RE: FREEDOM OF INFORMATION ACT 2000 REQUEST
I am writing to confirm that the West Midlands Fire Service has now completed its search for the information you requested further to your freedom of information request.
Please find below a summary of our findings.
Can you please confirm if you are using the Microsoft Office 365 solution in your IT environment?
West Midlands Fire Service is using Microsoft Office 365
If so, how you currently back up your Office 365 data? If it is backed up please confirm which software or service solution you currently have in place.
As a major emergency service provider, you will appreciate that we must ensure that our systems are appropriately protected. Releasing detailed information about cyber-attacks upon our organisation in response to your request and other similar requests under Freedom of Information has wider implications that we must consider. By this we mean that disclosing this information may prejudice our ability to maintain our own and national security. We believe that maintaining security and ensuring public safety in a national and local context takes precedence over this request.
We accept that this type of information is of interest to commercial companies and to researchers but believe that it is not in the greater public good to release detailed information.
We do not imply that release of this information alone would necessarily be immediately detrimental, but taken with other information we consider that it could have an adverse effect on our capability, effectiveness and security. Given the current security climate in the UK we recognise the necessity to take a precautionary approach. In this situation we have also taken account of whether the release of this information, could, if put together with other available information, cause damage. After consideration we concluded that this type of information cannot be divorced from its context and looked at in isolation. In some circumstances, releasing this information could give rise to prejudice that would not otherwise have existed, because, taken together with other information requested, it could disclose a composite of information which is more sensitive than its individual parts taken separately.
We are therefore refusing your request under Freedom of Information exemptions, s24 National Security, s44 Prohibition on Disclosure.
In taking this decision we have taken note of the Centre for Protecting the National Infrastructure Guidance on disclosure of sensitive information, which states
“…. that national security is paramount and should be considered carefully in any government or commercial decision to release or disseminate information to the public”.
This guidance continues to state that careful consideration must be given before disclosing ‘precise information which exposes an organisation’s information or process control systems to the threat of electronic attack’.
Some of these exemptions are subject to the public interest test. This means that we must consider whether the public interest in releasing the information outweighs the public interest in refusing to disclose. We have considered that it is in the interest of the majority of the public to protect our systems from potential harm, in order to support us to ensure public safety. We have also decided that the likelihood of damage to our systems need not be immediate as the impact would, in an emergency situation, be potentially serious.
We also considered whether release of this information is in the public interest in terms of explaining our decisions, ensuring accountability, or providing transparency into our handling of public finances. We have concluded that the detail of this information is not necessary to meet the public interest or reassure public concerns. As a result, we have decided that the public interest is better served by not disclosing this detailed information.”
If a system or service is in place to backup West Midlands Fire Service’s Office 365 environment can you confirm the retention period the data is stored for?
West Midlands Fire Service currently retention period for Office 365 environment is 13 months
Who in West Midlands Fire Service is responsible for the protection of your critical data?
With regards for the details of the person responsible for protection of your critical data, West Midlands Fire Service operates a single point of contact policy.
The person responsible can be contacted at the following address firstname.lastname@example.org . The number for general enquiries is 0845 5000 900.
Furthermore, guidance from the Information Commissioner’s Office is as follows:
* The presumption is in favour of protecting privacy, so the release of personal information will only be fair if there is a genuine reason to disclose. This involves a three-stage test. A public authority will generally have to satisfy itself that:
* There is a legitimate interest in disclosure;
* The legitimate interest can only be met, or fully met, by the disclosure of information which identifies individuals (i.e. the disclosure is necessary to that purpose); and, the disclosure would not involve unwarranted detriment to the individual’s privacy or other rights and legitimate interests.
* You can find out more about FOI exemptions from the Information Commissioner’s Office. This will explain which one or more of the FOI exemptions applies, and tell you how to appeal if you disagree with our decision
If you have any queries about this Freedom of Information request, please contact us. Please remember to quote the reference number above in any future communications.
For service complaints, issues or comments regarding this request please contact The Public Relations Department, West Midlands Fire Service, 99 Vauxhall Road, Birmingham, B7 4HW
Further information concerning Freedom of Information requests can be found on the Information Commissioner website at either the following link: https://ico.org.uk/ or at Wycliffe House, Water Lane, Wilmslow, SK9 5AF.