Data Protection Audit March 2018 - 'considerable scope for improvement'

The request was partially successful.

Dear Parliamentary and Health Service Ombudsman,

The ICO's data protection audit of March 2018 concluded that your orgainsation was in a poor state:

"There is a limited level of assurance that processes and procedures are in place and
delivering data protection compliance. The audit has identified considerable scope for
improvement in existing arrangements to reduce the risk of non-compliance with the DPA."

https://ico.org.uk/media/action-weve-tak...

Please provide all recorded information to confirm that the PHSO has taken steps to correct the specific weaknesses identified by the ICO's audit - papers, reports etc. Please also conduct a search of the email account of the person responsible for ensuring PHSO compliance with the DPA using the term 'Data protection audit report' and provide me with copies of all relevant emails.

Yours faithfully,

J Roberts

informationrights@ombudsman.org.uk, Parliamentary and Health Service Ombudsman

Thank you for contacting the Parliamentary and Health Service Ombudsman’s (PHSO) Freedom of Information and Data Protection Team. This is to confirm we have received your request.
If you have made a request for information under the Freedom of Information Act 2000 or Environment Information Regulations 2004, we will respond to your request within 20 working days in accordance with the statutory time frames set out in both Acts.
If you have made a request for personal information held by the PHSO, your request will be processed as a Subject Access Request under the provisions of the Data Protection Act 2018 and will be responded to within one calendar month in accordance with the statutory time frame set out in the Act.
We may contact you before this time if we require further clarification or if we need to extend the time required to complete your request.
For Subject Access Requests, we will send any personal information via secure email, unless you instruct us differently. To access the information on the email we send, you will need to sign up to our secure email service. Details can be found on our website using the link below:
www.ombudsman.org.uk/about-us/being-open...
If you require us to post your personal information to you instead you will need to inform us of this and confirm your current address as soon as possible.

______________________________________________________________________
This email has been scanned by the Symantec Email Security.cloud service.
For more information please visit http://www.symanteccloud.com
______________________________________________________________________

InformationRights, Parliamentary and Health Service Ombudsman

4 Attachments

Dear J Roberts,

 

Request for information under the Freedom of Information Act 2000

 

Further to your email dated 1 September, in which you request the
disclosure of information under the provisions of the above Act, we are
now in a position to respond.

 

·         Please see the attached document in response to the first part
of your request. A small amount of personal information has been removed,
as disclosure of this data into the public domain would be against the
legitimate expectations of those concerned, and thus unfair and a breach
of the first data protection principle as set out at schedule 1 to the
Data Protection Act 1998.  Accordingly, such information is exempt under
section 40(2) of the Freedom of Information Act 2000 by virtue of section
40(3)(a)(i).

Also, a small amount of information relating to information security has
been removed. Section 31(1)(a) of the Act permits information to be
withheld, subject to the application of a public interest test, if it’s
disclosure under the Act would be likely to prejudice the prevention or
detection of crime. I have had the opportunity to consider the exemption
under section 31(1)(a) as it applies to information security related
information contained within the attached; and in particular whether the
public interest lies in favour of maintaining the exemption or in
disclosing this information to you. I acknowledge the public interest in
accountability and transparency and the public being assured we have
effective measures in place to protect information. However, disclosure of
the withheld information would be likely to prejudice the prevention of
criminal acts in relation to PHSO information, such as theft of data. A
response to a Freedom of Information request is a response to the “world
at large” and the withheld information could place PHSO’s data security at
risk if placed in the wrong hands. There is a strong public interest in
maintaining the security of our data. In light of the above, it is my view
that the public interest in disclosure is outweighed by the public
interest in maintaining the security of the information we hold; and
therefore your request is partially refused.

·         A search was undertaken of the email account of the person
responsible for ensuring PHSO compliance with the DPA using the term ‘data
protection audit report’. No information falling within the scope of the
request is held.

 

If you believe we have made an error in the way we have processed your
request, it is open to you to request an internal review. You can do this
by writing to us or emailing [1][Parliamentary and Health Service Ombudsman request email] . You
will need to specify what the nature of the issue is and we can consider
the matter further. Beyond that, it is open to you to complain to the
Information Commissioner’s Office [2]www.ico.org.uk

 

Your request will now be closed as of this date.

 

Yours sincerely

 

 

Freedom Of Information/Data Protection Team

Parliamentary and Health Service Ombudsman

W: [3]www.ombudsman.org.uk

 

Follow us on

[4]fb  [5]twitter  [6]linkedin

 

______________________________________________________________________
This email has been scanned by the Symantec Email Security.cloud service.
For more information please visit http://www.symanteccloud.com
______________________________________________________________________

References

Visible links
1. mailto:[Parliamentary and Health Service Ombudsman request email]
2. http://www.ico.org.uk/
3. http://www.ombudsman.org.uk/
http://www.ombudsman.org.uk/
4. http://www.facebook.com/phsombudsman
5. http://www.twitter.com/PHSOmbudsman
6. http://www.linkedin.com/company/parliame...

Looking for an EU Authority?

You can request documents directly from EU Institutions at our sister site AskTheEU.org . Find out more .

AskTheEU.org