This is an HTML version of an attachment to the Freedom of Information request 'When did EIBSS make the Request to Russel-Cooke'.


 
 
 
 
 
 
 
Information Governance 
Stella House, Goldcrest Way 
 
Newburn Riverside 
 
Newcastle Upon Tyne 
S Carroll  
NE15 8NY 
 
 
xxxxxxxxxxxxxxxxxxxxxxx@xxxxxxxxxxxxxx.xxx  
Email: xxxxxx.xxxxxxxxxxx@xxx.xxx 
 
Website: www.nhsbsa.nhs.uk 
 
 
Date: 17 August 2021 
 
Ref: 15955 
 
Dear S Carroll 
 
Subject: Freedom of information request 

 
I am writing to confirm that I have now completed my search for the information which you 
requested on 20 July 2021 as outlined below: 
 
Dear NHS Business Services Authority, I writing to request under the Freedom of 
Information Act 2000 to Request the following information fro EIBSS. Can you please 
provided the commutation (whether by letter or email) between EIBSS & Russell-Cooke for 
the data matching exercise undertaken in regards to the parity announcement of the 25th 
of March. When was the request made by EIBSS (for the 200 files needed to complete the 
parity exercise) to Russel-Cooke? 
 
Response 
 
A copy of the information is attached with some information redacted as follows. 
 
Please be aware that I have decided not to release full details of all staff as this 
information falls under the exemption in Section 40 subsections 2 and 3(A)(a) of the 
Freedom of Information Act.  
 
This is because it would breach the first data protection principle as: 
a)  It is not fair to disclose these people’s personal details to the world and is likely to 
cause damage or distress to staff 
b)  These details are not of sufficient interest to the public to warrant an intrusion into 
the privacy of those staff. 
 
Annex A at the end of this letter sets out the exemption in full. 
 
Data Queries 
 
If you have any queries regarding the data provided, or if you plan on publishing, or 
producing a press article based upon the data please contact xxxxxx.xxxx@xxx.xxx 
 
 

 
 
ensuring you quote the above reference. This is important to ensure that the figures are 
not misunderstood or misrepresented. 
 
The information supplied to you continues to be protected by the Copyright, Designs and 
Patents Act 1988 and is subject to NHSBSA copyright. This information is licenced under 
the terms of the Open Government Licence detailed at: 
http://www.nationalarchives.gov.uk/doc/open-government-licence/version/3/ 
 
Should you wish to re-use the information you must include the following statement: 
“EIBSS, NHSBSA Copyright 2021” This information is licenced under the terms of the 
Open Government Licence: 
 
http://www.nationalarchives.gov.uk/doc/open-government-licence/version/3/ 
 
Failure to do so is a breach of the terms of the licence. 
 
Information you receive which is not subject to NHSBSA Copyright continues to be 
protected by the copyright of the person, or organisation, from which the information 
originated.  Please obtain their permission before reproducing any third party (non 
NHSBSA Copyright) information. 
 
If you are unhappy with the service you have received in relation to your request and wish 
to make a complaint or request a review of my decision, please write within 40 working 
days of the date of this letter to:  
 
Chris Gooday 
Information Governance Manager 
NHS Business Services Authority 
Stella House 
Goldcrest Way 
Newburn Riverside Business Park 
Newcastle upon Tyne 
NE15 8NY  
 
Details of how we wil  handle your review request are available on our website at: 
 
https://bit.ly/2Sjdk2H 
 
If you are not content with the outcome of your complaint, you may apply directly to the 
Information Commissioner’s Office (ICO) for a decision.  Please note that generally, the 
ICO cannot make a decision unless you have exhausted the NHS Business Services 
Authority’s complaints procedure. 
 
The Information Commissioner can be contacted at:- 
 
Information Commissioner’s Office 
Wycliffe House 
Water Lane 
Wilmslow 
Cheshire 
SK9 5AF 
xxxxxxxxxxx@xxx.xxx.xx 
 


 
 
https://ico.org.uk/global/contact-us/email 
 
If you have any queries about this letter, please contact me.  Please quote the reference 
number above in any future. 
 
Yours sincerely 
 
 
 
Chris Dunn 
Information Governance Specialist 
 

 
 
Annex A 
 
Section 40 - Personal information 
 
(1) Any information to which a request for information relates is exempt information if it 
constitutes personal data of which the applicant is the data subject. 
  
 (2) Any information to which a request for information relates is also exempt information 
if - 
 
 
a. 
it constitutes personal data which does not fall within subsection (1), and  
 
b. 
the first, second or third condition below is satisfied. 
 
(3A) 
 
The first condition is that the disclosure of the information to a member of the public 
otherwise than under this Act— 
  (a) would contravene any of the data protection principles, or 
  (b) would do so if the exemptions in section 24(1) of the Data Protection Act 2018 
(manual unstructured data held by public authorities) were disregarded. 
 
(3B) The second condition is that the disclosure of the information to a member of the 
public otherwise than under this Act would contravene Article 21 of the GDPR (general 
processing: right to object to processing). 
 
(4A) The third condition is that— 
  (a) on a request under Article 15(1) of the GDPR (general processing: right of access 
by the data subject) for access to personal data, the information would be 
withheld in reliance on provision made by or under section 15, 16 or 26 of, or 
Schedule 2, 3 or 4 to, the Data Protection Act 2018, or 
(b) on a request under section 45(1)(b) of that Act (law enforcement processing: right 
of access by the data subject), the information would be withheld in reliance on 
subsection (4) of that section. 
 
(5A) The duty to confirm or deny does not arise in relation to information which is (or if it 
were held by the public authority would be) exempt information by virtue of subsection 
(1). 
 
(5B) The duty to confirm or deny does not arise in relation to other information if or to 
the extent that any of the following applies— 
 
(a) giving a member of the public the confirmation or denial that would have to be given 
to comply with section 1(1)(a)— 
(i) would (apart from this Act) contravene any of the data protection principles, or 
 
(ii) would do so if the exemptions in section 24(1) of the Data Protection Act 2018 
(manual unstructured data held by public authorities) were disregarded; 
 
(b) giving a member of the public the confirmation or denial that would have to be given 
to comply with section 1(1)(a) would (apart from this Act) contravene Article 21 of the 
GDPR (general processing: right to object to processing); 
 

 
 
 
(c) on a request under Article 15(1) of the GDPR (general processing: right of access by 
the data subject) for confirmation of whether personal data is being processed, the 
information would be withheld in reliance on a provision listed in subsection (4A)(a); 
 
(d) on a request under section 45(1)(a) of the Data Protection Act 2018 (law 
enforcement processing: right of access by the data subject), the information would be 
withheld in reliance on subsection (4) of that section 
 
(6) In this section— 

“the data protection principles” means the principles set out in— 
(a) Article 5(1) of the GDPR, and  
 
(b) section 34(1) of the Data Protection Act 2018; 
“data subject” has the same meaning as in the Data Protection Act 2018 (see section 3 
of that Act);  
 
“the GDPR”, “personal data”, “processing” and references to a provision of Chapter 2 of 
Part 2 of the Data Protection Act 2018 have the same meaning as in Parts 5 to 7 of that 
Act (see section 3(2), (4), (10), (11) and (14) of that Act). 
 
(7) In determining for the purposes of this section whether the lawfulness principle in 
Article 5(1)(a) of the GDPR would be contravened by the disclosure of information, 
Article 6(1) of the GDPR (lawfulness) is to be read as if the second sub-paragraph 
(disapplying the legitimate interests gateway in relation to public authorities) were 
omitted.”