Policies

Paul knight made this Rhyddid Gwybodaeth request to Hertfordshire Fire and Rescue Service

This request has been closed to new correspondence from the public body. Contact us if you think it ought be re-opened.

Roedd y cais yn llwyddiannus.

Dear Hertfordshire Fire and Rescue Service,
) please can you send me a copy of the current subject access request
acknowledgment AND response letter that you use
2) a copy of the last 5 dpias completed
3) a copy of any internal mandatory information governance training that
you give to staff which was written in the last 2 years including
presentation slides and videos and any other media
4) a copy of any instructions given to staff members to reduce data
security breaches, for example double checking work
5) a copy of any policies implemented in the last 2 years within the
organisation to help reduce the environmental impact that the organisation
has?
6) please can I have a copy of the risk rating that you use to evaluate data security incidents?

Yours faithfully,

Paul knight

Information Governance, Hertfordshire Fire and Rescue Service

3 Atodiad

Dear Paul Knight

 

Reference number: FOI/FRS/01/20/18638

 

Thank you for your correspondence, received by Hertfordshire County
Council on 6^th January 2020, requesting the following information:

 

1) please can you send me a copy of the current subject access request
acknowledgment AND response letter that you use

2) a copy of the last 5 dpias completed

3) a copy of any internal mandatory information governance training that
you give to staff which was written in the last 2 years including
presentation slides and videos and any other media

4) a copy of any instructions given to staff members to reduce data
security breaches, for example double checking work

5) a copy of any policies implemented in the last 2 years within the
organisation to help reduce the environmental impact that the organisation
has?

6) please can I have a copy of the risk rating that you use to evaluate
data security incidents?

 

Before we are able to begin processing your request under the Freedom of
Information Act 2000, we require some further clarification. Please note
that the above functions are generally undertaken by Hertfordshire County
Council (HCC) as a whole and not Hertfordshire Fire and Rescue Service as
individuals.

 

Regarding question 2, would you like the last 5 DPIA’s that have been
completed by HCC in general or the last 5 that specifically relate to
HFRS?

For questions 4 and 6, where you say ‘data security breaches’ and ‘data
security incidents’ are you referring to personal data breaches or cyber
security breaches?

For question 5 would you like policies that have been implemented by HCC
in general or HFRS specifically.

 

 

As soon as we receive this clarification, we will be in a position to
continue processing your request. If we do not receive a response to this
request for clarification, within 90 days of the date that this
correspondence was sent then we will close this request and any further
correspondence would be considered as a new request.

 

In the meantime, if you have any questions, please do not hesitate to
contact me, quoting the reference number on this correspondence.

 

Yours sincerely,

 

Information Access Team

Hertfordshire County Council

Room 216a

Postal Point CHN 320

County Hall,

Hertford, SG13 8DQ

01992 555848 (25848) 

Email: [1][email address]

 

The Information Access Team supports Hertfordshire County Council's
Freedom of Information and Environmental Information Regulations activity.

Hertfordshire - County of Opportunity

Follow us online:

[2]herts-county-council logo  [3]twitter icon  [4]facebook icon

****Disclaimer****

The information in this message should be regarded as confidential and is
intended for the addressee only unless explicitly stated. If you have
received this message in error it must be deleted and the sender notified.
The views expressed in this message are personal and not necessarily those
of Hertfordshire County Council unless explicitly stated. Please be aware
that emails sent to or received from Hertfordshire County Council may be
intercepted and read by the council. Interception will only occur to
ensure compliance with council policies or procedures or regulatory
obligations, to prevent or deter crime, or for the purposes of essential
maintenance or support of the email system.

References

Visible links
1. mailto:[email address]
2. http://www.hertsdirect.org/
3. http://twitter.com/hertscc
4. http://www.facebook.com/Hertsdirect

Dear Information Governance,

For Q2 the last 5 DPIA’s that have been completed by HCC in general
For questions 4 and 6, where you say ‘data security breaches’ and ‘data
security incidents’ am referring to personal data breaches
For question 5 I would like policies that have been implemented by HCC
in general
Yours sincerely,

Paul knight

Information Governance, Hertfordshire Fire and Rescue Service

Dear Paul Knight

Thank you for your reply. Your request for information is being considered under the Freedom of Information Act 2000. We will respond to your request as quickly as possible, and by close of 4th February 2020 at the latest.

Yours sincerely,

Information Access Team
Hertfordshire County Council
Room 216a
Postal Point CHN 320
County Hall,
Hertford, SG13 8DQ
01992 555848 (25848) 
Email: [email address]

dangos adrannau a ddyfynnir

Information Governance, Hertfordshire Fire and Rescue Service

10 Atodiad

Dear Paul Knight

 

Reference number: FOI/FRS/01/20/18638

 

On 6^th January 2020Hertfordshire County Council received the following
request for information from you:

 

1) please can you send me a copy of the current subject access request
acknowledgment AND response letter that you use

2) a copy of the last 5 dpias completed

3) a copy of any internal mandatory information governance training that
you give to staff which was written in the last 2 years including
presentation slides and videos and any other media

4) a copy of any instructions given to staff members to reduce data
security breaches, for example double checking work

5) a copy of any policies implemented in the last 2 years within the
organisation to help reduce the environmental impact that the organisation
has?

