Cyber security and GDPR
Dear Coventry University,
Under the Freedom of Information Act 2000, can you please answer the following questions.
1) Do you have a co-ordinated plan for GDPR readiness – if so, please supply a copy of it.
2) Do you have Cyber Essentials accreditation, if so, is it Uni-wide or specific areas. If not, do you have plans to get it?
3) Do you have an Information Governance Board or similar function?
4) Have you, or do you plan to, implement HTTP Strict Transport Security (HSTS) to secure your websites?
Yours faithfully,
Rachel Jackson
Dear Ms Jackson,
Freedom of Information Request – FOIA0550
The University has completed its search for the information you requested pursuant to the Freedom of Information Act 2000. The specific questions were:
Under the Freedom of Information Act 2000, can you please answer the following questions.
1) Do you have a co-ordinated plan for GDPR readiness – if so, please supply a copy of it.
2) Do you have Cyber Essentials accreditation, if so, is it Uni-wide or specific areas. If not, do you have plans to get it?
3) Do you have an Information Governance Board or similar function?
4) Have you, or do you plan to, implement HTTP Strict Transport Security (HSTS) to secure your websites?
In response to your request, I can confirm that Coventry University holds the information you are seeking with regards to Q1 to Q4 inclusive. However, the exemption available under Section 43 of the FOIA exempts the requested information because the information is deemed commercially sensitive. The release of such information would be likely to prejudice the commercial interests of the University. This exemption is subject to the public interest test.
The public interest test has been applied as follows:
Factors in favour of disclosure:
•Transparency and accountability.
Factors in favour of withholding disclosure:
•It is necessary that the University maintains its competitive position on the open market and it would be likely that the release of the information may potentially harm any competitive advantage it may have.
Having considered the public interest test, Coventry University is satisfied that the public interest in withholding the information outweighs the public interest in disclosing it.
If you are unhappy with the service you have received in relation to your request and wish to make a complaint or request a review of our decision, you should write to the Information Protection Unit, Coventry University, Portal House, 163 New Union Street, Coventry, CV1 2PL or email [Coventry University request email].
If you are not content with the outcome your complaint, you may apply directly to the Information Commissioner for a decision. Generally, the ICO cannot make a decision unless you have exhausted the complaints procedure provided by the University. The Information Commissioner can be contacted at: The Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF; Tel: 01625 545 745; Email: [email address]
If you wish to discuss this matter further, or require any other information, please do not hesitate to contact me.
Kind Regards
Will Doherty | Legal Compliance Clerk | Information Protection Unit (IPU)
Coventry University, Portal House, 163 New Union Street, COVENTRY, CV1 2PL
T: +44 (0)2477 658202 | M: +44 (0)7557425844 | E: [email address] |
W: www.coventry.ac.uk
Working hours: Monday – Friday 08.30am – 17.00pm
Dear Coventry University,
Please pass this on to the person who conducts Freedom of Information reviews.
I am writing to request an internal review of Coventry University's handling of my FOI request 'Cyber security and GDPR'.
In order to apply section 43(2), the public authority must satisfy itself that disclosure of the information would, or would be likely to, prejudice or harm the commercial interests of any person (this can include the public authority holding it). This is known as the prejudice test. “Would be likely to prejudice” is a lower threshold. This means that there must be more than a hypothetical or remote possibility of prejudice occurring. There must be a real and significant risk of prejudice, even though the probability of
prejudice occurring is less than 50%.
Can you please advise exactly how the questions I have asked fall into the above category?
A full history of my FOI request and all correspondence is available on the Internet at this address: https://www.whatdotheyknow.com/request/c...
Yours faithfully,
Rachel Jackson
Dear Ms Jackson,
Freedom of Information Request – FOIA0550
Further to the University's response to your Freedom of Information Request dated 5th December 2017, we have performed an internal review.
In response to your request, please see the below using the same numbering.
1) Do you have a co-ordinated plan for GDPR readiness – if so, please supply a copy of it.
The University is adhering to the ICO's 12 steps plan. See link: https://ico.org.uk/media/for-organisatio...
2) Do you have Cyber Essentials accreditation, if so, is it Uni-wide or specific areas. If not, do you have plans to get it?
No. In light of GDPR the University is considering accreditation.
3) Do you have an Information Governance Board or similar function?
Yes, the University has the Information Protection Committee (IPC).
4) Have you, or do you plan to, implement HTTP Strict Transport Security (HSTS) to secure your websites?
Possibly, this is to be considered in light of GDPR.
If you are unhappy with the service you have received in relation to your request and wish to make a complaint or request a review of our decision, you should write to the Information Protection Unit, Coventry University, Portal House, 163 New Union Street, Coventry, CV1 2PL or email [Coventry University request email].
If you are not content with the outcome your complaint, you may apply directly to the Information Commissioner for a decision. Generally, the ICO cannot make a decision unless you have exhausted the complaints procedure provided by the University. The Information Commissioner can be contacted at: The Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF; Tel: 01625 545 745; Email: [email address]
If you wish to discuss this matter further, or require any other information, please do not hesitate to contact me.
Kind Regards
Will Doherty | Legal Compliance Clerk | Information Protection Unit (IPU)
Coventry University, Portal House, 163 New Union Street, COVENTRY, CV1 2PL
T: +44 (0)2477 658202 | M: +44 (0)7557425844 | E: [email address] |
W: www.coventry.ac.uk
Working hours: Monday – Friday 08.30am – 17.00pm
We work to defend the right to FOI for everyone
Help us protect your right to hold public authorities to account. Donate and support our work.
Donate Now