We recently seen a Freedom of Information (FOI) request on the site WhatDoTheyKnow which asked Fife Council what security measures they have in place (or intend to put in place) to prevent data either being lost or malicious programs extracting personal information. The reply the person received was a list of security guidelines that all Fife Council employees have to abide by.

Unfortunately, the guidelines weren’t made available, as the person making the FOI request, didn’t ask for the documentation as well. We decided to take the FOI request further and submit our own request, asking for the following documentation;

  • Information Security Policy
  • Data Protection Policy
  • Password Management Policy
  • Information Security Incident Management Policy
  • Protective Marking Policy
  • E-mail, Phone & Internet Guidelines
  • Mobile Electronic Computing Devices & Removable Storage Media Policy

We also asked the following questions;

  1. How many data losses were Fife Council responsible for during the year 2010?
  2. How many data losses were Fife Council responsible for during the year 2011 (from Jan 1st to 2nd of May)?
  3. Has Fife Council ever been reported to the Information Commissioner for loss of data, or any other breaches to the Data Protection Act?
    Please provide details of the loss/breach.
  4. How many complaints has Fife Council received from individuals for the loss of their personal data in the year 2010?
  5. How many complaints has Fife Council received from individuals for the loss of their personal data in the year 2011 (from Jan 1st to 2nd of May)?

When we received a reply to our FOI request, we were quite surprised with the results. We were expecting Fife Council to be one of the many local authorities to have lost massive personal data, as public authorities/organisations have a bad track record of keeping personal data secure, as reported by various media outlets.

FOI – Q&A

How many data losses were Fife Council responsible for during the year 2010?
We only have data for the period June to December 2010 – during this time we had 4 data losses – none of these had a significant impact on either customers or fife Council.

How many data losses were Fife Council responsible for during the year 2011 (from Jan 1st to 2nd of May)?
During this period we have had no data losses.

Has Fife Council ever been reported to the Information Commissioner for loss of data, or any other breaches to the Data Protection Act? Please provide details of the loss/breach.
One customer made a complaint to the ICO regarding a perceived data breach. Following an investigation the ICO found that Fife Council was not in breach of the Data Protection Act 1998. The perceived breach involved an email relating to a property issue.

How many complaints has Fife Council received from individuals for the loss of their personal data in the year 2010?
Other than the one mentioned above we are not aware of any complaints.

How many complaints has Fife Council received from individuals for the loss of their personal data in the year 2011 (from Jan 1st to 2nd of May)?
None.

While no data loss is acceptable, the fact that Fife Council has only had 4 data losses, within a yearly period, is a really good sign that Fife Council takes their security seriously when protecting user data. Especially when you take into consideration the fact that Fife has a population of just under 360,000.

We also had a look at the policies we were provided through the FOI request, which you can access or download at: WhatDoTheyKnow.

The documents are very in-depth, but show forward thinking, when it comes to protecting user data, and also how staff should deal with keeping personal data secure through best practise guides for staff passwords, limiting usage of mobile technologies, and restricting access to the internet on certain systems, etc.

While we can be critical of Fife Council on certain issues, data privacy and system security, is an area where Fife Council seem to be progressing in a positive manner.

Load More Related Articles
Load More By Loch of Shining Waters
Load More In Public Services

Leave a Reply

All fields are optional. You do not have to use your real name, pseudonyms are accepted.

Check Also

Mossmorran Action Group concerned that roundtable event is politically partisan

A local community group representing residents adversely impacted by the operations of Mos…