holding the
information. Please note, the service area(s) holding the information may
need further information from you to locate the information sought once
they have received the request, and you will be contacted again should
this be necessary.

 

Unless clarification is required your request will be answered promptly,
and within twenty working days of the date your request was received – in
this case no later than 16/09/20

 

The Freedom of Information (Scotland) Act 2002 by the Coronavirus
(Scotland) Act allows for the deadline for answering a request to be
extended by a further forty days in certain circumstances. Should your
request be extended, we will inform you by 16/09/20.

 

Yours sincerely,

Fiona McCallum

 

Records & Information Governance Team

Stirling Council

Stirling FK8 2ET

01786 233988

[1][Stirling Council request email]

 

 

 

dangos adrannau a ddyfynnir

FOI, Stirling Council

1 Atodiad

Dear Ms Smith,

 

I refer to your request for information, logged by us as FOI/14364 and can
provide the following information in response to your request.

1a. What position in the Council is designated as Senior Information Risk
Owner (SIRO)?  
The Council is in the process of identifying a suitable officer for this
post.

 

1b. The name of your Data Protection Officer (DPO)?
Julia Mountford.

 

1c. Job title of the DPO, if not just DPO?
Solicitor.

 

1d. If the DPO also has other duties, approximately how much of their time
is spent on DPO work?
The DPO role is currently being carried out on an interim basis.

 

1e. If the DPO has other responsibilities, has a risk assessment been
carried out to ensure that any potential conflicts of interest as
identified in the GDPR and the guidance from the European Data Protection
Board are managed? If so, has this been reviewed in light of the recent
decision of the Belgium Data Protection Authority (28 April 2020):
[1]https://edpo.com/news/dpo-and-conflict-o...  
The role of solicitor does not lead to the determination of the purposes
and means of processing personal data therefore there is no conflict of
interest and no risk assessment required.

 

1f. The line manager of the DPO – i.e. the post that the post holder
reports to. Is it the SIRO?  
The Legal Manager.

 

1g. Who the DPO reports to in their role as DPO if that differs from the
line manager? Is it the SIRO?  
The Chief Officer – Governance.

 

1h. At what spinal point is the DPO paid?
We are declining to disclose this information due to the exemption in
Section 38(1)(b) of the Freedom of Information (Scotland) Act 2002 (FOISA)
relating to personal information.

 

1i. Key relevant qualifications that the DPO and SIRO hold or relevant
training completed.  
Relevant legal qualifications and knowledge and experience of Data
Protection Law. The DPO role is on an interim basis and therefore training
is ongoing.

 

2. And could you provide the relevant extract of the Council’s
Organisational Chart that shows the DPO, the DPO’s line manager, the post
holder that the DPO reports to, the SIRO and Chief Executive?
Please see the attached file ‘Stirling Council – Line Management of
DPO.docx’.

 

 

If you are dissatisfied with the way in which your request for information
has been dealt with you are entitled to request a review of the actions
and decisions made by the Council in relation to your request. Your
request for review must be in writing or some other permanent form stating
your name and address for correspondence, and specifying the request for
information to which your request for review relates and why you are
dissatisfied with the response.

 

You must make your request for review not later than 40 working days after
the expiry of the 20 working day period of response to your initial
request by the Council or not later than 40 working days after the receipt
by you of the information provided, any fees notice issued or any
notification of refusal or partial refusal.

 

Your request for review should be addressed in the first instance to:

Records & Information Compliance Manager, Stirling Council, Viewforth,
STIRLING FK8 2ET email [2][Stirling Council request email]

 

The Records & Information Compliance Manager will then arrange for an
appropriate officer to undertake a review.

 

Please note that in any email you must state your name.

 

If you are dissatisfied with how your request for a review has been dealt
with, then you are entitled to ask the Scottish Information Commissioner
to investigate your case. You must ask the Scottish Information
Commissioner no later than 6 months after the date of receipt by you of
the notice or decision you are dissatisfied with or within 6 months of the
expiry of the period of 20 working days from receipt by the Council of
your request for review.

 

The Scottish Information Commissioner recommends that you appeal online.
The online appeal service is available here:
[3]www.itspublicknowledge.info/Appeal

You do not need to submit an appeal online, but if you do it will ensure
the Commissioner is provided with all the information required to
investigate your case quickly.

 

For further information about making an appeal to the Scottish Information
Commissioner, including how to submit an appeal by email or post, see:

[4]http://www.itspublicknowledge.info/YourR...

 

If you do not have access to the internet, you can contact the Scottish
Information Commissioner at Kinburn Castle, Doubledykes Road, St Andrews,
Fife KY16 9DS, Tel: 01334 464610 Email:
[5][email address]

 

You also have the subsequent right of appeal to the Court of Session, on a
point of law only, if dissatisfied with a decision issued by the
Commissioner. Any such appeal must be made within 42 days of the date of
intimation of the Commissioner's decision notice.

 

Yours sincerely,

 

Records & Information Governance Team

Stirling Council

01786 233988

[6][Stirling Council request email]

 

 

This email and any attachments are intended solely for the individual or
organisation to which they are addressed and may be confidential and/or
legally privileged. If you have received this email in error please
forward it to [email address] and then delete it. Please check
this email and any attachments for the presence of viruses as Stirling
Council accepts no liability for any harm caused to the addressees'
systems or data. Stirling Council may monitor its email system. Stirling
Council accepts no liability for personal emails.

[7]Stirling Council.

[8]Living Wage Employer

References

Visible links
1. https://edpo.com/news/dpo-and-conflict-o
2. mailto:[Stirling Council request email]
3. http://www.itspublicknowledge.info/Appeal
4. http://www.itspublicknowledge.info/YourR...
5. mailto:[email address]
6. mailto:[Stirling Council request email]
7. http://www.stirling.gov.uk/