Breaches of The Data Protection Act, or The General Data Protection Regulations.

Waiting for an internal review by Dumfries and Galloway Council of their handling of this request.

Dear Dumfries and Galloway Council,

This information is being sought as part of a study into local authorities compliance with the above. Information is requested for each of the last five years.

How many complaints have been received about breaches of either The Data Protection Act, or The General Data Protection Regulations?

How many breaches of these have been identified by Dumfries and Galloway Council otherwise?

What steps were taken to rectify compliance with this legislation?

Since The General Data Protection Regulations came into law, what revisions were made to your procedures in order to comply with this?

Do you ask people to sign blanket consent forms for information to be transferred, or shared? In what circumstances would these be used?

Yours faithfully,

Susan Murray

Dumfries and Galloway Council

FREEDOM OF INFORMATION (SCOTLAND) ACT 2002

Thank you for your request for information which was received on 18/04/2019 which we are dealing with in terms of the above legislation. We have given your request the unique reference 406152 and we would appreciate it if you could quote this on all correspondence to us.

Under the terms of the legislation, we have an obligation to respond to your request within 20 working days from the day after your request was received. We will therefore aim to respond to your request by 21/05/2019.

Please be aware that, in some circumstances, a fee may be payable for the retrieval, collation and provision of the information you have requested. If this is the case, a fees notice will be issued, which would need to be paid in order to progress your request.

If your request for information is considered and deemed as a 'business as usual' request, it will be responded to by the appropriate Service within the Council.

If you have any queries in the meantime, please contact [email address].

Kind Regards

FOI Unit
Dumfries and Galloway Council

Any email message sent or received by the Council may require to be disclosed by the Council under the provisions of the Freedom of Information (Scotland) Act 2002.

Dumfries and Galloway Council

FREEDOM OF INFORMATION (SCOTLAND) ACT 2002

Thank you for your request for information that we received on 18/04/2019 which we are dealing with in terms of the above legislation. We have given your request the unique reference 406152 and we would appreciate if you could quote this on all correspondence to us.

In order to assist the appropriate Council service(s) to deal with your request, can we please ask you to clarify the following:

is the request in relation to how many data breaches the public/our Council has identified or how many actual complaints the public have made about our Council breaching DPA/GDPR?.

Please be aware that in line with the above legislation, the 20 working days to respond to your request has been suspended and will be recalculated when we receive clarification from you.

Kind Regards

FOI Unit
Dumfries and Galloway Council

This email, from Dumfries and Galloway Council, and any files transmitted with it, is confidential and intended solely for the use of the individual or entity to whom they are addressed.

If you are not the intended recipient of this email (and any attachment) please inform the sender by return email and destroy all copies. If you are not the intended recipient or responsible for delivering it to the intended recipient, you are hereby notified that any use, disclosure, review, dissemination, distribution or reproduction of this email is strictly prohibited. Please be aware that communication by internet email is not secure as messages can be intercepted and read by someone else. Dumfries and Galloway Council do not accept liability for any loss or damage which may result from this email or any files attached. It is your responsibility to scan this email and any attachments for computer viruses or other defects.

Any email including its content may be monitored and used by the Council for reasons of security and form monitoring internal compliance with the policy on staff use. Email monitoring or blocking software may also be used.

Any email message sent or received by the Council may require to be disclosed by the Council under the provisions of the Freedom of Information (Scotland) Act 2002. For further information and to view the Council’s privacy statement please go to https://www.dumgal.gov.uk/privacy

Dear Dumfries and Galloway Council,

This is the response to your request for clarification of the information sought in the FOI request.

The original request asked for details of complaints received by Dumfries and Galloway Council which concerned breaches of The Data Protection Act, or General Data Protection Regulations. This was in the first paragraph of the list of matters on which information is sought.

The second paragraph of that list asked, "How many breaches of The Data Protection Act, plus GDPR, have been identified by Dumfries and Galloway Council otherwise?".

The clarification query can be answered that both types of information are required. These were stated in the original request.

Yours faithfully,

Susan Murray

Dumfries and Galloway Council

FREEDOM OF INFORMATION (SCOTLAND) ACT 2002

Thank you for providing clarification in relation to your request, reference 406152.

The 20 working days has now been restarted and I can advise you that we will now aim to respond to your request by 23/05/2019.

If you have any queries in the meantime, please contact [email address].

Kind regards

FOI Unit
Dumfries and Galloway Council

This email, from Dumfries and Galloway Council, and any files transmitted with it, is confidential and intended solely for the use of the individual or entity to whom they are addressed.

If you are not the intended recipient of this email (and any attachment) please inform the sender by return email and destroy all copies. If you are not the intended recipient or responsible for delivering it to the intended recipient, you are hereby notified that any use, disclosure, review, dissemination, distribution or reproduction of this email is strictly prohibited. Please be aware that communication by internet email is not secure as messages can be intercepted and read by someone else. Dumfries and Galloway Council do not accept liability for any loss or damage which may result from this email or any files attached. It is your responsibility to scan this email and any attachments for computer viruses or other defects.

Any email including its content may be monitored and used by the Council for reasons of security and form monitoring internal compliance with the policy on staff use. Email monitoring or blocking software may also be used.

Any email message sent or received by the Council may require to be disclosed by the Council under the provisions of the Freedom of Information (Scotland) Act 2002. For further information and to view the Council’s privacy statement please go to https://www.dumgal.gov.uk/privacy

Dumfries and Galloway Council

Please find below the Council's response to your request 406152 which was received on 18/04/2019.

Details of request: Dear Dumfries and Galloway Council,

This information is being sought as part of a study into local authorities compliance with the above. Information is requested for each of the last five years.

