Docs

The request was partially successful.

Dear Norfolk Fire and Rescue Service,

please can you send me a copy of the current subject access request
acknowledgment AND response letter that you use
2) a copy of the last 5 dpias completed
3) a copy of any internal mandatory information governance training that
you give to staff which was written in the last 2 years including
presentation slides and videos and any other media
4) a copy of any instructions given to staff members to reduce data
security breaches, for example double checking work
5) a copy of any policies implemented in the last 2 years within the
organisation to help reduce the environmental impact that the organisation
has?
6) please can I have a copy of the risk rating that you use to evaluate data security incidents?

Yours faithfully,

tim wells

Freedom of Information, Norfolk Fire and Rescue Service

Good Morning,

Freedom of Information Act 2000 – Information Request ENQ-385481-H7L8N4

Thank you for your request for information under the Freedom of Information Act 2000 received on 07 January 2020.

We have up to 20 working days in which to deal with your request. If we require clarification regarding your request, we will contact you to explain this. The 20 working day period will then start from the day that we receive your clarification.

You will also be informed in advance if there is a charge for supplying copies of the information.

Please also be aware that, if the requested information contains references to any third parties, we may need to consult these individuals about the release of their personal data before making a decision whether or not to release the information to you.

We will also provide an explanation if any information is not released to you.

Should you have any queries regarding your request, please contact the team by email [Norfolk Fire and Rescue Service request email] or by telephone 01603 222661.

Yours sincerely,

Sarah Cooper, Business Support Assistant
Information Compliance Team
Dept: 01603 222661
Bay 7-9, Ground Floor, County Hall, Norwich

show quoted sections

Freedom of Information, Norfolk Fire and Rescue Service

10 Attachments

 
 
Dear Mr Wells
 
Freedom of Information Request ENQ- 385481-H7L8N4
 
I refer to your request for information dated 7 January 2020.
 
You asked for:
 
        Norfolk Fire and Rescue Service
 
please can you send me a copy of the current subject access request
acknowledgment AND response letter that you use
 
Our response:
 
Please see the attached documents entitled Fire SAR Acknowledgement and
Fire SAR Response
 
2) a copy of the last 5 dpias completed
 
Our response:
 
Please see the attached document entitled DPIA.  Only one DPIA has been
undertaken.
that specifically relates to Fire and Rescue Service activities.  The
County Council will have undertaken other DPIAs for County Council wide
activities (for example the website) which would relate to Fire and Rescue
as they are part of the County Council.  We have not provided copies of
these as we assume your request relates to DPIA’s specifically related to
Fire and Rescue activities only.
 
 
3) a copy of any internal mandatory information governance training that
you give to staff which was written in the last 2 years including
presentation slides and videos and any other media
 
Our response:
 
Staff who regularly access NCC systems (e.g. office based staff) are
required to complete an E Learning module. Staff who access systems
infrequently are expected to complete a workbook or have a team meeting
discussion (or similar) to talk through the workbook - a copy of this
workbook is attached entitled GDPR Workbook v1.0.
 
With regard to your request for a copy of the E Learning module, this has
been considered and is refused.  In accordance with the Freedom of
Information Act 2000 (the Act), this letter acts as a Refusal Notice.
 
Exemption
 
Section 43(2) provides exemption to disclosure if its disclosure would, or
would be likely to, prejudice the commercial interests of any person
(including the public authority holding it).
 
The exemption applies for the following reasons:
 
•       Releasing information about an individual supplier’s product,
commercially purchased by the Council, could be damaging to the commercial
interests of those suppliers and may give their competitors an unfair
advantage.
 
Public Interest Test Reasons
 
The Council has considered whether the public interest is maintaining this
exemption is outweighed by the public interest in disclosure.
 
This Council has considered the following reasons in favour of disclosure:
•       Promoting accountability and transparency by public authorities
for decisions taken by them.
•       Promoting accountability and transparency in the spending of
public money.
 
Balanced against this are the following reasons against disclosure:
•       Releasing this information could give competitors an unfair
advantage.
•       Norfolk County Council has a duty to achieve best value in
procuring services for the people of Norfolk by procuring the right level
of service for the best possible price.  This could be prevented by
releasing this information.
 
On balance the Council considers that the public interest in maintaining
the exemption outweighs the public interest in disclosure.
 
 
4) a copy of any instructions given to staff members to reduce data
security breaches, for example double checking work
 
Our response:
 
Guidance and reminders for staff are included in the eLearning module and
workbook – see our response to 3) above.  The Council’s Data Breach Policy
and Procedure also includes further information – a copy of this is
attached. Also attached are Printing Posting & Faxing procedure, and Email
& Edairy Procedure.
 
As part of business as usual staff are given reminders and updates on
security breaches, data protection etc.  These are delivered by various
methods and would include team meetings, discussions,1-2-1 meetings and
via their line manager. Gathering and providing this information has been
considered and is refused under section 12 of the Act. This is because the
cost of locating and retrieving the information exceeds the “appropriate
limit” of £450 as stated in the Freedom of Information & Data Protection
(Appropriate Limit & Fees) Regulations 2004.
 
It would take over 18 hours of officer time to determine what information
we may or may not hold across the many teams and line management
arrangements. However, we have provided an example of reminders provided
to staff, and a recent article from the staff newsletter, for your
information, which are attached.
 
 
5) a copy of any policies implemented in the last 2 years within the
organisation to help reduce the environmental impact that the organisation
has?
 
Our response:
 
The following link is to the Council's new Environmental [1]Policy 
https://www.norfolk.gov.uk/what-we-do-an....
 
The policy relates to the whole of the County Council, which includes the
Fire and Rescue Service.
 
There are no additional fire and rescue specific policies that have been
implemented in the last two years. This is the link to the County Council
policy web page
[2]https://www.norfolk.gov.uk/what-we-do-an...
 
 
6) please can I have a copy of the risk rating that you use to evaluate
data security incidents?
 
Our response:
 
Please see the attached document entitled ‘Risk Category Table’
 
 
From the attached documents, some information has been redacted under
Regulation 40 of the Freedom of Information Act which states that the
Council is not required to disclose the personal information of any other
individual if disclosure would contravene the rights of the individuals to
whom the data relates.
 
The redacted data comprises of the following
•       Names of staff below tier 3 in the organisation.
 
The exemption applies because:
•       Staff below tier 3 have a reasonable expectation that their
details will not be disclosed into the public domain
 
If you are dissatisfied with our handling of your request you have the
right of appeal through the Council’s internal review procedure by setting
out the grounds of your appeal in writing to:
 
[email address]
or Information Compliance Team
Room 043
County Hall
Martineau Lane
Norwich
NR1 2DH
 
An appeal should be submitted within 40 working days of the date of this
notice and should be identified as "FOI Appeal".
 
If you are dissatisfied after pursuing the complaints procedure, you may
apply to the Information Commissioner under Section 50 of the Act for a
decision whether your request for information has been dealt with in
accordance with the requirements of Part I of the Act.  Refer to the ICO
Website at: [3]https://ico.org.uk/concerns/ for advice on how to report a
concern.  Or you can write to them at:
 
First Contact Team
Information Commissioner's Office
Wycliffe House
Water Lane, Wilmslow
Cheshire
SK9 5AF
 
Yours sincerely
 
Bev Whittaker, Information Compliance Officer 
Information Management 
Tel: 01603 638017 | Dept: 01603 222661
Bays 7,8 & 9, Ground Floor, South Wing, County Hall, Martineau Lane,
Norwich 
  
 
 
 

show quoted sections