fbpx

20031 – ICT – O365 use

Ref: FOI/20031

RE: FREEDOM OF INFORMATION ACT 2000 REQUEST

I am writing to confirm that the West Midlands Fire Service has now completed its search for the information you requested further to your freedom of information request.

Please find below a summary of our findings.

Request

Can you please confirm if you are using the Microsoft Office 365 solution in your IT environment?

Reply

West Midlands Fire Service is using Microsoft Office 365

Request

If so, how you currently back up your Office 365 data? If it is backed up please confirm which software or service solution you currently have in place.

Reply

As a major emergency service provider, you will appreciate that we must ensure that our systems are appropriately protected. Releasing detailed information about cyber-attacks upon our organisation in response to your request and other similar requests under Freedom of Information has wider implications that we must consider. By this we mean that disclosing this information may prejudice our ability to maintain our own and national security. We believe that maintaining security and ensuring public safety in a national and local context takes precedence over this request.

We accept that this type of information is of interest to commercial companies and to researchers but believe that it is not in the greater public good to release detailed information.

We do not imply that release of this information alone would necessarily be immediately detrimental, but taken with other information we consider that it could have an adverse effect on our capability, effectiveness and security. Given the current security climate in the UK we recognise the necessity to take a precautionary approach. In this situation we have also taken account of whether the release of this information, could, if put together with other available information, cause damage. After consideration we concluded that this type of information cannot be divorced from its context and looked at in isolation. In some circumstances, releasing this information could give rise to prejudice that would not otherwise have existed, because, taken together with other information requested, it could disclose a composite of information which is more sensitive than its individual parts taken separately.

We are therefore refusing your request under Freedom of Information exemptions, s24 National Security, s44 Prohibition on Disclosure.

In taking this decision we have taken note of the Centre for Protecting the National Infrastructure Guidance on disclosure of sensitive information, which states

“…. that national security is paramount and should be considered carefully in any government or commercial decision to release or disseminate information to the public”.

This guidance continues to state that careful consideration must be given before disclosing ‘precise information which exposes an organisation’s information or process control systems to the threat of electronic attack’.

Some of these exemptions are subject to the public interest test. This means that we must consider whether the public interest in releasing the information outweighs the public interest in refusing to disclose. We have considered that it is in the interest of the majority of the public to protect our systems from potential harm, in order to support us to ensure public safety. We have also decided that the likelihood of damage to our systems need not be immediate as the impact would, in an emergency situation, be potentially serious.

We also considered whether release of this information is in the public interest in terms of explaining our decisions, ensuring accountability, or providing transparency into our handling of public finances. We have concluded that the detail of this information is not necessary to meet the public interest or reassure public concerns. As a result, we have decided that the public interest is better served by not disclosing this detailed information.”

Request

If a system or service is in place to backup West Midlands Fire Service’s Office 365 environment can you confirm the retention period the data is stored for?

Reply

West Midlands Fire Service currently retention period for Office 365 environment is 13 months

Request

Who in West Midlands Fire Service is responsible for the protection of your critical data?

Reply

With regards for the details of the person responsible for protection of your critical data, West Midlands Fire Service operates a single point of contact policy.

The person responsible can be contacted at the following address contact@wmfs.net . The number for general enquiries is 0845 5000 900.

Furthermore, guidance from the Information Commissioner’s Office is as follows:

* The presumption is in favour of protecting privacy, so the release of personal information will only be fair if there is a genuine reason to disclose. This involves a three-stage test. A public authority will generally have to satisfy itself that:

* There is a legitimate interest in disclosure;

* The legitimate interest can only be met, or fully met, by the disclosure of information which identifies individuals (i.e. the disclosure is necessary to that purpose); and, the disclosure would not involve unwarranted detriment to the individual’s privacy or other rights and legitimate interests.

* You can find out more about FOI exemptions from the Information Commissioner’s Office. This will explain which one or more of the FOI exemptions applies, and tell you how to appeal if you disagree with our decision

If you have any queries about this Freedom of Information request, please contact us. Please remember to quote the reference number above in any future communications.

For service complaints, issues or comments regarding this request please contact The Public Relations Department, West Midlands Fire Service, 99 Vauxhall Road, Birmingham, B7 4HW

Further information concerning Freedom of Information requests can be found on the Information Commissioner website at either the following link: https://ico.org.uk/ or at Wycliffe House, Water Lane, Wilmslow, SK9 5AF.

20004 – Requests for Information

Ref: FOI/20004

RE: FREEDOM OF INFORMATION ACT 2000 REQUEST

I am writing to confirm that the West Midlands Fire Service has now completed its search for the information you requested further to your freedom of information request.

Please find below a summary of our findings.

