Malicious Emails

This Freedom of Information request asks for the number of malicious emails blocked over the last 3 years

Request for information - Ref no: FOI221061

August 31, 2022

Information request

Thank you for your email of 17 October 2022, requesting information from Ordnance Survey in accordance with the Freedom of Information Act (FOIA) 2000, as set out in the extract below:

“Please provide me with the total number of malicious emails blocked by your organisation over the last three calendar years (2021, 2020, 2019) broken down by year and categorised accordingly.”

Our response

I confirm that Ordnance Survey only holds a record of blocked email for a period of 90 days, therefore, we do not hold the information you have requested, other than for the last 90 days.

However, we are unable to comply with your request and provide the figures for the last 90 days; as we are continually reviewing our security profile, and now consider the information you have requested to be exempt from disclosure under section 31(1)(a) of the FOIA, as explained below.

Section 31(1)(a) the prevention or detection of crime

Section 31(1)(a) exempts information if its disclosure would or would be likely to prejudice the prevention and detection of crime. In this case, we consider that disclosure of the information would be likely to make OS more vulnerable to crime, namely a malicious attack on our security and computer systems.

Disclosure of the information would comprise measures to protect our security and computer systems, jeopardising our computer and security systems, by leaving us vulnerable to attack. It would be likely to assist someone in determining the level of effectiveness of detecting and defending against such attacks, and would be likely to assist a determined attacker, by allowing them to evaluate any vulnerabilities which may or may not exist. We consider that disclosure of this type of insight into our computer and security systems, would create a real and significant risk to our computer and security systems.

This is a qualified exemption, and we are required to consider the public interest.

Public Interest Test

OS recognises the need for transparency; and that there is a public interest in knowing that OS has measures in place to prevent against such attacks and protect information; however, disclosure of this information would mean our computer and security systems would be more vulnerable to malicious attacks, therefore facilitating the possibility of crime.

Section 31(1)(a) is a prejudice-based exemption, and there is a public interest inherent in avoiding the harm specified. OS considers that the prejudice would be likely to occur, and we are satisfied there is a greater public interest in protecting our computer and security systems by withholding the information under this exemption.

All information requests

See our previous responses to Freedom of Information (FOI) requests.

Can't find what you need?

Contact us directly to speak to our friendly customer service team.