Kingdom Services Group "Data Breach and GDPR"

Response to this request is long overdue. By law, under all circumstances, Dartford Borough Council should have responded by now (details). You can complain by requesting an internal review.

Dear Dartford Borough Council,

1. As Joint Controllers of the data being processed for the Environmental Enforcement contract with KSG (KSG), can you confirm that either you or KSG reported the breach (within 72hrs) of Kingdom's "Bonus Spreadsheet for 2018" being available online for anyone to observe? The spreadsheet was not password protected. It also contained the names of all the council's working with KSG and all of their employee names and FPN totals for each day (no security whatsoever).

2. As Joint controllers of the data being processed for the Environmental Enforcement contracts, can you confirm that either you or KSG formally informed all of their employees (authorised council officers), whose names were on the spreadsheet?

3. Could you confirm that all the Body Worn Cameras being used to collect personal identifiable information from members of the public have been encrypted as per the GDPR (2016). KSG use Body Worn Cameras supplied by Pinnacle. The PR5 model is not encrypted and cannot be used to collect personal identifiable information. Therefore, they must be using the PR6 model. Could you confirm the model being used for your contract?

4. Can you confirm that all officers employed by KSG have been trained in accordance to DPA 1998 and GDPR (2016) and that you have seen the signed training records for this training?

5. Can you confirm that all the officers employed by KSG, authorised to enforce littering offences on behalf of the council have been fully vetted and have valid DBS check, which the council have seen?

Could you confirm KSG have a Data Protection Officer/department and the contact email for this person/department.

Could you provide me with a copy of the following documents/policies which will have been updated in accordance with the General Data Protection Regulations (2016), the regulations came into force on 25th May 2018. Therefore, all of the documents will have been updated.

1. A copy of your Data Sharing Agreement with KSG for the delivery of Environmental Enforcement Services and a variation to this agreement to show the inclusion of GDPR (2016).

2. A copy of the Data Protection Impact Assessment for The Environmental Enforcement Services delivered by KSG on behalf of the council, which will show the inclusion of GDPR (2016). This assessment will include all systems used for processing Personal identifiable information e.g. systems, Body Worn Cameras, Handheld Computers and officer notebooks.

3. A copy of the Body Worn Camera Policy being adhered to by the officers employed by KSG working on behalf of the council. Also the previous version of this policy before adhering to the GDPR (2016).

4. A copy of the data retention policy being used in accordance with GDPR (2016) for the Environmental Enforcement contract with KSG.

Yours faithfully,

P Rourke

FOI (Dartford),

Thank you for your FOI request which will be responded to within 20
working days unless the Council agrees an extension of time with you.

 

show quoted sections