Data and Cyber Security (375/18)

Request

I am writing to you under the Freedom of Information Act to request information regarding data and cybersecurity incidents in the calendar year 2017 affecting information owned, processed or generated by your police force.

[1] Please may you provide me with the number of data breaches that occurred of your organisation’s owned, processed or generated information in the calendar year 2017. [1.2] Please may you provide me with a list of details regarding these breaches (i.e. when they occurred, how they occurred, and what information was lost). [2] If your organisation differentiates between data breaches and data incidents, please may you provide me with the number of data incidents that occurred of its owned, processed or generated information in the calendar year 2017. [2.2] Please may you provide me with a list of details regarding these incidents (i.e. when they occurred, how they occurred, and what information was lost). [3] Please may you provide me with the number of cyber security incidents that occurred within your organisation in the calendar year 2017. [3.2] Please may you provide me with a list of details regarding these incidents (i.e. when they occurred, how they occurred, whether information was exposed, and how the incident was handled, if recorded as a crime by the force and/or whether the National Cyber Security Centre was informed).

Response

Please see our response attached.

REASONS FOR DECISION

The Freedom of Information Act places two responsibilities on public authorities, the first of which is to confirm what information it holds and secondly to then disclose that information, unless exemptions apply.

In this case, this letter represents a Refusal Notice for question 1.2. This information is exempt by virtue of the following exemptions:

Section 30(1) (a) Investigations

Section 31(1) (g) by virtue of 2(b)) information held for specified purposes

West Midlands Police will neither confirm nor deny that any information is held with respect to question 3 and 3.2 by virtue of:

Section 23(5) Information supplied by or concerning certain Security Bodies

Section 24(2) National Security

Section 30(3) Investigations

Section 31(3) Law Enforcement

These exemptions and explanatory notes are shown here:

https://www.app.college.police.uk/app-content/information-management/freedom-of-information/#freedom-of-information-exemptions

Section 23 is a class based absolute exemption and there is no requirement to consider the public interest in this case.

In line with the above, I am required to complete a Prejudice Test/Public Interest Test (PIT) on disclosure for the other exemptions. Please find this PIT attached.

Attachments

375_ATTACHMENT_01  375_PIT_01

Bookmark the permalink.

Comments are closed