Nid ydym yn gwybod a yw'r ymateb mwyaf diweddar i'r cais hwn yn cynnwys gwybodaeth neuai peidio - os chi ywtim wells mewngofnodwch a gadael i bawb wybod.

Dear Cardiff University,
1) please can you send me a copy of the current subject access request acknowledgment AND response letter that you use
2) a copy of the last 5 dpias completed
3) a copy of any internal mandatory information governance training that you give to staff which was written in the last 2 years including presentation slides and videos and any other media
4) a copy of any instructions given to staff members to reduce data security breaches, for example double checking work which was written in the last 5 years
5) a list of any policies implemented in the last 2 years within the organisation to help reduce the environmental impact that the organisation has?

Yours faithfully,

tim wells

InfoRequest, Cardiff University

Dear Tim,

 

I acknowledge receipt of your email received by this office on 17/12/19 in
which you requested information regarding SAR documentation. 

 

Your request will now be dealt with under the Freedom of Information Act
2000 and has been allocated reference FOI19-503 which should be quoted in
all correspondence. We will respond to your request within 20 working days
starting the next working day after receipt, therefore you can expect to
receive a response no later than 20/01/20.

 

Where we consider that we will not be able to meet this deadline or if
further time is required to consider the public interest test we will
contact you as soon as possible and give you a revised date for response.

 

In some circumstances a fee may be payable and, if that is the case, we
will let you know. A fees notice will be issued to you, and you will be
required to pay before we will proceed to deal with your request.

Yours sincerely

 

John Groves   John Groves
Project Officer   Swyddog Prosiect
Strategic Planning & Governance     Adran Cynllunio Strategol a
Cardiff University Llywodraethu
2nd Floor, Friary House
Greyfriars Road Prifysgol Caerdydd
CF10 3AE
LLawr 2, Friary House

Heol y Brodyr Llwydion
CF10 3AE
Tel: 02920 879870   Ffon: 02920 879870
E-mail: [1][email address] E-bost:
[2][email address]
 
 
The University welcomes
correspondence in Welsh or English. Mae'r Brifysgol yn croesawu
gohebiaeth yn Gymraeg neu'n
Saesneg.

 

 

 

dangos adrannau a ddyfynnir

InfoRequest, Cardiff University

2 Atodiad

Dear Tim,

 

I am writing in response to your Freedom of Information request dated
17/12/19.

 

For ease of reference, I have reproduced your questions below and set out
our corresponding responses.

 

 1. please can you send me a copy of the current subject access request
acknowledgment AND response letter that you use

Please see the attached document “SAR Acknowledgement and issue” .pdf

 2. a copy of the last 5 dpias completed

DPIAs can contain detailed information on descriptions of data flows and
of where and how data is stored within the University which may give
assistance to those who would seek undertake attacks on University
systems.  We therefore consider that this information is exempt under
Section 31(1)(a) of the Freedom of Information Act 2000 as to release such
information could be likely to make the University more susceptible to
crime and cyber attacks.

In addition, a number of DPIAs which have been completed contain
information which relate to research projects undertaken within the
University.  We consider that these would be exempt under the Section 43
of the FOI Act as these documents will give detailed information on the
research projects which could be of interest to competitors.

 

The University recognises that there is a public interest in the
disclosure of information in how the University operates however the
University considers that  it is not in the public interest to release
information which may damage the security of the information held by the
University or which may interfere with the University’s ability to operate
in a competitive environment.  

 

 3. a copy of any internal mandatory information governance training that
you give to staff which was written in the last 2 years including
presentation slides and videos and any other media

A copy of our current training can be viewed at the following website:
[1]http://sites.cardiff.ac.uk/isf/training-...

Under section 21 of the Freedom of Information Act 2000, a public
authority does not have to provide information in response to a request
when that information is reasonably accessible to the applicant by other
means.

 

 4. a copy of any instructions given to staff members to reduce data
security breaches, for example double checking work which was written
in the last 5 years

 

In addition to the training above, the University’s Information Security
Framework (which includes policies for staff to follow, as well as advice)
is also available at: [2]http://sites.cardiff.ac.uk/isf/ .  In addition,
updates are suppled via the University intranet to all staff with
reminders on information security. An example of such guidance is attached
“Data protection and GDPR”.  

 

 5. a list of any policies implemented in the last 2 years within the
organisation to help reduce the environmental impact that the
organisation has?

 

As the subject of this question is very different to the other questions
this could be treated as a separate request under FOI, however our polices
can be viewed at:
[3]https://www.cardiff.ac.uk/about/our-prof...
Under section 21 of the Freedom of Information Act 2000, a public
authority does not have to provide information in response to a request
when that information is reasonably accessible to the applicant by other
means.

 

 

I trust this information satisfies your enquiry.  The University has a
Freedom of Information Complaints Procedure should you feel dissatisfied
with this response or the way in which your request was handled.
Complaints must be made in writing and must set out why you believe the
University has not met its obligations under the Freedom of Information
Act.  You may email your complaint to [4][email address] where
it will be forwarded to the Director of Strategic Planning and Governance
who will be responsible for overseeing the review.

 

If you remain dissatisfied following the outcome of your complaint, you
have the right to apply directly to the Information Commissioner for
consideration.  The Information Commissioner can be contacted at the
following address: Information Commissioner's Office, Wycliffe House,
Water Lane, Wilmslow, Cheshire, SK9 5AF.

 

I would like to take this opportunity to thank you for your interest in
Cardiff University. If you require further assistance please feel free to
contact me.

 

Yours sincerely

 

 

 

Alison Preece   Alison Preece
Assurance Adviser   Ymgynghorydd Sicrwydd

 
Strategic Planning & Governance   Adran Gynllunio Strategol a
Llywodraethu
Cardiff University   Prifysgol Caerdydd
2nd Floor, Friary House   Llawr 2, Friary House
Greyfriars Road   Heol y Brodyr Llwydion

Cardiff Caerdydd
CF10 3AE   CF10 3AE
     
 
E-mail: [5][email address]   E-bost:
[6][email address]
 
 
We welcome correspondence in Welsh
or English Rydym yn croesawu gohebiaeth trwy’r
Gymraeg neu’r Saesneg

 

 

References

Visible links
1. http://sites.cardiff.ac.uk/isf/training-...
2. http://sites.cardiff.ac.uk/isf/
3. https://www.cardiff.ac.uk/about/our-prof...
4. mailto:[email address]
5. mailto:[email address]
6. mailto:[email address]

Nid ydym yn gwybod a yw'r ymateb mwyaf diweddar i'r cais hwn yn cynnwys gwybodaeth neuai peidio - os chi ywtim wells mewngofnodwch a gadael i bawb wybod.