We don't know whether the most recent response to this request contains information or not – if you are Open Rights Group please sign in and let everyone know.

Internet filtering and blocking policies

Open Rights Group made this Freedom of Information request to Aintree University Hospitals NHS Foundation Trust

This request has been closed to new correspondence from the public body. Contact us if you think it ought be re-opened.

We're waiting for Open Rights Group to read recent responses and update the status.

Open Rights Group

Dear Aintree University Hospitals NHS Foundation Trust,

I am writing as a Research Volunteer at the Open Rights Group. We are conducting a study to better understand filtering and blocking of websites on the public estate, to understand what content and sites are inaccessible and why.

We would like to know, in relation to your publicly accessible Internet networks, or Internet networks for your clients:

1) The categories of content blocked or filtered, eg:
a) Security or Malware
b) Content types, eg adult, alcohol etc
c) Statistics relating to the requests blocked or filtered, eg how many site requests filtered or blocked per category

2) Monitoring requirements you have for users, eg if you record or may record their Internet usage

3) The supplier of your blocking or filtering software
a) Eg, Sophos, Forcepoint, Palo Alto etc

Yours faithfully,

Markos Volikas

Open Rights Group

FOI REQUESTS, Aintree University Hospitals NHS Foundation Trust

Dear Applicant,

Freedom of Information Act 2000 – Request for Information Ref: FOI 4455

Thank you for your request for Trust information under the provisions of the Freedom of Information Act 2000. I can confirm that this matter is currently receiving attention and a Trust representative will be in touch with you within the statutory timescale, currently 20 working days.

The Trust will inform you of any exempt information along with any fee required, in due course. The Trust may require further detail from you to assist its search for the information you have requested. You may therefore be contacted in due course if it is necessary to clarify your request. The provisions of the Act regulate all these matters.

Meanwhile, if you wish to discuss any aspect of your request please do not hesitate to contact us quoting the reference number above.

Yours Sincerely,

FOI Team
Aintree University Hospital NHS Foundation Trust
Aintree Lodge
Lower Lane
Liverpool L9 7AL

[email address]

The information contained in this e-mail is confidential and is intended only for the named recipient. If you are not the named recipient you must not copy or distribute this message, please notify the sender of the error. Any unauthorised disclosure of the information contained within this e-mail is strictly prohibited.

show quoted sections

FOI REQUESTS, Aintree University Hospitals NHS Foundation Trust

1 Attachment

Dear Applicant,

 

Freedom of Information Act 2000 – Request for Information Reference: 4455

 

Thank you for your request for information from Aintree University
Hospital NHS Foundation Trust.

 

The Trust has now completed its search for the information you requested.

 

Your FOI request and the Trusts response is set out below:

 

We would like to know, in relation to your publicly accessible Internet
networks, or Internet networks for your clients:

 

1) The categories of content blocked or filtered, eg:  - Please see
statement below

a) Security or Malware

b) Content types, eg adult, alcohol etc

c) Statistics relating to the requests blocked or filtered, eg how many
site requests filtered or blocked per category

 

2) Monitoring requirements you have for users, eg if you record or may
record their Internet usage – Please see statement below

 

3) The supplier of your blocking or filtering software - Email filter is
Sophos Pure Message. Proxy server is Smoothwall.

 

We consider that if the data you have requested were to be combined with
other information which may be available in the public domain, there would
likely to be an increased risk of a cyber-security attack upon the Trust.

 

It is important to note that information relevant to the security
processes involved in protecting the Trust’s data systems would be exempt
from disclosure under Section 31(1)(a) (Law Enforcement) of the Freedom of
Information Act.  If disclosed, such information could be used to identify
ways in which our computer systems could be breached.  Patient data as
well as other confidential information could therefore be accessed.  The
Trust has a duty to protect such information in line with Principle 7
(Protected by appropriate security (practical and organisational) of the
Data Protection Act 1998.

 

Section 31(1)(a) of the Act states:

31. Law enforcement.

(1) Information which is not exempt information by virtue of section 30 is
exempt information if its disclosure under this Act would, or would be
likely to, prejudice—

(a) the prevention or detection of crime.

 

As part of the Critical National Infrastructure for the NHS, the Trust has
a duty to protect the integrity of our systems.  The disclosure of the
information requested could expose weaknesses in our systems and lead to
breaches, making the UK or its citizens, in this case our patients, more
vulnerable to security threat.  The release of such information is
therefore exempt under Section 31 (1)(a) (Law Enforcement) of the Freedom
of Information Act.

 

Section 31 is a qualified exemption; therefore the public interest in
withholding the information should outweigh the public interest in its
disclosure. 

The Trust has applied the public interest test and believes that
disclosure of this information could lead to

•           Breaches in Trust security and is therefore a reasonable
threat to the confidential patient data held on our systems.

•           Temporary or long term lack of availability of IT systems

•           Corruption/loss of patient data which would prevent or
interrupt provision of patient care.

 

There is a strong public interest in protecting the confidentiality of
patient data and of ensuring that healthcare services can be provided to
the public without increasing the possibility of attack by hackers or
malware, or of putting personal or other information held on these systems
at risk of corruption or subject to illegal access. For these reasons, the
Trust has decided that it is in the public interest to withhold this
information at this time.

 

If you require any further information please do not hesitate to contact
us.

 

To ensure continuous improvement we would be grateful if you could
complete the attached Feedback Survey.

 

If you are unhappy with the service you have received in relation to your
request and wish to make a complaint or request a review of our decision,
you should write to Freedom of Information Team, Aintree Lodge, University
Hospital Aintree, Lower Lane, Liverpool, L9 7AL or email
[1][email address]  and quote the reference number above.

 

If you are not content with the outcome of your complaint, you may apply
directly to the Information Commissioner for a decision.

Generally, the ICO cannot make a decision unless you have exhausted the
complaints procedure provided by the Trust. The Information Commissioner
can be contacted at: The Information Commissioner’s Office, Wycliffe
House, Water Lane, Wilmslow, Cheshire SK9 5AF.

 

Yours Sincerely,

 

Freedom of Information Team

Aintree University Hospital NHS Foundation Trust

Aintree Lodge

Lower Lane

Liverpool L9 7AL

 

Email: [email address]

 

This e-mail and any attachments may contain confidential and / or
proprietary Trust information, some or all of which may be legally
privileged, and / or may be subject to public disclosure.

The information held herein should only be used for its initial intended
purpose(s) and exclusive use of the intended recipient(s).

If you are not the intended recipient then please notify the author by
replying to this e-mail and then destroy any copies.

Any views or opinions expressed in this e-mail are those of the author and
do not necessarily represent those of the Trust.

All incoming and outgoing e-mails and other forms of telecommunication may
be monitored.

Unless the information is legally exempt from disclosure, the
confidentiality of this e-mail AND YOUR REPLY cannot be guaranteed.

 

Re-use of Public Sector Information

© Aintree University Hospital NHS Foundation Trust

You may re-use this information (not including logos) free of charge in
any

format or medium, under the terms of the Open Government Licence.

To view this licence, visit
http://www.nationalarchives.gov.uk/doc/o...

Alternatively you can consult the Guidance for Information Providers
section

on The National Archives website
http://www.nationalarchives.gov.uk/infor...

 

 

show quoted sections

We don't know whether the most recent response to this request contains information or not – if you are Open Rights Group please sign in and let everyone know.