Dear West Midlands Fire Service,
please can you send me a copy of the current subject access request
acknowledgment AND response letter that you use
2) a copy of the last 5 dpias completed
3) a copy of any internal mandatory information governance training that
you give to staff which was written in the last 2 years including
presentation slides and videos and any other media
4) a copy of any instructions given to staff members to reduce data
security breaches, for example double checking work
5) a copy of any policies implemented in the last 2 years within the
organisation to help reduce the environmental impact that the organisation
has?
6) please can I have a copy of the risk rating that you use to evaluate data security incidents?

Yours faithfully,

Paul knight

Barbara Wilkins, West Midlands Fire Service

1 Attachment

Ref: FOI/20004

 

Dear Mr Knight,

 

RE: FREEDOM OF INFORMATION ACT 2000 REQUEST

 

I can confirm that we have received your request concerning our
information governance templates and training.  Your request was received
on 7th January 2020 and I am dealing with it under the Freedom of
Information Act 2000. 

 

In certain circumstances a fee may be payable and if that is the case, I
will let you know. A fees notice will be issued to you, and you will be
required to pay this before we will proceed to deal with the request.

If you have any queries about this letter, please contact me. Please
remember to quote the reference number above in any future communications.

 

Further information concerning Freedom of Information requests can be
found on the Information Commissioner website at either the following
link: [1]https://ico.org.uk/ or at Wycliffe House, Water Lane, Wilmslow,
SK9 5AF.

 

 

Regards

Barbara Wilkins

ICT Data Management

0121 380 6464

 

[2][email address]

[3]www.wmfs.net/our-plan

[4]Corporate E-mail Signature

 

 

From: Paul knight <[FOI #632182 email]>
Sent: 07 January 2020 09:03
To: DataManager <[West Midlands Fire Service request email]>
Subject: Freedom of Information request - Docs

 

Dear West Midlands Fire Service,

please can you send me a copy of the current subject access request
acknowledgment AND response letter that you use

2) a copy of the last 5 dpias completed

3) a copy of any internal mandatory information governance training that
you give to staff which was written in the last 2 years including
presentation slides and videos and any other media

4) a copy of any instructions given to staff members to reduce data
security breaches, for example double checking work

5) a copy of any policies implemented in the last 2 years within the
organisation to help reduce the environmental impact that the organisation
has?

6) please can I have a copy of the risk rating that you use to evaluate
data security incidents?

 

Yours faithfully,

 

Paul knight

 

show quoted sections

Barbara Wilkins, West Midlands Fire Service

4 Attachments

Ref: FOI/20004

 

Dear Mr Knight,

 

RE: FREEDOM OF INFORMATION ACT 2000 REQUEST

 

I am writing to confirm that the West Midlands Fire Service has now
completed its search for the information you requested further to your
freedom of information request.

 

Please find below a summary of our findings.

 

Request

Please can you send me a copy of the current subject access request
acknowledgment AND response letter that you use

Reply

Please see attached for current subject access request acknowledgement
template, we do not have a template letter for response as each response
is determined by the content therefore this information is exempt under
section 1 of the Freedom of Information Act 2000 as we do not hold this
information.

 

Request

A copy of the last 5 DPIAs completed

Reply

This information is exempt under section 21 of the Freedom of Information
Act 2000 as this information is reasonably accessible to the requestor.
DPIAs are published on our website and those currently published can be
accessed at the following link: [1]https://www.wmfs.net/foi-entry/19072/

Further DPIAs are exempt under Section 22 of the Freedom of Information
Act 2000 - Information intended for future publication. Details will be
published by West Midlands Fire Service on our website when they have been
completed.

 

Request

A copy of any internal mandatory information governance training that you
give to staff which was written in the last 2 years including presentation
slides and videos and any other media

Reply

This information is exempt under section 1 of the Freedom of Information
Act 2000 as we do not hold this information. West Midlands Fire Service
mandatory information governance training has not been updated in the last
2 years, the training is due to be reviewed in the near future.

 

Request

A copy of any instructions given to staff members to reduce data security
breaches, for example double checking work

Reply

West Midlands Fire Service Policy for the handling of all information is
contained in our Management of Information Policy. Please see attached

 

Request

A copy of any policies implemented in the last 2 years within the
organisation to help reduce the environmental impact that the organisation
has?

Reply

West Midlands Fire Service Policy for reducing the environmental impact
that the organisation has is contained in our Environmental and
Sustainability Strategy document. Please see attached

 

Request

Please can I have a copy of the risk rating that you use to evaluate data
security incidents?

Reply

West Midlands Fire service does not have a risk rating to evaluate data
security incidents however it uses the following criteria to determine the
risk level;

·                     What type of data is involved?

·                     How sensitive is it? E.g. Information of a personal
nature?

·                     What has happened to the data? E.g. Could
information be misused?

·                     what could the data tell a third party about the
individual?

·                     If data has been lost or stolen, are there any
protections in place such as encryption?

·                     Could the data breach affect any core functions of
the organisation?

·                     How many individuals’ personal data are affected by
the breach?

·                     Who are the individuals whose data has been
breached? Whether they are staff, customers, clients or suppliers, for
example, will to some extent determine the level of risk posed by the
breach and, therefore, your actions in attempting to mitigate those risks

·                     What harm can come to those individuals? Are there
risks to physical safety or reputation, financial loss or a combination of
these and other aspects of their life?

·                     Are there wider consequences to consider such as a
risk to public health or loss of public confidence in an important service
we provide?

 

If you have any queries about this Freedom of Information request, please
contact us. Please remember to quote the reference number above in any
future communications.

 

For service complaints, issues or comments regarding this request please
contact The Public Relations Department, West Midlands Fire Service, 99
Vauxhall Road, Birmingham, B7 4HW

 

Further information concerning Freedom of Information requests can be
found on the Information Commissioner website at either the following
link: [2]https://ico.org.uk/ or at Wycliffe House, Water Lane, Wilmslow,
SK9 5AF.

 

 

 

Regards

Barbara Wilkins

ICT Data Management

0121 380 6464

 

[3][email address]

[4]www.wmfs.net/our-plan

[5]Corporate E-mail Signature

 

 

From: Paul knight <[6][FOI #632182 email]>
Sent: 07 January 2020 09:03
To: DataManager <[7][West Midlands Fire Service request email]>
Subject: Freedom of Information request - Docs

 

Dear West Midlands Fire Service,

please can you send me a copy of the current subject access request
acknowledgment AND response letter that you use

2) a copy of the last 5 dpias completed

3) a copy of any internal mandatory information governance training that
you give to staff which was written in the last 2 years including
presentation slides and videos and any other media

4) a copy of any instructions given to staff members to reduce data
security breaches, for example double checking work

5) a copy of any policies implemented in the last 2 years within the
organisation to help reduce the environmental impact that the organisation
has?

6) please can I have a copy of the risk rating that you use to evaluate
data security incidents?

 

Yours faithfully,

 

Paul knight

 

show quoted sections