DP Breach

JW made this Freedom of Information request to Ealing Borough Council

This request has been closed to new correspondence from the public body. Contact us if you think it ought be re-opened.

The request was partially successful.

Dear Ealing Borough Council,

In light of the data breach and subsequent ICO fine please provide me with the following information.

1. What information is provided to staff with regards to Data Protection. Please provide a copy of the information from all sources/channels (ie leaflets; intranet emails etc.)
2. What training is provided to staff regarding data protection in particular regarding principle 7. Please provide a copy of the information.

3. Was a risk assessment undertaken regarding the use of laptops? please provide a copy of the risk assessment.

4. What risk management tools/software is currently in use in the council to manage business and information risks.

5. Please provide a copy of the Council's risk register.

6. Does the council classify its information? please provide a copy of the classification scheme used and the associated policies, procedures and guidelines for handling this type of information.

7. Out of what budget was the fine paid and did ealing get the discount?

8. What action was taken against staff involved in the breach.

Yours faithfully,

Joycelyn Wyatt

Dear Ealing Borough Council,

I am yet to receive a response that you have recived my previous request (see blow) which was sent to you on 4th April 2011.

Please respond

Dear Ealing Borough Council,

In light of the data breach and subsequent ICO fine please provide
me with the following information.

1. What information is provided to staff with regards to Data
Protection. Please provide a copy of the information from all
sources/channels (ie leaflets; intranet emails etc.)
2. What training is provided to staff regarding data protection in
particular regarding principle 7. Please provide a copy of the
information.

3. Was a risk assessment undertaken regarding the use of laptops?
please provide a copy of the risk assessment.

4. What risk management tools/software is currently in use in the
council to manage business and information risks.

5. Please provide a copy of the Council's risk register.

6. Does the council classify its information? please provide a copy
of the classification scheme used and the associated policies,
procedures and guidelines for handling this type of information.

7. Out of what budget was the fine paid and did ealing get the
discount?

8. What action was taken against staff involved in the breach.

Yours faithfully,

Joycelyn Wyatt

foirequests foirequests, Ealing Borough Council

Dear Ms Wyatt,

I have checked my records and an auto-reply was sent to the whatdotheyknow website on the day of receipt. I am sorry if this has not shown up, I am not sure if the problem lies at the other end as I have noticed the bounce-backs do not get published on the website.

The bounce-back below was the one that was sent. Please be assured we are processing your request.

Kind Regards,
Davina

show quoted sections

foirequests foirequests, Ealing Borough Council

13 Attachments

Dear Ms Wyatt,

Please accept my apologies for the delay in responding to your request.

Please find attached our response.

Kind Regards,
Davina

show quoted sections

Dear Ealing Borough Council,

Please pass this on to the person who conducts Freedom of Information reviews.

I am writing to request an internal review of Ealing Borough Council's handling of my FOI request 'DP Breach'.

Attached to your letter was a bunch of PDFs that were not referenced to the questions I asked. You have left it to me to determine what piece of information applies to what question. Also in the bundle was guidance from the ICO. I requested information produced by Ealing.
I believe that the due to you being late in providing the information you felt it was not necessary to answer the questions properly, in particular q1 & q2. I also think the information provided is incomplete as I would expect more information to be provided to staff (i.e handouts, leaflets, elearning, intranet, face-to-face etc. I only saw one presentation to one section in the bundle. Please provide a list of teams,business units, departments who have had awareness training.

I'm also complaining about your refusal to provide information in Q3 and Q5. FOI is about information not the actual document and I believe there is information that can provided from the risk assessment undertaken; that section 36(b) does not apply and the provision of the information would not prejudice to effect conduct of affairs. I feel the public have a right to know that Ealing are looking at the risk on a regular basis (every year would be good) and are taking action to reduce those risks. How come the last risk assessment was May 2009, two years ago? also the corporate risk register should be a public document showing the high level risks and the and the senior information risk owner responsible(other boroughs publish theirs)

Q6. I do not believe I was given a honest answer,as Ealing has to exchange information with the Government, it is a requirement that you classify your information. If you are not how can the government trust that you are handling their information securely?

Q8. Why was not action taken?????? Wasn't their a breach of Ealing Policy?

The history of my FOI request and all correspondence is available on the Internet at this address:
http://www.whatdotheyknow.com/request/dp...

Yours faithfully,

Joycelyn Wyatt

Peter Morris, Ealing Borough Council

2 Attachments

Please find attached the results of the Internal Review that you requested into the Council's response to your enquiry regarding a data breach incident.

show quoted sections