Policies

The request was partially successful.

Dear Kent Fire and Rescue Service,
) please can you send me a copy of the current subject access request
acknowledgment AND response letter that you use
2) a copy of the last 5 dpias completed
3) a copy of any internal mandatory information governance training that
you give to staff which was written in the last 2 years including
presentation slides and videos and any other media
4) a copy of any instructions given to staff members to reduce data
security breaches, for example double checking work
5) a copy of any policies implemented in the last 2 years within the
organisation to help reduce the environmental impact that the organisation
has?
6) please can I have a copy of the risk rating that you use to evaluate data security incidents?

Yours faithfully,

Paul knight

Information Officer, Kent Fire and Rescue Service

Dear Mr Knight,

Thank you for your request made under the Freedom of Information Act 2000. We will respond to your request within 20 working days (03/02/2020).

Privacy statement

Please be aware that in order to assist you and process your request, Kent and Medway Fire and Rescue Authority will need to collect and store some of your personal data. For further information about this please refer to our privacy statement and privacy notices.

https://www.kent.fire-uk.org/hidden/priv...

Kind regards

Tom

Tom Edwards GIFireE | Kent Fire & Rescue Service | T: 01622 692121 x6579 | Policy Officer | Business Intelligence | www.kent.fire-uk.org

show quoted sections

Information Officer, Kent Fire and Rescue Service

4 Attachments

Dear Mr Knight,

In response to your request made under the Freedom of Information Act 2000, I have answered each of your questions in turn.

1) please can you send me a copy of the current subject access request acknowledgment AND response letter that you use

A copy of the Subject Access Request Acknowledgment is included in the PDF file attached titled "SAR acknowledgement".
Response letters are individually written relating to the nature of the request therefore we do not hold a "standard" response.

2) a copy of the last 5 dpias completed

I have included redacted copies of the two DPIAs that have been completed by Kent Fire & Rescue Service (KFRS). They are attached named DPIA and DPIA 2. This is in line with the ICO guidance on publishing DPIAs.

3) a copy of any internal mandatory information governance training that you give to staff which was written in the last 2 years including presentation slides and videos and any other media

Information Governance Training was mandatory for all staff and was delivered at the end of 2018. This e-learning package was provided by Kent County Council (KCC) and the package is not owned by KFRS, therefore please direct any request regarding this package to KCC.

4) a copy of any instructions given to staff members to reduce data security breaches, for example double checking work

Please see attached PDF titled "Information Security and Data Protection". This is taken from material distributed to staff on the KFRS intranet.

5) a copy of any policies implemented in the last 2 years within the organisation to help reduce the environmental impact that the organisation has?

Environmental impact is covered by two publically available documents therefore this part of the request is refused under Section 21 of the Freedom of Information Act (information already reasonably accessible). These documents are available here: Customer and Corporate Plan https://www.kent.fire-uk.org/about-us/pl... and Asset Strategy https://www.kent.fire-uk.org/EasysiteWeb...

6) please can I have a copy of the risk rating that you use to evaluate data security incidents?

This is based on an assessment of the following points:
Whether there has been a breach of the organisation's policies, procedures and or processes
A breach of GDPR by the organisation
The volume of personal data lost
The sensitivity of the data lost, compromised and or unlawfully corrupted.

This assessment then informs the actions to be taken

If you are unhappy with the way we have handled your request, you may ask for an internal review. Information about our review process is available via the following link on our website.

http://www.kent.fire-uk.org/contact-us/f...

If you are not content with the outcome of the internal review, you have the right to apply directly to the Information Commissioner for a decision. The Information Commissioner can be contacted at: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Kind regards

Tom

Tom Edwards GIFireE | Kent Fire & Rescue Service | T: 01622 692121 x6579 | Policy Officer | Business Intelligence | www.kent.fire-uk.org

show quoted sections