Case Number 4771
Request Date 15/05/2016
Completion Date 06/06/2016

 

Details of the Request

I am writing under the Freedom of Information Act 2000 to request details of breaches of the Data Protection Act within in your organisation; specifically I am asking for:

1a. Approximately how many members of staff do you have?

1b. Approximately how many contractors have routine access to your information?

 

2a. Do you have an information security incident/event reporting policy/guidance/management document(s) that includes categorisation/classification of such incidents?

2b. Can you provide me with the information or document(s) referred to in 2a? (This can be an email attachment of the document(s), a link to the document(s) on your publicly facing web site or a 'cut and paste' of the relevant section of these document(s))

 

3a. Do you know how many data protection incidents your organisation has had since April 2011? (Incidents reported to the Information Commissioners Office (ICO) as a Data Protection Act (DPA) breach) Answer: Yes, No, Only since (date):

3b. How many breaches occurred for each Financial Year the figures are available for? Answer FY11-12: FY12-13: FY13-14: FY14-15:

 

4a. Do you know how many other information security incidents your organisation has had since April 2011? (A breach resulting in the loss of organisational information other than an incident reported to the ICO, eg compromise of sensitive contracts or encryption by malware. ) Answer: Yes, No, Only since (date):

4b. How many incidents occurred for each Financial Year the figures are available for? Answer FY11-12: FY12-13: FY13-14: FY14-15:

 

5a. Do you know how many information security events/anomaly your organisation has had since April 2011? (Events where information loss did not occur but resources were assigned to investigate or recover, eg nuisance malware or locating misfiled documents.) Answer: Yes, No, Only since (date):

5b. How many events occurred for each Financial Year the figures are available for? Answer FY11-12: FY12-13: FY13-14: FY14-15:

 

6a. Do you know how many information security near misses your organisation has had since April 2011? (Problems reported to the information security teams that indicate a possible technical, administrative or procedural issue.) Answer: Yes, No, Only since (date):

6b. How many near-misses occurred for each Financial Year the figures are available for? Answer FY11-12: FY12-13: FY13-14: FY14-15:

 

Details of the Response

1a. Approximately how many members of staff do you have?

Approximately 3700

 

1b. Approximately how many contractors have routine access to your information?

The Trust does not hold this data.

 

2a. Do you have an information security incident/event reporting policy/guidance/management document(s) that includes categorisation/classification of such incidents?

Yes, the Trust has a Policy for the Reporting and Management of Incidents (Including the Investigation of Serious Incidents Requiring Investigations - Clinical/Non Clinical).

 

2b. Can you provide me with the information or document(s) referred to in 2a? (This can be an email attachment of the document(s), a link to the document(s) on your publicly facing web site or a 'cut and paste' of the relevant section of these document(s))

Policy was sent to the requester.

 

3a. Do you know how many data protection incidents your organisation has had since April 2011? (Incidents reported to the Information Commissioners Office (ICO) as a Data Protection Act (DPA) breach)

Yes. Please bear in mind that as of 7th November 2014 the Health & Social Care Information Centre (HSCIC) changed the assessment & scoring requirements.

 

3b. How many breaches occurred for each Financial Year the figures are available for?

  • FY11-12: 0
  • FY12-13: 0
  • FY13-14: 2
  • FY14-15: 1

 

4a. Do you know how many other information security incidents your organisation has had since April 2011? (A breach resulting in the loss of organisational information other than an incident reported to the ICO, eg compromise of sensitive contracts or encryption by malware. )

YES

 

4b. How many incidents occurred for each Financial Year the figures are available for?

  • FY11-12: 0
  • FY12-13: 0
  • FY13-14: 0
  • FY14-15: 0

 

5a. Do you know how many information security events/anomaly your organisation has had since April 2011? (Events where information loss did not occur but resources were assigned to investigate or recover, eg nuisance malware or locating misfiled documents.)

YES

 

5b. How many events occurred for each Financial Year the figures are available for?

  • FY11-12: 0
  • FY12-13: 0
  • FY13-14: 0
  • FY14-15: 0

 

6a. Do you know how many information security near misses your organisation has had since April 2011? (Problems reported to the information security teams that indicate a possible technical, administrative or procedural issue.)

YES

 

6b. How many near-misses occurred for each Financial Year the figures are available for?

  • FY11-12: 0
  • FY12-13: 0
  • FY13-14: 0
  • FY14-15: 0