EasyPark data breach

Thank you for your email message. We aim to respond to all requests under
the Freedom of Information Act 2000 and Environmental Information
Regulations 2004 within 20 working days. More information about the way we
deal with information requests is on our web site at
[1]www.merton.gov.uk/foi
 
Information Governance Team
London Borough of Merton.
020 8545 4634
 
 
 

══════════════════════════════════════════════════════════════════════════

Please help to reduce waste and do not print this message unless you
really need to.
This message, including any attached files, is intended just for the use
of the individual or organisation to whom it is addressed. Unauthorised
use (for example disclosure, storage or copying) is not permitted. If you
are not the intended recipient please destroy all copies and inform the
sender by return email. Any views or opinions expressed in email are
solely those of the author and do not necessarily represent those of
Merton Council. Merton Council reserves the right to monitor, record and
retain any incoming and outgoing emails for security reasons and for
monitoring internal compliance with the Merton Council policy on staff
use. Email monitoring and/or blocking software may be used and email
content may be read. Merton Council may be required to disclose this email
(or any response to it) under the Freedom of Information Act 2000 unless
the information in it is covered by one of the exemptions in the Act. The
message may contain information that is confidential or sensitive; you
should handle it accordingly.
Please view the council's privacy notice at
https://www.merton.gov.uk/legal/privacy-...
--------------------------------------------------------------------------------------------------------------

References

Visible links
1. http://www.merton.gov.uk/foi

Dear Sandra Vogel,

 

Freedom of Information Act 2000 / Environmental Information Regulations
2004 Information request

We have now considered your information request as set out below.

 

You asked:

 

Please can you provide me with the following information:

I am aware of a data breach at EasyPark, the owner of RingGo, which Merton
Council uses to provide parking payment facilities.

EasyPark has published a statement here
[1]https://urldefense.com/v3/__https://www....

Please can you answer the following questions about this data breach.

 

1. When and how did EasyPark make Merton Council aware of the breach?

There has been no impact in relation to parking data associated with
Merton Council and motorists parking in Merton, therefore Merton Council
were not notified of the breach.

 

2. Does Merton Council know if data of users in Merton was compromised
regardless of whether they are borough residents or not?

None of the data associated with RingGo users parking in LB Merton has
been compromised.

 

3. If the answer to question 2 is "yes", does Merton Council have
information on which data of users has been compromised, and what
granularity does Merton Council have? Does Merton Council have enough
granularity to contact specific users should it wish to, in order to
inform them of the issue regardless of whether they are borough residents
or not?

This is not applicable.

 

4. Does Merton Council have information about the number of borough
residents who use RingGo? If yes what is the number of residents, and what
is that number as a percentage of motor vehicle owners who live in Merton?

The RingGo service to Merton is twofold i.e. Residents Parking Permits and
Cashless Parking Sessions. 

RingGo Cashless Parking is a national service and LB Merton does not have
access to RingGo customer numbers, or personal data such as names,
addresses etc for this service.

The number of residents who currently hold RingGo Residents Permits is
17,555. We do not hold data on the number of motor vehicle owners who live
in Merton.

 

5. Does Merton Council have contact information for borough residents who
use RingGo?

Where a borough resident purchases a permit using RingGo they provide a
telephone number and residential address which is made available to Merton
Council.

 

6. What has Merton Council done to alert residents of the borough in a
general way about the breach, for example through a press notice or using
social media, and to offer advice and/or support to those residents
regarding protection of personal data?

This is not applicable as none of the data associated with RingGo users
parking in LB Merton has been compromised.

 

7. What contractual arrangements does Merton Council have with RingGo for
managing and securing customer data, informing Merton council of breaches,
informing users of Merton parking payment systems of breaches, and any
other data security matters.

Please see attached personal data clauses from the Council’s contract with
RingGo.

 

If you are dissatisfied with the handling of your request please contact
Head of Information Governance at Merton Council, Civic Centre, Morden,
SM4 5DX or e-mail [2][Merton Borough Council request email]

 

If you remain dissatisfied with the handling of your request or complaint,
you have a right to appeal to the Information Commissioner at:

 

The Information Commissioner's Office, Wycliffe House, Water Lane,
Wilmslow, Cheshire, SK9 5AF.

Telephone:0303 123 1113

Website: [3]www.ico.org.uk

 

There is no charge for making an appeal.

 

Yours sincerely

 

Parking Services

London Borough of Merton

 

(Head of Service: Osagie Ezekiel)

 

* Merton Civic Centre, London Road, Morden, Surrey, SM4 5DX

[4]Parking | Merton Council

 

 

══════════════════════════════════════════════════════════════════════════

Please help to reduce waste and do not print this message unless you
really need to.
This message, including any attached files, is intended just for the use
of the individual or organisation to whom it is addressed. Unauthorised
use (for example disclosure, storage or copying) is not permitted. If you
are not the intended recipient please destroy all copies and inform the
sender by return email. Any views or opinions expressed in email are
solely those of the author and do not necessarily represent those of
Merton Council. Merton Council reserves the right to monitor, record and
retain any incoming and outgoing emails for security reasons and for
monitoring internal compliance with the Merton Council policy on staff
use. Email monitoring and/or blocking software may be used and email
content may be read. Merton Council may be required to disclose this email
(or any response to it) under the Freedom of Information Act 2000 unless
the information in it is covered by one of the exemptions in the Act. The
message may contain information that is confidential or sensitive; you
should handle it accordingly.
Please view the council's privacy notice at
https://www.merton.gov.uk/legal/privacy-...
--------------------------------------------------------------------------------------------------------------

References

Visible links
1. https://urldefense.com/v3/__https:/www.e...
2. mailto:[Merton Borough Council request email]
3. http://www.ico.gov.uk/
4. https://www.merton.gov.uk/streets-parkin...