We don't know whether the most recent response to this request contains information or not – if you are P Rourke please sign in and let everyone know.

Kingdom Services Group "Data Breach and GDPR"

P Rourke made this Freedom of Information request to Woking Borough Council

This request has been closed to new correspondence from the public body. Contact us if you think it ought be re-opened.

We're waiting for P Rourke to read recent responses and update the status.

Dear Woking Borough Council,

1. As Joint Controllers of the data being processed for the Environmental Enforcement contract with KSG (KSG), can you confirm that either you or KSG reported the breach (within 72hrs) of Kingdom's "Bonus Spreadsheet for 2018" being available online for anyone to observe? The spreadsheet was not password protected. It also contained the names of all the council's working with KSG and all of their employee names and FPN totals for each day (no security whatsoever).

2. As Joint controllers of the data being processed for the Environmental Enforcement contracts, can you confirm that either you or KSG formally informed all of their employees (authorised council officers), whose names were on the spreadsheet?

3. Could you confirm that all the Body Worn Cameras being used to collect personal identifiable information from members of the public have been encrypted as per the GDPR (2016). KSG use Body Worn Cameras supplied by Pinnacle. The PR5 model is not encrypted and cannot be used to collect personal identifiable information. Therefore, they must be using the PR6 model. Could you confirm the model being used for your contract?

4. Can you confirm that all officers employed by KSG have been trained in accordance to DPA 1998 and GDPR (2016) and that you have seen the signed training records for this training?

5. Can you confirm that all the officers employed by KSG, authorised to enforce littering offences on behalf of the council have been fully vetted and have valid DBS check, which the council have seen?

Could you confirm KSG have a Data Protection Officer/department and the contact email for this person/department.

Could you provide me with a copy of the following documents/policies which will have been updated in accordance with the General Data Protection Regulations (2016), the regulations came into force on 25th May 2018. Therefore, all of the documents will have been updated.

1. A copy of your Data Sharing Agreement with KSG for the delivery of Environmental Enforcement Services and a variation to this agreement to show the inclusion of GDPR (2016).

2. A copy of the Data Protection Impact Assessment for The Environmental Enforcement Services delivered by KSG on behalf of the council, which will show the inclusion of GDPR (2016). This assessment will include all systems used for processing Personal identifiable information e.g. systems, Body Worn Cameras, Handheld Computers and officer notebooks.

3. A copy of the Body Worn Camera Policy being adhered to by the officers employed by KSG working on behalf of the council. Also the previous version of this policy before adhering to the GDPR (2016).

4. A copy of the data retention policy being used in accordance with GDPR (2016) for the Environmental Enforcement contract with KSG.

Yours faithfully,

P Rourke

Comments, Woking Borough Council

Thank you for your email.

E-mails will be replied to as soon as possible but within a maximum of 14 days of their receipt. If a reply cannot be sent within this timescale, an e-mail will be sent specifying a target date for the response.

Use of your personal data

In order to respond to your enquiry, we (Woking Borough Council) are collecting your personal data. Unless the law allows us to do so, we will not use the personal data you are providing for any other purpose.

In order to respond to your enquiry, you personal data might be shared with:

- Neighbouring local authorities or Surrey County Council

- Freedom Leisure, if your enquiry is about local leisure services

- New Vision Homes, if your enquiry is about Council owned housing

- Serco, if your enquiry is about parks and ground maintenance

- Thameswey Group, if your enquiry concerns the housing and energy services they provide on the Council's behalf

- Skanska Facilities Management, if your enquiry is about Council-owned property

- The emergency services, if required

We will hold your personal data for no longer than 7 years after our last contact with you. You can contact us to ask us to access or to rectify the personal data we have about you or to object to the processing of it.

More information on how we collect and use your personal data and the control you have over it is available on our website:

w​o​k​i​n​g​.​g​o​v​.​u​k​/​d​a​t​a​p​r​o​t​e​c​t​i​o​n​<​h​t​t​p​:​/​/​w​b​c​s​i​t​e​s​/​s​i​t​e​s​/PM/gdpr/ProjDocs/woking.gov.uk/dataprotection>

Kind regards,

Customer Services
_​_​_​_​_​_​_​_​_​_​_​_​_​_​_​_​_​_​_​_​_​_​_​_​_​_​_​_​_​_​_​_​_​_​_​_​_​_​_​_​_​_​_​_​_​_​_​_​_​_​___________________________
Woking Borough Council, Civic Office, Gloucester Square, Woking, Surrey GU21 6YL
Phone: 01483 755855 | Fax: 01483 768746 | Web: www.woking.gov.uk

show quoted sections

Comments, Woking Borough Council

We acknowledge receipt of your Freedom of Information Request. Your request has been forwarded to the Policy department for action.
Kind regards
Customer Services

