Service providers and PII

Gabby Dunne made this Freedom of Information request to Glasgow City Council

This request has been closed to new correspondence from the public body. Contact us if you think it ought be re-opened.

The request was successful.

Dear Glasgow City Council,

1. Do you use an external IT service provider/Managed Service Provider (MSP)?
- Yes
- No

2. Does your provider/MSP serve as a processor of your Personally Identifiable Information (PII)?
- Yes
- No

If No, thank you for your time.
If Yes, please see below:

3. Does your contract/Service Level Agreement (SLA) with the provider(s) have clear provisions for the allocation of responsibilities in the event of a data breach?
- Yes
- No

4. Have you revisited your original contract(s) to ensure compliance with the General Data Protection Regulation (GDPR)?
- Yes
- No

5. Does the contract/SLA define the time frame in which a security breach at the provider must be reported to you?
- Yes
- No

6. Do you have policies in place for privileged account management?
- Yes
- No

7. Has your service provider/MSP suffered a data breach involving your organisation’s PII in the last 12 months?
- Yes
- No

8. If yes, how long did it take for them to notify you?
- <30 minutes
- 31 mins – 1 day
- 1 – 2 days
- 2 – 3 days
- More than 3 days

Thank you for your time.

Yours faithfully,

Gabby Dunne

Customer Care Centre, Glasgow City Council

New Service Request was submitted: RQST00006670714
You can simply reply to this Email, and your reply
will automatically be associated with this Service Request

show quoted sections

FOI_CCT, Glasgow City Council

1 Attachment


Dear Ms Dunne


Thank you for your email received on 16 July 2018 requesting information
under the Freedom of Information (Scotland) Act 2002.


Please find attached your response.


Yours sincerely




Information and Data Protection Team

Chief Executive’s Department









Glasgow - UK Council of the Year 2015
This email is from Glasgow City Council or one of its Arm’s Length
Organisations (ALEOs). Views expressed in this message do not necessarily
reflect those of the council, or ALEO, who will not necessarily be bound
by its contents. If you are not the intended recipient of this email (and
any attachment), please inform the sender by return email and destroy all
copies. Unauthorised access, use, disclosure, storage or copying is not
permitted. Please be aware that communication by internet email is not
secure as messages can be intercepted and read by someone else. Therefore,
we strongly advise you not to email any information, which if disclosed to
someone else, would be likely to cause you distress. If you have an
enquiry of this nature then please write to us using the postal system. If
you chose to email this information to us there can be no guarantee of
privacy. Any email including its content may be monitored and used by the
council, or ALEO, for reasons of security and for monitoring internal
compliance with the office policy on staff use. Email monitoring or
blocking software may also be used. Please be aware that you have a
responsibility to make sure that any email you write or forward is within
the bounds of the law. Glasgow City Council, or ALEOs, cannot guarantee
that this message or any attachment is virus free or has not been
intercepted and amended. You should perform your own virus checks.

For further information and to view the council’s Privacy Statement(s),
please click on link below:




Visible links