Policies

The request was partially successful.

Dear Buckinghamshire Fire and Rescue Service,
1) please can you send me a copy of the current subject access request
acknowledgment AND response letter that you use
2) a copy of the last 5 dpias completed
3) a copy of any internal mandatory information governance training that
you give to staff which was written in the last 2 years including
presentation slides and videos and any other media
4) a copy of any instructions given to staff members to reduce data
security breaches, for example double checking work
5) a copy of any policies implemented in the last 2 years within the
organisation to help reduce the environmental impact that the organisation
has?
6) please can I have a copy of the risk rating that you use to evaluate data security incidents?

Yours faithfully,

tim wells

Barry, Gerry, Buckinghamshire Fire and Rescue Service

5 Attachments

Dear Tim Wells,

 

Thank-you for your request for information about Data Protection and
Information Security, which I have considered under the terms of the
Freedom of Information Act 2000. Please see our response below:

 

1) please can you send me a copy of the current subject access request
acknowledgment AND response letter that you use We do not use a standard
format response but customise our response in line with the nature of the
request and, where necessary, to ask for more information – such as
evidence of identity.

 

2) a copy of the last 5 dpias completed We have not had to complete any
DPIA’s since the GDPR came into effect on 25 May 2018 although we do scope
all policies, projects etc that contain personally identifiable
information.

 

3) a copy of any internal mandatory information governance training that
you give to staff which was written in the last 2 years including
presentation slides and videos and any other media. We use the
“Responsible for Information” training from the Civil Service Learning as
a mandatory training package. (This package is more than two years old).
We also us the National Cyber Security Centre training:
[1]https://www.ncsc.gov.uk/blog-post/ncsc-c...

I also deliver general information governance training to individuals or
groups. These are delivered ad hoc and focus on areas of governance most
applicable to the group / individual in question. Therefore I do not hold
a standard package for this.

 

4) a copy of any instructions given to staff members to reduce data
security breaches, for example double checking work We do release messages
periodically reminding employees of security issues – such as to be
careful opening unexpected email attachments. These messages are not
retained and fresh messages are sent whenever a particular issue arises. I
have attached relevant procedures.  

 

5) a copy of any policies implemented in the last 2 years within the
organisation to help reduce the environmental impact that the organisation
has? Attached procedure is more about environmental impacts at incidents.
We do not anything specific to this organisation.

 

6) please can I have a copy of the risk rating that you use to evaluate
data security incidents? All incidents are evaluated on their individual
likely impact. To date, we have had very minor breaches – nothing
reportable.

 

If you have any queries about this email please contact me within two
calendar months quoting reference 101. If you are unhappy with the service
you have received in relation to your request and wish to make a complaint
or request a review of our decision, you should write to the Complaints
Officer at the address below within 40 working days. Our complaints
process is posted on our website at [2]www.bucksfire.gov.uk

 

If you are not content with the outcome your complaint, you may apply
directly to the Information Commissioner for a decision. Generally, the
ICO cannot make a decision unless you have exhausted the complaints
procedure provided by the Authority.

 

The Information Commissioner can be contacted at: The Information
Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9
5AF.

 

Please be advised that your request and any other correspondence
associated with it will be retained until the time has lapsed for the
request to be closed. Once the request is closed only anonymised data will
be retained as this is of public interest and is posted on our website. It
may also may be of use in answering similar requests.

 

Yours sincerely

 

Gerry Barry
Information Governance and Compliance Manager
01296 744442 / 07920 710637

Buckinghamshire Fire & Rescue Service, Brigade Headquarters, Stocklake,
Aylesbury, Buckinghamshire, HP20 1BD.
BFRS main enquiry line: 01296 744400
Please visit our website at [3]www.bucksfire.gov.uk

Our vision is to make Buckinghamshire and Milton Keynes the safest areas
in England in which to live, work and travel.
Please consider the environment - do you really need to print this email?

This message has been scanned for malware by Forcepoint. [4]www.forcepoint.com

References

Visible links
1. https://www.ncsc.gov.uk/blog-post/ncsc-c...
2. http://www.bucksfire.gov.uk/
3. http://www.bucksfire.gov.uk/
4. http://www.forcepoint.com/