Request

Please can you send me a copy of the current subject access request acknowledgment AND response letter that you use

Reply

Please see attached for current subject access request acknowledgement template, we do not have a template letter for response as each response is determined by the content therefore this information is exempt under section 1 of the Freedom of Information Act 2000 as we do not hold this information.

FOI20004-3
SAR template 1.0 Download

Request

A copy of the last 5 DPIAs completed

Reply

This information is exempt under section 21 of the Freedom of Information Act 2000 as this information is reasonably accessible to the requestor. DPIAs are published on our website and those currently published can be accessed at the following link: https://www.wmfs.net/foi-entry/19072/

Further DPIAs are exempt under Section 22 of the Freedom of Information Act 2000 – Information intended for future publication. Details will be published by West Midlands Fire Service on our website when they have been completed.

Request

A copy of any internal mandatory information governance training that you give to staff which was written in the last 2 years including presentation slides and videos and any other media

Reply

This information is exempt under section 1 of the Freedom of Information Act 2000 as we do not hold this information. West Midlands Fire Service mandatory information governance training has not been updated in the last 2 years, the training is due to be reviewed in the near future.

Request

A copy of any instructions given to staff members to reduce data security breaches, for example double checking work

Reply

West Midlands Fire Service Policy for the handling of all information is contained in our Management of Information Policy. Please see attached

FOI20004-1
Management of information 1.0 Download

Request

A copy of any policies implemented in the last 2 years within the organisation to help reduce the environmental impact that the organisation has?

Reply

West Midlands Fire Service Policy for reducing the environmental impact that the organisation has is contained in our Environmental and Sustainability Strategy document. Please see attached

FOI20004-2
Environmental and Sustainability Strategy 1.0 Download

Request

Please can I have a copy of the risk rating that you use to evaluate data security incidents?

Reply

West Midlands Fire service does not have a risk rating to evaluate data security incidents however it uses the following criteria to determine the risk level;

  • What type of data is involved?
  • How sensitive is it? E.g. Information of a personal nature?
  • What has happened to the data? E.g. Could information be misused?
  • what could the data tell a third party about the individual?
  • If data has been lost or stolen, are there any protections in place such as encryption?
  • Could the data breach affect any core functions of the organisation?
  • How many individuals’ personal data are affected by the breach?
  • Who are the individuals whose data has been breached? Whether they are staff, customers, clients or suppliers, for example, will to some extent determine the level of risk posed by the breach and, therefore, your actions in attempting to mitigate those risks
  • What harm can come to those individuals? Are there risks to physical safety or reputation, financial loss or a combination of these and other aspects of their life?
  • Are there wider consequences to consider such as a risk to public health or loss of public confidence in an important service we provide?

If you have any queries about this Freedom of Information request, please contact us. Please remember to quote the reference number above in any future communications.

For service complaints, issues or comments regarding this request please contact The Public Relations Department, West Midlands Fire Service, 99 Vauxhall Road, Birmingham, B7 4HW

Further information concerning Freedom of Information requests can be found on the Information Commissioner website at either the following link: https://ico.org.uk/ or at Wycliffe House, Water Lane, Wilmslow, SK9 5AF.

20002 – Information governance contacts

Ref: FOI/20002

RE: FREEDOM OF INFORMATION ACT 2000 REQUEST

I am writing to confirm that the West Midlands Fire Service has now completed its search for the information you requested further to your freedom of information request.

Please find below a summary of our findings.

Request

Name of SIRO (Senior Information Risk Owner) if one is appointed, or similar responsibility level if not (Chief Information Governance Officer, Chief Information Security Office etc), or responsible person for SIRO duties.

Contact email of person named in request No. 1.

Reply

The SIRO for West Midlands Fire service is Assistant Chief Fire Officer Gary Taylor and can be contacted at: contact@wmfs.net

Request

Name of DPO (Data Protection Officer) or responsible person for DPO duties.

Name of person with overall responsibility for Cyber security or equivalent

Name of person with overall responsibility for information security or equivalent

Name of person with overall responsibility for information Governance or equivalent

Contact email of DPO.

Reply

The Data Protection Officer is Martina Doolan and can be contacted at datamanager@wmfs.net. The Data Protection Officer is also responsible for Cyber security, information security and information Governance or equivalent

Request

Do you have appointed IAO’s? If so, whom are they, if they have been defined (Name/Job Title – or just job title if they fall below the level of disclosure you publish for FOI’s)?

Reply

The information Asset Owners are our leadership team (Strategic Enabling Team) details of which can be found at the following link: https://www.wmfs.net/about-us/#leadership

Request

Are you or have you considered becoming ISO 27001 compliant or certified? If so whom is responsible for maintaining this? (as in, the person)

Contact email of person responsible

Reply

The benefits of ISO including 27001 are continually assessed and West Midlands Fire Service are not certified at this time.

