Person responsible for ICT (FOI: 0734.2020-21)
Please can you confirm the person responsible for IT/Information Security. Different organisations have different job titles for this responsibility, I’ve listed below the possible job titles:
Manager or Head for IT, Cyber, Information Security, IT Security, Information Governance
CIO (Chief Information Officer)
CISO (Chief Information Security Officer)
Please can you provide name, job title, email, direct phone number/mobile number.
Extent and Result of Searches to Locate Information
To locate the information relevant to your request searches were conducted within North Yorkshire Police.
I can confirm that the information you have requested is held by North Yorkshire Police.
I have today decided to disclose the located information to you.
Please see below for the job title of the person responsible for IT/Information Security at North Yorkshire Police:
Head of ICT
The contact details for the Head of ICT are:
Telephone number: 101
I am exempting any further information regarding job title or rank pursuant to Section 40(2) – Personal Information. This is to ensure anonymity for those employed by North Yorkshire Police. Where an individual can be identified by such data, releasing it would clearly breach the first data protection principle of being ‘fair’ to the data subject. Please see exemption explanations below.
Section 40(2) is an absolute class based exemption, which does not require a public interest test, but requires the balancing of the legitimate interests of the public against the interests of the individual under the first Data Protection Principle; in that processing of personal data must be lawful and fair (DPA 2018 35(1), EUGDPR Article 5(1)).
This exemption applies because the right given under the FOI Act to request official information held by public authorities does not apply to the personal data of third parties where disclosure of that information would not be fair to the individual, and where there is no legitimate public interest in disclosure.
In all the circumstances of the case it has been determined that the duty to the individual under the Data Protection Act 2018 & EU General Data Protection Regulations, and the public interest in maintaining the exemption from disclosure of personal information held by the force in such instances, outweighs the public interest in disclosure. In this instance, personal information can only be disclosed to the individual concerned.
Releasing personal details to a person other than the data subject would not only breach the data subject’s Data Protection rights it may also breach the obligations placed on an authority under the European Convention on Human Rights
Pursuant to Section 17(1) of the Act this letter acts as a refusal notice under the Freedom of Information Act 2000 in relation to your request.
Please note that systems used for recording information are not generic, nor are the procedures used locally in capturing the data. It should be noted therefore that this force’s response to your questions should not be used for comparison purposes with any other responses you may receive.Last modified: February 9, 2021