______________________________________________
Woking Borough Council, Civic Offices, Gloucester Square, Woking, Surrey, GU21 6YL
Phone: 01483 755855 | Fax: 01483 768746 | Web: www.woking.gov.uk

________________________________________
From: P Rourke [[FOI #497364 email]]
Sent: 13 July 2018 21:47
To: Comments
Subject: Freedom of Information request - Kingdom Services Group "Data Breach and GDPR"

Dear Woking Borough Council,

1. As Joint Controllers of the data being processed for the Environmental Enforcement contract with KSG (KSG), can you confirm that either you or KSG reported the breach (within 72hrs) of Kingdom's "Bonus Spreadsheet for 2018" being available online for anyone to observe? The spreadsheet was not password protected. It also contained the names of all the council's working with KSG and all of their employee names and FPN totals for each day (no security whatsoever).

2. As Joint controllers of the data being processed for the Environmental Enforcement contracts, can you confirm that either you or KSG formally informed all of their employees (authorised council officers), whose names were on the spreadsheet?

3. Could you confirm that all the Body Worn Cameras being used to collect personal identifiable information from members of the public have been encrypted as per the GDPR (2016). KSG use Body Worn Cameras supplied by Pinnacle. The PR5 model is not encrypted and cannot be used to collect personal identifiable information. Therefore, they must be using the PR6 model. Could you confirm the model being used for your contract?

4. Can you confirm that all officers employed by KSG have been trained in accordance to DPA 1998 and GDPR (2016) and that you have seen the signed training records for this training?

5. Can you confirm that all the officers employed by KSG, authorised to enforce littering offences on behalf of the council have been fully vetted and have valid DBS check, which the council have seen?

Could you confirm KSG have a Data Protection Officer/department and the contact email for this person/department.

Could you provide me with a copy of the following documents/policies which will have been updated in accordance with the General Data Protection Regulations (2016), the regulations came into force on 25th May 2018. Therefore, all of the documents will have been updated.

1. A copy of your Data Sharing Agreement with KSG for the delivery of Environmental Enforcement Services and a variation to this agreement to show the inclusion of GDPR (2016).

2. A copy of the Data Protection Impact Assessment for The Environmental Enforcement Services delivered by KSG on behalf of the council, which will show the inclusion of GDPR (2016). This assessment will include all systems used for processing Personal identifiable information e.g. systems, Body Worn Cameras, Handheld Computers and officer notebooks.

3. A copy of the Body Worn Camera Policy being adhered to by the officers employed by KSG working on behalf of the council. Also the previous version of this policy before adhering to the GDPR (2016).

4. A copy of the data retention policy being used in accordance with GDPR (2016) for the Environmental Enforcement contract with KSG.

Yours faithfully,

P Rourke

-------------------------------------------------------------------

Please use this email address for all replies to this request:
[FOI #497364 email]

Is [Woking Borough Council request email] the wrong address for Freedom of Information requests to Woking Borough Council? If so, please contact us using this form:
https://www.whatdotheyknow.com/change_re...

Disclaimer: This message and any reply that you make will be published on the internet. Our privacy and copyright policies:
https://www.whatdotheyknow.com/help/offi...

For more detailed guidance on safely disclosing information, read the latest advice from the ICO:
https://www.whatdotheyknow.com/help/ico-...

Please note that in some cases publication of requests and responses will be delayed.

If you find this service useful as an FOI officer, please ask your web manager to link to us from your organisation's FOI page.

show quoted sections

Joe Williams, Woking Borough Council

Dear Sir/Madam,

Freedom of Information Act 2000 – Information Request

Further to your request for information dated 13 July 2018, I can confirm
that your request has been dealt with as a formal request for information
under the Freedom of Information Act 2000.

Having reviewed your request for information, I have identified that, due
to the nature of the information that you are seeking, your request may be
more appropriately addressed by Kingdom. I understand that they will be
sending a thorough response to the same within the statutory timeframes.

 

I hope that you are satisfied with the way in which your request for
information has been dealt with. If not, the Council has decided that any
complaint regarding requests for information that cannot be dealt with
satisfactorily on an informal basis should be dealt with in accordance
with its established complaints procedure. Details of the Council’s
complaints procedure may be found at:

[1]https://www.woking.gov.uk/council/about/...