The contact for this would be the Data Protection Officer.

Request

Are you required to connect to the PSN Code of Connection (CoCo)? If so whom is responsible for complying with its requirements? (as in, the person)

Contact email of person responsible.

Reply

West Midlands Fire service is not required to connect to the PSN Code of Connection. Therefore the contact for this is not applicable.

If you have any queries about this Freedom of Information request, please contact us. Please remember to quote the reference number above in any future communications.

For service complaints, issues or comments regarding this request please contact The Public Relations Department, West Midlands Fire Service, 99 Vauxhall Road, Birmingham, B7 4HW

Further information concerning Freedom of Information requests can be found on the Information Commissioner website at either the following link: https://ico.org.uk/ or at Wycliffe House, Water Lane, Wilmslow, SK9 5AF.

19166- Management of Data Protection Requests

Ref: FOI/19166

RE: FREEDOM OF INFORMATION ACT 2000 REQUEST

West Midlands Fire Service has now completed its search for the information requested on 12th December 2019.

Please find below a summary of our findings.

Request

1) What is the email address of the person in your organisation who is responsible for the management of Subject Access Requests / DPA Requests?

Reply

West Midlands Fire Service does not disclose individual contact details as under Section 40(20) of the Freedom of Information Act 2000.  The generic email address for the Data Manager is email: data.manger@wmfs.net and generic phone number is 03300 589 000  and data protection request can be made on our website using the below link:

https://www.wmfs.net/about-us/data-request/

Furthermore, guidance from the Information Commissioner’s Office is a as follows:

The presumption is in favour of protecting privacy, so the release of personal information will only be fair if there is a genuine reason to disclose.  This involves a three-stage test. A public authority will generally have to satisfy itself that:

There is a legitimate interest can be met, or fully met, by the disclosure of information which identifies individuals (i.e the disclosure is necessary to that purpose); and, the disclosure would not involve unwarranted detriment to individual’s privacy or other rights and legitimate interests.

Request

2) What percentage of Subject Access Requests have been responded to on time since 25th May 2018? If you do know have this figure please provide a figure for what you do have.

Reply

100%

Request

3) On average how many SAR/DPA requests does your authority receive in a month?

Reply

2

Request

4) How many SAR officers are employed by your organisation who work on Subject Access Requests?

Reply

West Midlands Fire Service Information Governance team has 2 members whom can deal with various aspect information governance requests which includes subject access request.

Request

5) What is the generic email address of the team which deals with SARs / DPA requests within your organisation?

Reply

data.manager@wmfs.net or using the below link

Data Protection Request Form

Request

6) How many overdue Subject Access Requests do you currently have?

Reply

None

If you have any queries about this freedom of information request, please contact us.  Please remember to quote the reference number above in any future communications.

For service complaints, issues or comments regarding this request please contact The Public Relations Department, West Midlands Fire Service, 99 Vauxhall Road, Birmingham, B7 4HW

Further information concerning Freedom of Information requests can be found on the Information Commissioner website at either the following link: https://ico.org.uk/ or at Wycliffe House, Water Lane, Wilmslow, SK9 5AF.

19118 – Requests for information

Ref: FOI/19118

RE: FREEDOM OF INFORMATION ACT 2000 REQUEST

I am writing to confirm that the West Midlands Fire Service has now completed its search for the information you requested on 30th August 2019.

Please find below a summary of our findings.

Request

I would be grateful if you provide me with the following information please:

How many requests do you receive per annum (for the last 3 years)

Reply

Year EIR FOI SAR DPA Total
2016 0 154 0 4 158
2017 2 145 0 9 156
2018 0 180 8 12 200
2019 to date 1 118 22 7 148

Request

What IT resources are used to help with management/tracking, reporting, auditing, redaction, etc

Reply

West Midlands Fire Service currently uses an excel spreadsheet for management/tracking, reporting and auditing. Redaction is carried out as required by staff members.

Request

Are these decided by each Fire & Rescue Service or are they provided as part of a National resource?

Reply

The resources used by West Midlands Fire Service are decided by us.

If you have any queries about this freedom of information request, please contact us.  Please remember to quote the reference number above in any future communications.

For service complaints, issues or comments regarding this request please contact The Public Relations Department, West Midlands Fire Service, 99 Vauxhall Road, Birmingham, B7 4HW

Further information concerning Freedom of Information requests can be found on the Information Commissioner website at either the following link: https://ico.org.uk/ or at Wycliffe House, Water Lane, Wilmslow, SK9 5AF

Customer Service Form

General enquiry


A safe and well visit for you..

A safe and well visit for someone else...

Safeside enquiry form


Booking enquiry

Accessibility