You asked
I am writing under the Freedom of Information Act 2000 to request details of breaches of the Data Protection Act within in your organisation; specifically I am asking for:
1a. Approximately how many members of staff do you have?
1b. Approximately how many contractors have routine access to your information?
2a. Do you have an information security incident/event reporting policy/guidance/management document(s) that includes categorisation/classification of such incidents?
2b. Can you provide me with a copy of the latest version of these document(s)? (This can be an email attachment or a link to the document on your publicly facing web site)
3a. Do you know how many data protection incidents your organisation has had since April 2011? (Incidents reported to the Information Commissioners Office (ICO) as a Data Protection Act (DPA) breach)
3b. How many breaches occurred for each Financial Year the figures are available for? FY11-12: FY12-13: FY13-14: FY14-15
4a. Do you know how many other information security incidents your organisation has had since April 2011? (A breach resulting in the loss of organisational information other than an incident reported to the ICO, eg compromise of sensitive contracts or encryption by malware.)
4b. How many incidents occurred for each Financial Year the figures are available for? FY11-12: FY12-13: FY13-14: FY14-15
5a. Do you know how many information security events/anomaly your organisation has had since April 2011? (Events where information loss did not occur but resources were assigned to investigate or recover, eg nuisance malware or locating misfiled documents.)
5b. How many events occurred for each Financial Year the figures are available for? FY11-12: FY12-13: FY13-14: FY14-15
6a. Do you know how many information security near misses your organisation has had since April 2011? (Problems reported to the information security teams that indicate a possible technical, administrative or procedural issue.)
6b. How many near-misses occurred for each Financial Year the figures are available for? FY11-12: FY12-13: FY13-14: FY14-15
We said
1a. Staff numbers can be found in table 3.2 of the UK Statistics Authority Annual Report and Accounts 2014/15. Calculating the figure from an average number of staff on the payroll each month, the total staff number is 3,161, with 3,010 of these being permanently employed staff.
1b. In the 2014/15 period, using the same methodology, there were on average 151 employees that were not permanently employed staff.
2a. Yes
2b. See attached
3a. 0
3b. 0
4a. 0
4b. 0
5a. Yes
5b.
2011/12
Laptop losses - 7 Mobile phone losses - 14 USB memory stick losses three - 3 Remote access VPN token reported losses - 13
2012/13
Reported Laptop losses - 5 Mobile phone losses - 19 USB memory stick (Ironkey) losses - 4 Remote access VPN token reported losses - 15 2 losses of IPS Field Force Supervisors Digital Pen Mobile phones
2013/14
Reported Laptop losses - 3 Mobile phone losses - 21 USB memory stick (Ironkey) losses - 4 Remote access VPN token reported losses - 26 2 losses of Laptop Projectors, 2 3G WiFi Dongles and 1 Mobile Sim Card
2014/15
Reported Laptop losses five - 5 Including a single laptop charger - 1 Mobile phone losses - 20 USB memory stick (Ironkey) losses - 7 Remote access VPN token reported losses - 31 1 loss of a Laptop Projector, 2 ONS Blackberrys and 1 Mobile Sim Card
6a. No
6b. N/A
Lawrlwyth cysylltiol ar cais
- Security incident reporting policy - redacted (58.7 kB pdf)