Manually-held databreach undertakings

Jonathan Baines made this Freedom of Information request to Information Commissioner's Office

This request has been closed to new correspondence from the public body. Contact us if you think it ought be re-opened.

The request was successful.

Dear Information Commissioner’s Office,

The earliest electronic data breach undertaking between you and a data controller I can identify is the West Berkshire Council one of 2 June 2010.

I understand that there are others, manually-held by your office, prior to that one. May I have copies of all of them please? (I think the very first one was issued on 2 February 2007).

Many thanks, and sorry for the flurry of requests

Jonathan Baines

Information Commissioner's Office

PROTECT

3rd September 2012

Reference: IRQ0462817

Dear Mr Baines,

Thank you for your email of 1 September 2012. 

Your request is being dealt with in accordance with the Freedom of
Information Act 2000.  We will respond promptly, and no later than 28
September 2012 which is 20 working days from the day after we received
your request.
 
Should you wish to reply to this email, please be careful not to amend the
information in the ‘subject’ field. This will ensure that the information
is added directly to your case. However, please be aware that this is an
automated process; the information will not be read by a member of our
staff until your case is allocated to a request handler.

Yours sincerely

Hannah Burling
Lead Information Governance Officer

show quoted sections

Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow,
Cheshire, SK9 5AF
Tel: 0303 123 1113 Fax: 01625 524 510 Web: www.ico.gov.uk

Information Commissioner's Office

1 Attachment

PROTECT
28 September 2012

Case Reference Number IRQ0462817

Dear Mr Baines 

Further to our acknowledgment of 3 September 2012 we are now in a position
to respond to your request.
 
Your request read:
 
“The earliest electronic data breach undertaking between you and a
data controller I can identify is the West Berkshire Council one of
2 June 2010.

I understand that there are others, manually-held by your office,
prior to that one. May I have copies of all of them please? (I
think the very first one was issued on 2 February 2007).”
 
As previously stated we have considered your request under the Freedom of
Information Act 2000.
 
We do hold copies of undertakings served prior to 2 June 2010. As your
request references ‘data breach’ undertakings we understand your focus is
those issued with reference to data protection and not those in relation
to the Freedom of Information Act 2000 to Privacy and Electronic
Communications Regulations 2003.
 
Please see a copy of the data protection undertakings not currently
published on our website attached (save the three referenced below). 

You will see that we have redacted the signatures of the signatories -
this has been done in reliance on section 40 (2) FOIA which by virtue of
section 40 (3) (a) (i) permits a public authority to withhold personal
data belonging to individuals other than the requester where disclosure
would breach a data protection principle - we do not consider it would be
fair to the individuals concerned to disclose their signatures.

Further, based on the understanding that the purpose of your request is to
access all undertakings issued by the ICO we feel it appropriate to share
that there are three further undertakings which have not been published at
any time on the ICO website. One was issued in 2011 and two, recently, in
2012. They were not published at the time due to a risk of prejudice, in
one case to a criminal trial and in the others to commercial interests. In
light of your request we have revisited these considerations and find that
they are still relevant. 
 
We consider that these undertakings are exempt under section 22 FOIA which
sets out that information intended for future publication is exempt from
disclosure under FOIA. We will publish these undertakings when the risk of
prejudice is no longer a valid bar to doing so. Unfortunately, we do not
know when this will be as these are events and circumstances outside the
control of the ICO.
 
By way of some explanation – we understand and agree that the ICO should
be open and transparent about the regulatory action it undertakes but
there may be circumstances where it has to be able to take this action, in
pursuance of its objectives to further compliance with the Data Protection
Act 1998, without disclosing the fact. We consider that this circumstance
is only likely to occur on limited occasions. 
 
I hope this response is of interest and assistance to you. However, if you
are dissatisfied with the response you have received and wish to request a
review of our decision or make a complaint about how your request has been
handled you should write to the Information Governance Department at the
address below or email [1][email address]
 
Your request for internal review should be submitted to us within 40
working days of receipt by you of this response.  Any such request
received after this time will only be considered at the discretion of the
Commissioner.
 
If having exhausted the review process you are not content that your
request or review has been dealt with correctly, you have a further right
of appeal to this office in our capacity as the statutory complaint
handler under the legislation.  To make such an application, please write
to the First Contact Team, at the address below visit the ‘Complaints’
section of our website to make a Freedom of Information Act or
Environmental Information Regulations complaint online.
 
A copy of our review procedure is available [2]here
 
Yours sincerely
 
Helen Ward
Lead Information Governance Officer 
 

show quoted sections

Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow,
Cheshire, SK9 5AF
Tel: 0303 123 1113 Fax: 01625 524 510 Web: www.ico.gov.uk

References

Visible links
1. mailto:[email address]
2. http://www.ico.gov.uk/about_us/~/media/d...

Information Commissioner's Office

1 Attachment

PROTECT
28 September 2012

Case Reference Number IRQ0462817

Dear Mr Baines 
 
Please find further information attached.

Thank you 

Helen Ward
Lead Information Governance Officer

show quoted sections

Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow,
Cheshire, SK9 5AF
Tel: 0303 123 1113 Fax: 01625 524 510 Web: www.ico.gov.uk

Information Commissioner's Office

1 Attachment

PROTECT
28 September 2012

Case Reference Number IRQ0462817

Dear Mr Baines 
 
Please find further information attached.

Thank you 

Helen Ward
Lead Information Governance Officer

show quoted sections

Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow,
Cheshire, SK9 5AF
Tel: 0303 123 1113 Fax: 01625 524 510 Web: www.ico.gov.uk

Information Commissioner's Office

1 Attachment

PROTECT
28 September 2012

Case Reference Number IRQ0462817

Dear Mr Baines 
 
Please find further information attached.

Thank you 

Helen Ward
Lead Information Governance Officer

show quoted sections

Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow,
Cheshire, SK9 5AF
Tel: 0303 123 1113 Fax: 01625 524 510 Web: www.ico.gov.uk

Information Commissioner's Office

1 Attachment

PROTECT
28 September 2012

Case Reference Number IRQ0462817

Dear Mr Baines 
 
Please find further information attached.

Thank you 

Helen Ward
Lead Information Governance Officer

show quoted sections

Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow,
Cheshire, SK9 5AF
Tel: 0303 123 1113 Fax: 01625 524 510 Web: www.ico.gov.uk

Information Commissioner's Office

1 Attachment

PROTECT
28 September 2012

Case Reference Number IRQ0462817

Dear Mr Baines 
 
Please find further information attached.

Thank you 

Helen Ward
Lead Information Governance Officer

show quoted sections

Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow,
Cheshire, SK9 5AF
Tel: 0303 123 1113 Fax: 01625 524 510 Web: www.ico.gov.uk

Information Commissioner's Office

1 Attachment

PROTECT
28 September 2012

Case Reference Number IRQ0462817

Dear Mr Baines 
 
Please find further information attached. This is the final email. 

Thank you 

Helen Ward
Lead Information Governance Officer

show quoted sections

Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow,
Cheshire, SK9 5AF
Tel: 0303 123 1113 Fax: 01625 524 510 Web: www.ico.gov.uk