How many complaints have been received about breaches of either The Data Protection Act, or The General Data Protection Regulations?

How many breaches of these have been identified by Dumfries and Galloway Council otherwise?

What steps were taken to rectify compliance with this legislation?

Since The General Data Protection Regulations came into law, what revisions were made to your procedures in order to comply with this?

Do you ask people to sign blanket consent forms for information to be transferred, or shared? In what circumstances would these be used?

Response:

How many complaints have been received about breaches of either The Data Protection Act, or The General Data Protection Regulations?
In accordance with Section 17(1)(b) of the Freedom of Information (Scotland) Act 2002, Dumfries and Galloway Council can confirm we do not hold the information requested

How many breaches of these have been identified by Dumfries and Galloway Council otherwise?
2018 36
2017 13
2016 15
2015 11

Since The General Data Protection Regulations came into law we have introduced a personal data breach procedural plan, framework and online reporting of breaches. this has been developed and introduced in line with the General Data Protection Regulation. In addition it includes a central breach register to allow for analysis, identification and re-occurrence as well as learning for the future.

A programme of face to face awareness training has been delivered to appropriate staff ensuring representation from each Directorate. All council staff are required to carry out mandatory online training.

Ongoing work maintaining our Information Asset Register identifies the lawful basis for processing data. Consent is also further supported in the ongoing work progressing our Privacy Notices; this was covered in Privacy Notice workshops delivered to staff representing all Council Directorates. A checklist has been developed for asking, recording and managing consent making use of the Information Commissioner?s Office guidance. Checks have also been introduced on the application of asking, recording and managing consent.

Please be aware that the Council holds the copyright, where applicable, for the information provided and it may be reproduced free of charge in any format or media without requiring specific permission. This is subject to the material not being used in a misleading context. The source of the material must be acknowledged as Dumfries and Galloway Council and the title of the document must be included when being reproduced as part of another publication or service.

If you require any further clarification, please contact us. However, if you are not satisfied with the way in which your request has been dealt with, you can request us to carry out an internal review of the decision by emailing [email address] or writing to us within 40 working days of receiving this response.

If you are dissatisfied with the outcome of the review, you have the right to apply to the Scottish Information Commissioner for a decision. Appeals to the Commissioner can be made online at www.itspublicknowledge.info/Appeal or in writing to: The Office of the Scottish Information Commissioner, Kinburn Castle, Doubledykes Road, St Andrews, Fife, KY16 9DS.

Kind Regards

FOI Unit
Dumfries and Galloway Council

This email, from Dumfries and Galloway Council, and any files transmitted with it, is confidential and intended solely for the use of the individual or entity to whom they are addressed.

If you are not the intended recipient of this email (and any attachment) please inform the sender by return email and destroy all copies. If you are not the intended recipient or responsible for delivering it to the intended recipient, you are hereby notified that any use, disclosure, review, dissemination, distribution or reproduction of this email is strictly prohibited. Please be aware that communication by internet email is not secure as messages can be intercepted and read by someone else. Dumfries and Galloway Council do not accept liability for any loss or damage which may result from this email or any files attached. It is your responsibility to scan this email and any attachments for computer viruses or other defects.

Any email including its content may be monitored and used by the Council for reasons of security and form monitoring internal compliance with the policy on staff use. Email monitoring or blocking software may also be used.

Any email message sent or received by the Council may require to be disclosed by the Council under the provisions of the Freedom of Information (Scotland) Act 2002. For further information and to view the Council’s privacy statement please go to https://www.dumgal.gov.uk/privacy

Dear Dumfries and Galloway Council,

Please pass this on to the person who conducts Freedom of Information reviews.

I am writing to request an internal review of Dumfries and Galloway Council's handling of my FOI request 'Breaches of The Data Protection Act, or The General Data Protection Regulations.'.

Please outline the basis for your statement that you do not hold information concerning complaints about breaches of The Data Protection Act, or GDPR.

The request asked for information as to whether you asked people to sign blanket consent forms for information to be transferred, or shared. Also, in what circumstances these would be used. You have not responded to this please do so now.

A full history of my FOI request and all correspondence is available on the Internet at this address: https://www.whatdotheyknow.com/request/b...

Yours faithfully,

Susan Murray

Dumfries and Galloway Council

FREEDOM OF INFORMATION (SCOTLAND) ACT 2002

Thank you for your request for a formal review which was received on 29/05/2019 and is being dealt with. We will respond within 20 working days from the day after the request was received. A response to your request will be sent promptly, and in any event not later than 26/06/2019.

If you have any queries in the meantime, please do not hesitate to contact [email address].

This email, from Dumfries and Galloway Council, and any files transmitted with it, is confidential and intended solely for the use of the individual or entity to whom they are addressed.

If you are not the intended recipient of this email (and any attachment) please inform the sender by return email and destroy all copies. If you are not the intended recipient or responsible for delivering it to the intended recipient, you are hereby notified that any use, disclosure, review, dissemination, distribution or reproduction of this email is strictly prohibited. Please be aware that communication by internet email is not secure as messages can be intercepted and read by someone else. Dumfries and Galloway Council do not accept liability for any loss or damage which may result from this email or any files attached. It is your responsibility to scan this email and any attachments for computer viruses or other defects.

Any email including its content may be monitored and used by the Council for reasons of security and form monitoring internal compliance with the policy on staff use. Email monitoring or blocking software may also be used.

Any email message sent or received by the Council may require to be disclosed by the Council under the provisions of the Freedom of Information (Scotland) Act 2002. For further information and to view the Council’s privacy statement please go to https://www.dumgal.gov.uk/privacy

Looking for an EU Authority?

You can request documents directly from EU Institutions at our sister site AskTheEU.org . Find out more .

AskTheEU.org