Data Protection Breaches (6235_16)

Request

Thank you for your response. I am content with the approach that you have outlined.

1a. Approximately how many members of staff do you have?
1b. Approximately how many contractors have routine access to your information?
(see HYPERLINK “http://www.suresite.net/foi.php” www.suresite.net/foi.php for clarification of contractors if

I am looking to establish who has access to your organisations information on a regular basis other than your directly employed staff. If all your information is held on computer systems, then an employee of a third party contractor with a user account on your computer system would be included. It is more of the long term consultants/contractors/third parties who are contributing to your business output that I am looking to capture.
I recognise the transient nature of these people and that any figure in this area is a best guess, hence the request for an approximation. The number of user accounts on a computer system does tend to align with my question of who has regular access, unless you are still heavily dependent on hard copy documents.
needed)

2a. Do you have an information security incident/event reporting policy/guidance/management document(s) that includes categorisation/classification of such incidents?
2b. Can you provide me with the information or document(s) referred to in 2a? (This can be an email attachment of the document(s), a link to the document(s) on your publicly facing web site or a ‘cut and paste’ of the relevant section of these document(s))

3a. Do you know how many data protection incidents your organisation has had since April 2011? (Incidents reported to the Information Commissioners Office (ICO) as a Data Protection Act (DPA) breach)
Answer: Yes, No, Only since (date):

3b. How many breaches occurred for each Financial Year the figures are available for?

4a. Do you know how many other information security incidents your organisation has had since January 2015? (A breach resulting in the loss of organisational information other than an incident reported to the ICO, eg compromise of sensitive contracts or encryption by malware. )
Answer: Yes, No, Only since (date):

4b. How many incidents occurred for each Financial Year the figures are available for?

5a. Do you know how many information security events/anomaly your organisation has had since January 2015? (Events where information loss did not occur but resources were assigned to investigate or recover, eg nuisance malware or locating misfiled documents.)
Answer: Yes, No, Only since (date):

5b. Since January 2015 how many events occurred for each Financial Year the figures are available for?

6a. Do you know how many information security near misses your organisation has had since January 2015? (Problems reported to the information security teams that indicate a possible technical, administrative or procedural issue.)
Answer: Yes, No, Only since (date):

6b. Since January 2015 how many near-misses occurred for each Financial Year the figures are available for?

Response

Please find attached our response.

Every effort is made to ensure that the figures presented are accurate and complete. However, it is important to note that these data have been extracted from a number of data sources used by forces for police purposes. The detail collected to respond specifically to your request is subject to the inaccuracies inherent in any large scale recording system. As a consequence, care should be taken to ensure data collection processes and their inevitable limitations are taken into account when interpreting those data.

The figures provided therefore are our best interpretation of relevance of data to your request, but you should be aware that the collation of figures for ad hoc requests may have limitations and this should be taken into account when those data are used.

If you decide to write an article / use the enclosed data we would ask you to take into consideration the factors highlighted in this document so as to not mislead members of the public or official bodies, or misrepresent the relevance of the whole or any part of this disclosed material.

Attachments

6235_attachment_ 01

Bookmark the permalink.

Comments are closed