Nid ydym yn gwybod a yw'r ymateb mwyaf diweddar i'r cais hwn yn cynnwys gwybodaeth neuai peidio - os chi ywP Rourke mewngofnodwch a gadael i bawb wybod.

Kingdom Services Group "Data Breach and GDPR"

We're waiting for P Rourke to read recent responses and update the status.

Dear Northampton Borough Council,

1. As Joint Controllers of the data being processed for the Environmental Enforcement contract with KSG (KSG), can you confirm that either you or KSG reported the breach (within 72hrs) of Kingdom's "Bonus Spreadsheet for 2018" being available online for anyone to observe? The spreadsheet was not password protected. It also contained the names of all the council's working with KSG and all of their employee names and FPN totals for each day (no security whatsoever).

2. As Joint controllers of the data being processed for the Environmental Enforcement contracts, can you confirm that either you or KSG formally informed all of their employees (authorised council officers), whose names were on the spreadsheet?

3. Could you confirm that all the Body Worn Cameras being used to collect personal identifiable information from members of the public have been encrypted as per the GDPR (2016). KSG use Body Worn Cameras supplied by Pinnacle. The PR5 model is not encrypted and cannot be used to collect personal identifiable information. Therefore, they must be using the PR6 model. Could you confirm the model being used for your contract?

4. Can you confirm that all officers employed by KSG have been trained in accordance to DPA 1998 and GDPR (2016) and that you have seen the signed training records for this training?

5. Can you confirm that all the officers employed by KSG, authorised to enforce littering offences on behalf of the council have been fully vetted and have valid DBS check, which the council have seen?

Could you confirm KSG have a Data Protection Officer/department and the contact email for this person/department.

Could you provide me with a copy of the following documents/policies which will have been updated in accordance with the General Data Protection Regulations (2016), the regulations came into force on 25th May 2018. Therefore, all of the documents will have been updated.

1. A copy of your Data Sharing Agreement with KSG for the delivery of Environmental Enforcement Services and a variation to this agreement to show the inclusion of GDPR (2016).

2. A copy of the Data Protection Impact Assessment for The Environmental Enforcement Services delivered by KSG on behalf of the council, which will show the inclusion of GDPR (2016). This assessment will include all systems used for processing Personal identifiable information e.g. systems, Body Worn Cameras, Handheld Computers and officer notebooks.

3. A copy of the Body Worn Camera Policy being adhered to by the officers employed by KSG working on behalf of the council. Also the previous version of this policy before adhering to the GDPR (2016).

4. A copy of the data retention policy being used in accordance with GDPR (2016) for the Environmental Enforcement contract with KSG.

Yours faithfully,

P Rourke

Requests, Northampton Borough Council

Please accept this response as acknowledgement that your request has been received by Northampton Borough Council. You will not normally receive another communication until the Council responds to your request. Under the Freedom of Information Act 2000 (FOI) and the Environmental Information Regulations 2004 (EIR) the Council has 20 working days in which to respond to your request. If you require any further information regarding your request please contact Information Governance, The Guildhall, Northampton, NN1 1DE. Tel 01604 838536 / 838841 or by responding directly to this email.

Requests made for personal information under the General Data Protection Regulations 2016 (GDPR) are called SAR’s (Subject Access Requests) and are normally responded to within 28 days. However, the Council may contact you for further information to clarify your request before it can begin collating your personal data. If you require any further information regarding your SAR or your rights under the GDPR please contact The Data Protection Officer, The Guildhall, Northampton, NN1 1DE. Tel 01604 838536

To find out more about how the Council handles your personal data please visit www.northampton.gov.uk/privacynotices<http://www.northampton.gov.uk/privacynot...>

Please note that the contents of this e-mail, including any attachments thereto, may contain information which is confidential or privileged, and which is solely for the use of the recipient named above. The information contained in this e-mail, and in your reply, may be subject to disclosure under the Freedom of Information Act 2000 or other legislation, and its confidentiality cannot be guaranteed. If you are not the intended recipient, please be aware that any disclosure, copying, distribution or use of the contents of this e-mail is strictly prohibited.

Northampton Borough Council, The Guildhall, Northampton, United Kingdom, NN1 1DE
+44 (0)300 330 7000
www.northampton.gov.uk

Requests, Northampton Borough Council

2 Atodiad

Mr P ORourke,

 

Please find attached the Council’s response to your recent FOI request on
the Kingdom Services Group data breach.

 

David Taylor

Data Protection Officer

Borough Secretary's Department

The Guildhall

Northampton

NN1 1DE

 

Telephone: 01604 838536

Fax: 01604 837057

Email: [1][email address]

 

FOI disclosure web pages
[2]http://www.northampton.gov.uk/site/scrip...

 

 

[3]cid:image003.png@01D1206A.109A60B0

 

P

Please consider the environment before printing this email. 

If printing please recycleC Thank you......

 

Please note that the contents of this e-mail, including any attachments
thereto, may contain information which is confidential or privileged, and
which is solely for the use of the recipient named above. The information
contained in this e-mail, and in your reply, may be subject to disclosure
under the Freedom of Information Act 2000 or other legislation, and its
confidentiality cannot be guaranteed. If you are not the intended
recipient, please be aware that any disclosure, copying, distribution or
use of the contents of this e-mail is strictly prohibited. Northampton
Borough Council, The Guildhall, Northampton, United Kingdom, NN1 1DE +44
(0)300 330 7000 www.northampton.gov.uk     

References

Visible links
1. blocked::blocked::mailto:[email address] blocked::mailto:[email address]
file:///tmp/blocked::mailto:[email address]
2. blocked::blocked::http://www.northampton.gov.uk/site/scrip... blocked::http://www.northampton.gov.uk/site/scrip...
file:///tmp/blocked::http:/www.northampton.gov.uk/site/scripts/documents_info.php?documentID=383
3. https://www.gov.uk/voting-in-the-uk

Nid ydym yn gwybod a yw'r ymateb mwyaf diweddar i'r cais hwn yn cynnwys gwybodaeth neuai peidio - os chi ywP Rourke mewngofnodwch a gadael i bawb wybod.