Data Protection Strategy

The request was refused by The Financial Conduct Authority.

Dear The Financial Conduct Authority,

Please provide a copy of your latest Data Protection/Privacy Strategy.

Yours faithfully,

Hayley J

Freedom of Information, The Financial Conduct Authority

Thank you for e-mailing the Financial Conduct Authority's Information
Disclosure Team.

This is an automatic acknowledgement to tell you that we have received
your email safely.

Please do not reply to this email.

We will be in touch in due course.

This communication and any attachments may contain personal information.
For more information about how and why we use personal information and who
to contact with any queries about this, please see our privacy notices:
FCA Privacy Notice (https://www.fca.org.uk/data-protection) and PSR
Privacy Notice
(https://www.psr.org.uk/cookies-privacy-a...).

This communication and any attachments contain information which is
confidential and may be subject to legal privilege. It is for intended
recipients only. If you are not the intended recipient you must not copy,
distribute, publish, rely on or otherwise use it without our consent. Some
of our communications may contain confidential information which it could
be a criminal offence for you to disclose or use without authority. If you
have received this email in error please notify [email address]
immediately and delete the email from your computer. Further information
on the classification and handling of FCA information can be found on the
FCA website
(http://www.fca.org.uk/site-info/legal/fc...).

The FCA (or, if this email originates from the Payment Systems Regulator
Limited, the FCA on behalf of the Payment Systems Regulator Limited / the
Payment Systems Regulator Limited) reserves the right to monitor all email
communications for compliance with legal, regulatory and professional
standards.

This email is not intended to nor should it be taken to create any legal
relations or contractual relationships. This email has originated from the
Financial Conduct Authority (FCA), or the Payment Systems Regulator
Limited.

The Financial Conduct Authority (FCA) is registered as a limited company
in England and Wales No. 1920623. Registered office: 12 Endeavour Square,
Stratford, London, E20 1JN, United Kingdom

The Payment Systems Regulator Limited is registered as a limited company
in England and Wales No. 8970864. Registered office: 12 Endeavour Square,
Stratford, London, E20 1JN, United Kingdom

Switchboard 020 7066 1000

Web Site http://www.fca.org.uk (FCA); http://www.psr.org.uk (the Payment
Systems Regulator Limited)

Freedom of Information, The Financial Conduct Authority

1 Attachment

Our ref: FOI8161

Dear Mr Hayley,

Freedom of Information: Right to know request

Thank you for your email of 19 March 2021, you asked:

‘Please provide a copy of your latest Data Protection/Privacy Strategy.’

We are handling your email as a request for information under the Freedom
of Information Act 2000 (FOIA).

 

Our decision on your request

 

We hold the information you requested, but we are exempted from providing
it to you. This is because we have combined our data protection and cyber
security strategies into a single document.  We are of the view that
disclosure of the details of our Cyber Security and Privacy Strategy to
the wider public would, or would be likely to, prejudice the exercise by
the FCA of its regulatory functions. Therefore, we consider that section
31 (law enforcement) of FOIA applies. A detailed explanation as to why
this exemption applies can be found in Annex A. 

Please note, our privacy notice, that can be found [1]here, provides
information on how we deal with personal information.

Your right to complain under the FOIA

If you are unhappy with this response, you have the right to request an
internal review.  To do so, please contact us within 40 working days of
the date of this response at [2][email address].

 

If you are not content with the outcome of the internal review, you also
have a right of appeal to the Information Commissioner by phone or on
their website at:

Telephone: 0303 123 1113

Website: [3]www.ico.org.uk

 

Yours sincerely,

 

Information Disclosure Team

 

Annex A

·                 Section 31 (Law enforcement)

 

The qualified exemption in section 31(1)(a) of the Act applies because
disclosure of the information requested would, or would be likely to,
prejudice the prevention or detection of crime.

 

We believe that disclosure of our internal Cyber Security and Privacy
Strategy would enable criminals to draw conclusions about the FCA cyber
security capability and this, in turn, may encourage them to launch
attacks on our systems. Such disclosure would likely to lead to prejudice
to our regulatory functions.

 

This exemption is qualified and we have balanced the public interest for
and against disclosure as required by the Act.

 

For disclosure

 

o There is a strong public interest in favour of transparency and in the
public being reassured that we are taking the necessary precautions to
ensure that our information systems, some of which hold information on
the firms and individuals that we regulate, are secure and safe.

 

o Disclosure of the information would demonstrate how the FCA responds
to the ever-increasing threat of Data Protection.

 

Against disclosure

 

o It is strongly in the public interest that the FCA is able to carry
out its regulatory functions in the most effective manner possible and
the public has confidence in the way we handle Data
Protection/Privacy.

 

On this occasion, we have concluded that the balance of the public
interest is in favour of maintaining the exemption under section 31 of the
Act, for the reasons set out above.

 

This communication and any attachments may contain personal information.
For more information about how and why we use personal information and who
to contact with any queries about this, please see our privacy notices:
FCA Privacy Notice (https://www.fca.org.uk/data-protection) and PSR
Privacy Notice
(https://www.psr.org.uk/cookies-privacy-a...).

This communication and any attachments contain information which is
confidential and may be subject to legal privilege. It is for intended
recipients only. If you are not the intended recipient you must not copy,
distribute, publish, rely on or otherwise use it without our consent. Some
of our communications may contain confidential information which it could
be a criminal offence for you to disclose or use without authority. If you
have received this email in error please notify [email address]
immediately and delete the email from your computer. Further information
on the classification and handling of FCA information can be found on the
FCA website
(http://www.fca.org.uk/site-info/legal/fc...).

The FCA (or, if this email originates from the Payment Systems Regulator
Limited, the FCA on behalf of the Payment Systems Regulator Limited / the
Payment Systems Regulator Limited) reserves the right to monitor all email
communications for compliance with legal, regulatory and professional
standards.

This email is not intended to nor should it be taken to create any legal
relations or contractual relationships. This email has originated from the
Financial Conduct Authority (FCA), or the Payment Systems Regulator
Limited.

The Financial Conduct Authority (FCA) is registered as a limited company
in England and Wales No. 1920623. Registered office: 12 Endeavour Square,
Stratford, London, E20 1JN, United Kingdom

The Payment Systems Regulator Limited is registered as a limited company
in England and Wales No. 8970864. Registered office: 12 Endeavour Square,
Stratford, London, E20 1JN, United Kingdom

Switchboard 020 7066 1000

Web Site http://www.fca.org.uk (FCA); http://www.psr.org.uk (the Payment
Systems Regulator Limited)

References

Visible links
1. https://www.fca.org.uk/privacy
2. file:///C:/Users/sali3/AppData/Roaming/OTLocal/PRODRM/Workbin/3E7676D.0/[email address]
3. http://www.ico.org.uk/