Belinda Perrin

Dear Bolton Borough Council,

I would like to know to what extent you have implemented data loss prevention strategies and losses that you have incurred specifically covering the following;

a) How many data losses have you incurred in the last 24 months relating to the following

USB loss (to include data theft by employees as well as just lost USB devices)
Email leakage (accidental and also malicious)
Laptop theft

To each of the above please provide an indication of what data was lost or stolen and the estimated cost associated with that loss

b) What policies do you have in place surrounding

Encryption of data on Laptops, devices and email
Data transfer between departments and organisations under your control/guidance
The use of removable storage devices

c) What tools have you implemented to help meet data protection requirements to ensure that data is stored and transferred securely and not kept longer than necessary?

d) What was the cost of these tools - initial licence cost and ongoing support/maintenance contracts?

I look forward to receiving your response

Yours faithfully,

Belinda Perrin

Bolton Metropolitan Borough Council

This is an automated email, please do not reply to this address. If you
reply to this e-mail address your e-mail will not be received by the
council and we will not be able to respond to you. The direct email
address for any correspondence is [email address].

Dear Belinda Perrin

I acknowledge with thanks your request for information held by Bolton
Council received at this office on ?????.

This request has been considered under the Freedom of Information Act 2000
and may take up to 20 working days to be processed (although we will
endeavour to provide the information as quickly as possible).

Please be advised that if an exemption applies to the information that you
have requested, the statutory period may be exceeded in accordance with
the provisions of the act.

If a charge is applicable to your request, we will advise you of this in
due course.

Please retain the reference number RFI 850 for any future enquiries
regarding this matter.

Many Thanks

Freedom of Information Team

This e-mail and any attached files are confidential and may also be
legally privileged. They are intended solely for the intended addressee.
If you are not the addressee please e-mail it back to the sender and then
immediately, permanently delete it. Do not read, print, re-transmit, store
or act in reliance on it. This e-mail may be monitored by Bolton Council
in accordance with current regulations. This footnote also confirms that
this e-mail message has been swept for the presence of computer viruses
currently known to Bolton Council. However, the recipient is responsible
for virus-checking before opening this message and any attachment. Unless
expressly stated to the contrary, any views expressed in this message are
those of the individual sender and may not necessarily reflect the views
of Bolton Council. http://www.bolton.gov.uk

Johnson, Carol (Cent Serv), Bolton Metropolitan Borough Council

Dear Ms Perrin

Request for information under the Freedom of Information Act 2000
(reference RFI 850)

In response to your request for information received in this office on 17
May Bolton Council is happy to supply the following information.

a) How many data losses have you incurred in the last 24 months relating
to the following

USB loss (to include data theft by employees as well as just lost
USB devices)

Email leakage (accidental and also malicious)

Laptop theft

The Council has had one data loss relating to the theft of a Laptop.

To each of the above please provide an indication of what data was lost or
stolen and the estimated cost associated with that loss

Incident Data type Cost
Break-in Low level report Nil

(non-sensitive)

b) What policies do you have in place surrounding

Encryption of data on Laptops, devices and email

Data transfer between departments and organisations under your
control/guidance

The use of removable storage devices

The council has an Acceptable Use Policy (AUP) which comprises of an
overarching policy and a range of sub policies. The sub policies contained
in the AUP referring to the above topics are as follows:

. Physical and Environmental Security

. Equipment Security (covers PC and laptops)

. Removable media

. Secure transfer of information (electronic and paper based)

c) What tools have you implemented to help meet data protection
requirements to ensure that data is stored and transferred securely and
not kept longer than necessary?

The Council has signed up for the Government's Code of Connection which
provides secure email between all Government bodies.

The Council use three encryption solutions

. Microsoft Encryption Hosted E-mail (MSEHE)

. Minimum standard of AES (256 bit) using Winzip 9 or above

. Full encryption software on all Local authority computers that
encrypt both the hard disk and any inserted mobile device

The Council use recorded / tracked delivery for sensitive data delivered
by post

In respect of data storage and retention - the council has a Records
Retention and Disposal Policy

d) What was the cost of these tools - initial licence cost and ongoing
support/maintenance contracts?

It is not possible to identify a cost attributable only to data
protection. The council use the above tools to protect the councils
information and systems as a whole. This includes personal data as well as
other confidential information.

Should you have any queries regarding this, please contact me

Yours sincerely,

Regards

show quoted sections

Looking for an EU Authority?

You can request documents directly from EU Institutions at our sister site AskTheEU.org . Find out more .

AskTheEU.org