Personal Data Breaches

The request was partially successful.

Dear East Ayrshire Council,
I am making a request under FOISA in respect of the following information.

The date of the last review of technical and organisational measures in accordance with Section 56 of the DPA2018. In the event that there has been no review since 28/5/18 the date by which such a review will have been made.

The number of staff trained in accordance with Section 71 (c) of DPA18 since 1/6/2018. Please split this into following categories by calendar year from 2017 to 31st September 2020.

Teachers
Manual Workers
Social Work Practitioners
Administration and Clerical
SIRO & IAO

Details of the information governance framework. This should cover duration, method of delivery, topics covered and copies of materials used to deliver data protection, information security and records management training.

Between January 2017 and 31st September 2020 broken down by year , confirm how many breaches of personal data you have been responsible for.

How many of these breaches were reported to the ICO?

In respect of breaches provide details of the circumstances, type of breach, for example what information/system was breached and the relevant cause.

Yours faithfully,

Craig Corrigan

Freedom Of Information, East Ayrshire Council

1 Attachment

  • Attachment

    Caring Kind connected logo.jpg

    35K Download

Thank you for contacting East Ayrshire Council.  This is an automated

response to advise you that your email has been received.

 

Due to the situation regarding Coronavirus (COVID-19) resources within the

Council are being prioritised and it may take longer, than the standard

timescale of responding within 20 workings days, to reply to your freedom

of information request.  Your request will be responded to in due course

unless you inform us that you have withdrawn your request at this
time.    

 

 

If your enquiry concerns any other matter, your email will be passed to
the

relevant section for appropriate action to be taken.

 

 

Regards,

 

FOI Team.

 

 

show quoted sections

Gibson, Robert,

2 Attachments

CLASSIFICATION: PUBLIC

Dear Mr Corrigan,

 

I refer to your email dated 16 October.

 

The Council is treating your request in accordance with the Freedom of
Information (Scotland) Act 2002 (FOISA).

 

Please find below our reply.

 

The date of the last review of technical and organisational measures in
accordance with Section 56 of the DPA2018.  In the event that there has
been no review since 28/5/18 the date by which such a review will have
been made.

 

A review was undertaken in 2017/18 in preparation for the introduction of
the General Data Protection Regulations.

 

The number of staff trained in accordance with Section 71 (c) of DPA18
since 1/6/2018. 

 

4,230 staff have been trained

 

Please split this into following categories by calendar  year from 2017 to
31st September 2020.

Teachers, Manual Workers, Social Work Practitioners, Administration and
Clerical, SIRP &IAO

 

Our system does not differentiate between the categories that you have
listed and therefore in accordance with Section 17 of the Freedom of
Information (Scotland) Act 2002 I must inform you that we do not hold the
information that you have requested.

 

Details of the information governance framework.  This should cover
duration, method of delivery, topics covered and copies of materials used
to deliver data protection, information security and records management
training. 

 

Information Governance training is provided through four online 30 minute
modules (Data Protection, Information Security, Cyber Security and Records
Management) and face to face training during a half-day session on data
protection and IT security.   We are not able to provide you with the
contents of the training as it contains information regarding our internal
systems and processes that we have for protecting the information that we
hold and process and such information could be used by individuals trying
to counteract our security.  Please note that we are not implying that you
would use this information for nefarious purposes but releasing
information through a freedom of information request means that the
information becomes public and can be requested and seen by any person. 
Therefore in accordance with Section 30 (c) of FOISA we are unable to
provide you with this information as disclosure would be likely to
prejudice the effective conduct of public affairs. East Ayrshire Council
acknowledges the public interest in openness and therefore recognises that
any request under FOISA is potentially in the public interest. However, in
the circumstances we feel that the specific public interest of
safeguarding our systems and processes outweighs the general public
interest in openness.

 

Between January 2017 and 31st September 2020 broken down by year , confirm
how many breaches of personal data you have been responsible for.

How many of these breaches were reported to the ICO? In respect of
breaches provide details of the circumstances, type of breach, for example
what information/system was breached and the relevant cause. 

 

Year      No of Breaches                Reported to ICO              Type
of Breach

 

2017      1                                        
1                                         1 Accidental disclosure

2018      2                                        
2                                         1 Accidental disclosure, 1
Unauthorised processing

2019      5                                        
1                                         3 Accidental disclosure, 2
Unauthorised processing

2020      7                                        
0                                         7 Accidental disclosure

 

I trust that the above information proves helpful.

 

Regards,

 

Robert Gibson

Freedom of Information Team

East Ayrshire Council

 

Email : [1][email address]

 

show quoted sections