Publication - FOI/EIR release
Data security incidents reported to Data Protection and Information Assets team: FOI review
- Published
- 8 January 2019
- Directorate
- Digital Directorate
- Topic
- Public sector
Information request and response under the Freedom of Information (Scotland) Act 2002.
FOI reference: FOI/18/02715/Review
Date received: 25 October 2018
Date responded: 22 November 2018
Date received: 25 October 2018
Date responded: 22 November 2018
Information requested
Thank you for your request of 25 October 2018 for a review of our response to your request under the Freedom of Information (Scotland) Act 2002 (FOISA) for: Further details of the 18 data security incidents internally reported to the SG Data Protection and Information Assets team in 2017-18, mentioned on p.29 of the Consolidated Accounts: https://www.gov.scot/Resource/0054/00540845.pdf
Response
I have been asked by Director of Digital to carry out the review because I was not involved in handling your original request. I have looked at the case afresh to establish whether the original response should be confirmed, with or without modifications as appropriate, or a fresh decision should be substituted.
I have concluded that there is more information available than was provided to you and I note that you have asked for the ‘maximum’ amount of information available to be provided. I have balanced this with the requirement under FOISA to consider the rights of data subjects under the GDPR. Those involved in an incident have an expectation that their details will not be further exposed beyond the purposes of incident management. Redacting these details would be a manual process and will present a further risk to the individuals concerned.
I do however believe that more information can be made available safely on the narrative of the incident, number of persons affected and the response. The attached tables provide that richer information set.
I have concluded that there is more information available than was provided to you and I note that you have asked for the ‘maximum’ amount of information available to be provided. I have balanced this with the requirement under FOISA to consider the rights of data subjects under the GDPR. Those involved in an incident have an expectation that their details will not be further exposed beyond the purposes of incident management. Redacting these details would be a manual process and will present a further risk to the individuals concerned.
I do however believe that more information can be made available safely on the narrative of the incident, number of persons affected and the response. The attached tables provide that richer information set.
About FOI
The Scottish Government is committed to publishing all information released in response to Freedom of Information requests. View all FOI responses at http://www.gov.scot/foi-responses
foi-18-02715-review Information released
- File type
- 6 page PDF
- File size
- 249.1 kB
Contact
Please quote the FOI reference
Central Enquiry Unit
Email: ceu@gov.scot
Phone: 0300 244 4000
The Scottish Government
St Andrew's House
Regent Road
Edinburgh
EH1 3DG
There is a problem
Thanks for your feedback