 

Alternatively, I can forward you a paper copy of a leaflet giving details.
I am also happy to discuss any queries that you may have regarding how we
have dealt with your request for information. In addition, you may apply
to the Information Commissioner for a decision whether your request for
information has been dealt with in accordance with the requirements of the
Act (although I understand that the Information Commissioner may decline
to become involved if you have not first exhausted the Council's
complaints procedure). The Information Commissioner may be contacted at
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF; tel. 01625
545745; fax. 01625 524510; e-mail. [2][email address] Website: 
www.ico.gov.uk

 

Kind Regards,

 

Joe Williams | Environmental Enforcement Coordinator | Environmental
Health

 

Woking Borough Council, Civic Offices, Gloucester Square, Woking, Surrey,
GU21 6YL

T: +44 (0)1483 743670 |  F: +44
(0)1483 750585  |  [3][email address]

For general enquiries, please call Woking Borough Council's Contact Centre
on 01483 755855

[4]www.woking.gov.uk

 

________________________________________

From: P Rourke [[FOI #497364 email]]

Sent: 13 July 2018 21:47

To: Comments

Subject: Freedom of Information request - Kingdom Services Group "Data
Breach and GDPR"

 

Dear Woking Borough Council,

 

1. As Joint Controllers of the data being processed for the Environmental
Enforcement contract with KSG (KSG), can you confirm that either you or
KSG reported the breach (within 72hrs) of Kingdom's "Bonus Spreadsheet for
2018" being available online for anyone to observe? The spreadsheet was
not password protected. It also contained the names of all the council's
working with KSG and all of their employee names and FPN totals for each
day (no security whatsoever).

 

2. As Joint controllers of the data being processed for the Environmental
Enforcement contracts, can you confirm that either you or KSG formally
informed all of their employees (authorised council officers), whose names
were on the spreadsheet?

 

3. Could you confirm that all the Body Worn Cameras being used to collect
personal identifiable information from members of the public have been
encrypted as per the GDPR (2016). KSG use Body Worn Cameras supplied by
Pinnacle. The PR5 model is not encrypted and cannot be used to collect
personal identifiable information. Therefore, they must be using the PR6
model. Could you confirm the model being used for your contract?

 

4. Can you confirm that all officers employed by KSG have been trained in
accordance to DPA 1998 and GDPR (2016) and that you have seen the signed
training records for this training?

 

5. Can you confirm that all the officers employed by KSG, authorised to
enforce littering offences on behalf of the council have been fully vetted
and have valid DBS check, which the council have seen?

 

Could you confirm KSG have a Data Protection Officer/department and the
contact email for this person/department.

 

Could you provide me with a copy of the following documents/policies which
will have been updated in accordance with the General Data Protection
Regulations (2016), the regulations came into force on 25th May 2018.
Therefore, all of the documents will have been updated.

 

1. A copy of your Data Sharing Agreement with KSG for the delivery of
Environmental Enforcement Services and a variation to this agreement to
show the inclusion of GDPR (2016).

 

2. A copy of the Data Protection Impact Assessment for The Environmental
Enforcement Services delivered by KSG on behalf of the council, which will
show the inclusion of GDPR (2016). This assessment will include all
systems used for processing Personal identifiable information e.g.
systems, Body Worn Cameras, Handheld Computers and officer notebooks.

 

3. A copy of the Body Worn Camera Policy being adhered to by the officers
employed by KSG working on behalf of the council. Also the previous
version of this policy before adhering to the GDPR (2016).

 

4. A copy of the data retention policy being used in accordance with GDPR
(2016) for the Environmental Enforcement contract with KSG.

 

Yours faithfully,

 

P Rourke

 

-------------------------------------------------------------------

 

Please use this email address for all replies to this request:

[5][FOI #497364 email]

 

Is [Woking Borough Council request email] the wrong address for Freedom of Information
requests to Woking Borough Council? If so, please contact us using this
form:

https://www.whatdotheyknow.com/change_re...

 

Disclaimer: This message and any reply that you make will be published on
the internet. Our privacy and copyright policies:

https://www.whatdotheyknow.com/help/offi...

 

For more detailed guidance on safely disclosing information, read the
latest advice from the ICO:

https://www.whatdotheyknow.com/help/ico-...

 

Please note that in some cases publication of requests and responses will
be delayed.

 

If you find this service useful as an FOI officer, please ask your web
manager to link to us from your organisation's FOI page.

 

 

show quoted sections

We don't know whether the most recent response to this request contains information or not – if you are P Rourke please sign in and let everyone know.