Information Technology / Security FAQ
As a result of the increasing threat and sophistication of cyber attacks, the Trust no longer publishes information on its systems, network, computers and programmes; this extends to information on mobile phones, cloud storage, internet supply and cyber security.
To reduce the likelihood and impact of cyber attacks, the Trust is unable to disclose information about the number of attacks and its security measures including budget, detection and recovery. The information is exempt under section 31 of the Act – see exemption below.
Please note - The Trust was affected by the WannaCrypt cyber-attack, in May 2017, that hit many organisations including those in the NHS. Please see the Press Statements for further information, available from - here and here.
Part of the information about the Trust’s infrastructure is exempt from disclosure under the Freedom of Information Act.
Section 31(1)(a) of the Act states:
31. Law enforcement.
(1) Information which is not exempt information by virtue of section 30 is exempt information if its disclosure under this Act would, or would be likely to, prejudice—
(a) the prevention or detection of crime,
Guidance from the Information Commissioner’s Office states:
Section 31(1)(a) will cover all aspects of the prevention and detection of crime…The exemption also covers information held by public authorities without any specific law enforcement responsibilities…It could also be used to withhold information that would make anyone, including the public authority itself, more vulnerable to crime for example, by disclosing its own security procedures
Information disclosed under Freedom of Information becomes publically available. This means that the impact of disclosure must be considered from the general release of information and not limited to disclosure to one individual (the requestor).
The Trust determines that to disclose specific information regarding its cyber security protection would prejudice the security of the systems by allowing for the assessment of the Trust’s security procedures and where, if any, vulnerabilities exist. Consequently section 31 (1) (a) is being applied to this request.
Information Commissioner’s Office
If you were requesting information under the Freedom of Information Act and are dissatisfied with the Trust’s stance on disclosure of this information you may make an approach to the Information Commissioner.
Further Information about your rights is available from the Information Commissioner at: Information Commissioner's Office
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF,
Telephone: 0303 123 1113, www.ico.gov.uk