Reference 2016-268

REF:            2016-268

Subject:        Data Protection Incidents

          

 

Request:

I am writing under the Freedom of Information Act 2000 to request details of breaches of the Data Protection Act within in your organisation; specifically I am asking for:

1a.          Approximately how many members of staff do you have?

1b.          Approximately how many contractors have routine access to your information?

(see xxxxxx.com for clarification of contractors if needed)

2a.          Do you have an information security incident/event reporting policy/guidance/management document(s) that includes categorisation/classification of such incidents?

2b.          Can you provide me with the information or document(s) referred to in 2a? (This can be an email attachment of the document(s), a link to the document(s) on your publicly facing web site or a ‘cut and paste’ of the relevant section of these document(s)

3a.          Do you know how many data protection incidents your organisation has had since April 2011? (Incidents reported to the Information Commissioners Office (ICO) as a Data Protection Act (DPA) breach)

Answer:               Yes, No, Only since (date):

3b.          How many breaches occurred for each Financial Year the figures are available for?

Answer FY11-12:   FY12-13:   FY13-14:  FY14-15:

4a.          Do you know how many other information security incidents your organisation has had since April 2011? (A breach resulting in the loss of organisational information other than an incident reported to the ICO, eg compromise of sensitive contracts or encryption by malware.  )

Answer:               Yes, No, Only since (date):

4b.          How many incidents occurred for each Financial Year the figures are available for?

Answer FY11-12:   FY12-13:   FY13-14:  FY14-15:

5a.          Do you know how many information security events/anomaly your organisation has had since April 2011? (Events where information loss did not occur but resources were assigned to investigate or recover, eg nuisance malware or locating misfiled documents.)

Answer:               Yes, No, Only since (date):

5b.          How many events occurred for each Financial Year the figures are available for?

Answer FY11-12:   FY12-13:   FY13-14:  FY14-15:

6a.          Do you know how many information security near misses your organisation has had since April 2011? (Problems reported to the information security teams that indicate a possible technical, administrative or procedural issue.)

Answer:               Yes, No, Only since (date):

6b.          How many near-misses occurred for each Financial Year the figures are available for?

Answer FY11-12:   FY12-13:   FY13-14:  FY14-15:

 

 

 Response

Please find information attached.

2016-268 – FOI request – Data Protection Incidents [95 kb] PDF

ITsecurity policy 5 1 [347 kb] PDF

Incident Reporting Policy July 2015 (1) [1 MB] PDF

 

Visitor restrictions

To protect you and our staff during the current outbreak of Covid-19 we’ve put in place significant restrictions on hospital visitors.

Full details of these can be found on our website.

We would like to thank you for your understanding and helping us stop the spread of Covid-19.

Read More

Stay Home. Protect the NHS. Save Lives.

Close