6) please can I have a copy of the risk rating that you use to evaluate
data security incidents?

 

 

Your request for information has been considered under the Freedom of
Information Act 2000. I can confirm that Hertfordshire County Council does
hold some of the information you have requested. Our response is as
follows.

 

 1. Please see the attached PDFs ‘SAR Acknowledgment’ and ‘SAR Response’.*
 2. Please see the attached PDF ‘Last 5 DPIA’.*
 3. Please see the attached PDFs ‘HCS 2020 Training’ and ‘CS 2020
Training’.
 4. Please see the attached PDF ‘Data Protection Policy’.
 5. We have been unable to locate a policy that highlights how HCC is
reducing its environmental impact.
 6. Please see the table below.

 

  Tick if yes Decision
Loss of control – short term    
Loss of control - permanent  
Limitation of rights  
Discrimination  
Identity theft or fraud  
Financial loss  
Unauthorised reversal of pseudonymisation  
Damage to reputation  
Loss of confidentiality  
Signification economic or social disadvantage  

 

This is based on the ICO’s guidance below

 

In assessing risk to rights and freedoms, it’s important to focus on the
potential negative consequences for individuals. Recital 85 of the GDPR
explains that: “A personal data breach may, if not addressed in an
appropriate and timely manner, result in physical, material or
non-material damage to natural persons such as loss of control over their
personal data or limitation of their rights, discrimination, identity
theft or fraud, financial loss, unauthorised reversal of pseudonymisation,
damage to reputation, loss of confidentiality of personal data protected
by professional secrecy or any other significant economic or social
disadvantage to the natural person concerned.”

 

*Please note that after careful consideration we are seeking to apply
section 40 (2) for the names of more junior members of staff, in line with
Hertfordshire County Council practice.

 

This section of the Act applies to any requested information which is
personal data, in that it relates to an identifiable person. The Act
prevents the County Council from disclosing personal data to the public if
doing so “would contravene any of the data protection principles”. One
such data protection principle (set out in Article 5(1) of the GDPR),
requires that personal data shall be processed “fairly”. In order to
process personal data fairly, the County Council must only handle it in
ways that people would reasonably expect; and not use it in ways that have
unjustified adverse effects on them.

 

In relation to your request, staff who do not report directly to an AD (or
equivalent) and above would not expect us to share their names . It would
not be appropriate, fair or lawful processing of their personal data and
we are consequently satisfied the exemption also applies to the
information you have requested.  

This is an absolute exemption.

 

If you have any questions, please do not hesitate to contact me, quoting
the reference number on this correspondence. To find out more about
Freedom of Information, please visit
[1]http://www.hertfordshire.gov.uk/your-cou...

 

If you are unhappy with the way the County Council has handled your
request for information you may request an internal review of the request.
This will be carried out by a member of the County Council Legal Services
Team, who has had no prior involvement with the request. Requests for an
internal review should be sent to the Information Governance Unit at the
address above (within 2 months of this correspondence) and should detail
in writing your grounds of appeal.

                    

If you are unhappy with the outcome of the internal review you are
entitled to ask the Information Commissioner to investigate your
complaint. You should write to: FOI/EIR Complaints Resolution, Information
Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9
5AF.

 

Yours sincerely,

 

Information Access Team

Legal Services| Resources
Hertfordshire County Council  
Room 216a  Postal Point: CHN 320

T: 01992 555848 (Internal:25848)
[2]https://www.hertfordshire.gov.uk/SiteEle...
E:
[3][email address]

[4]Hertfordshire County Council
Facebook[5]Hertfordshire County Council
Twitter[6]Hertfordshire County Council email
updates

 

****Disclaimer****

The information in this message should be regarded as confidential and is
intended for the addressee only unless explicitly stated. If you have
received this message in error it must be deleted and the sender notified.
The views expressed in this message are personal and not necessarily those
of Hertfordshire County Council unless explicitly stated. Please be aware
that emails sent to or received from Hertfordshire County Council may be
intercepted and read by the council. Interception will only occur to
ensure compliance with council policies or procedures or regulatory
obligations, to prevent or deter crime, or for the purposes of essential
maintenance or support of the email system.

References

Visible links
1. http://www.hertfordshire.gov.uk/your-cou...
2. https://www.hertfordshire.gov.uk/home.aspx
3. mailto:[email address]
4. https://www.facebook.com/hertscountycoun...
5. http://www.twitter.com/hertscc
6. https://www.hertfordshire.gov.uk/statweb...