Jump to the following:

We use cookies to improve this website. Read about cookies

Breaches of the Data Protection Act 1998

FOI16708 – Request for information

Request

Thank you for your email of 30 September 2016, requesting the following information in accordance with the Freedom of Information Act (FOIA) 2000:

I am writing under the Freedom of Information Act 2000 to request information about breaches of the Data Protection Act 1998 in your organisation, specifically I am requesting the following information:

1. Does your organisation pro-actively report breaches of Data Protection Act 1998 to the Information Commissioner’s Office?
a) If the answer is yes, please provide the number of breaches that have been reported.

2. Does your organisation have an internal procedure for responding to breaches of the Data Protection Act 1998?
a) If the answer is yes, please provide the number of breaches that have occurred.

3. I further request that your responses to Questions 1 and 2 are broken down as follows:
a) The number of employees that have been disciplined internally for breaches of the Data Protection Act 1998.
b) The number of employees that have resigned during disciplinary procedures for breaches of the Data Protection Act 1998.
c) The number of instances where a breach has not led to any disciplinary action.
d) The number of employees that have had their employment terminated for breaches of the Data Protection Act 1998.
e) The number of employees that have been convicted for breaches of Data Protection Act 1998.

In each case, I request that you provide a list of the offences committed by the individual(s) in question, for example "Accessed personal information for personal interest" or "Inappropriately shared information with a third party".

I request that the time period covered is 1 June 2011-1 June 2016.

Our response

I confirm that Ordnance Survey does hold the information you have requested and I am pleased to provide you with the answers below to each question in turn.

1. Does your organisation pro-actively report breaches of Data Protection Act 1998 to the Information Commissioners Office?
Ordnance Survey complies with the Information Commissioners advice that serious breaches should be brought to the attention of the ICO.

2. Does your organisation have an internal procedure for responding to breaching of the Data Protection Act 1998? Yes.
a) If the answer is yes please provide the number of breaches that have occurred. Nine.

Please note that, in accordance with ICO guidance, none of these nine breaches were considered sufficiently serious to report to the ICO.

    3. I further request that your responses to Questions 1 and 2 are broken down as follows:
    a) The number of employees that have been disciplined internally for breaches of the Data Protection Act 1998. Zero.

    b) The number of employees that have resigned during disciplinary procedures for breaches of the Data Protection Act 1998. Zero.

    c) The number of instances where a breach has not lead to any disciplinary action. Nine.

    d) The number of employees that have had their employment terminated for breaches of the Data Protection Act 1998. Zero.

    e) The number of employees that have been convicted for breaches of Data Protection Act 1998. Zero.

    Outline of what was lost/reported missing/accessed

    Data contained

    Action taken criminal/ discipline

    Reported to ICO?

    Additional responses to rectify loss

    Duplicate invoices

    Email addresses

    None

    No

    System configuration changes

    staff contact details used by 3rd party

    Email addresses/job titles

    None

    No

    Instructions given to 3rd party to not use information

    Database of forum email addresses made public

    Email addresses

    None

    No

    System configuration changes

    Staff photographs reused without consent.

    Staff Photographs

    None

    No

    Immediately reverted to original use. Reminder to work area

    Staff personal data stored in unrestricted repository

    Staff Personal Data

    None

    No

    System configuration changes. Procedure reviewed.

    Individual able to see order history of another customer

    Order History

    None

    No

    System Configuration Changes

    Prize winner sent information about other winners

    Names and addresses

    None

    No

    Arranged for information to be returned. Process reviewed.

    Employee information sent to another employee

    Employee name, address and bank details

    None

    No

    Information deleted from email inbox

    Employee personality test results left in public area of the building

    Employee personality test results

    None

    No.

    Review of processes. Reminder to work area


    Internal review

    Your enquiry has been processed according to the Freedom of Information Act (FOIA) 2000. If you are unhappy with our response, you may request an internal review with our FOI Internal Review Officer, by contacting them as follows:

    FOI Internal Review Officer
    Customer Service Centre
    Ordnance Survey
    Adanac Drive
    Southampton
    SO16 0AS

    Email: foi@os.uk

    Please include the reference number above. You may request an internal review where you believe Ordnance Survey has:

    • Failed to respond to your request within the time limits (normally 20 working days)
    • Failed to tell you whether or not we hold the information
    • Failed to provide the information you have requested
    • Failed to explain the reasons for refusing a request
    • Failed to correctly apply an exemption or exception

    The FOI Internal Review Officer will not have been involved in the original decision. They will conduct an independent internal review and will inform you of the outcome of the review normally within 20 working days, but exceptionally within 40 working days, in line with the Information Commissioner’s guidance.

    The FOI Internal Review Officer will either: uphold the original decision, provide an additional explanation of the exemption/s applied or release further information, if it is considered appropriate to do so.

    Appeal to Information Commissioner's Office (ICO)
    If, following the outcome of the internal review you remain unhappy with our response, you may raise an appeal with the Information Commissioner’s Office at:

    The Case Reception Unit
    Customer Service Team
    The Information Commissioner’s Office
    Wycliffe House
    Water Lane
    Wilmslow
    Cheshire
    SK9 5AF

    Email: mail@ico.gsi.gov.uk

    Telephone helpline: 0303 123 1113 or 01625 545745 for advice, Monday to Friday.

    Thank you for your enquiry.

    Search Freedom of Information requests

    Back to top
    © Ordnance Survey 2016
    Be sure to take a look at our Terms of Use and Privacy Policy