DPA Breaches - Central Government edition

A little while back I asked all local councils how many data protection breaches they had.  It was an interesting one because it showed that Data Protection (DPA) is taken very seriously. It was also interesting how high the number was, in some cases.  At the same time it was amazing that there were a few cases where the answer was zero.  That was amazing because, it's easy to break Data Protection and to have NONE shows one of two things; a total paranoia for data protection OR a complete disregard for reporting it (I assume the former rather than the latter).  So, why bring this up here?  Because I asked all the central government departments how many times they breached Data Protection.

I did change the question on this one.  Rather than simple ask all the government departments how many times they breached DPA I asked them a rather specific question which was:

Please can you tell me how many times you have had to register a Data Protection Breach with the ICO since 01/01/15 until time of writing?

The reason for this was two fold. One, I thought that if I asked who many times they broke DPA it would be too wide for them.  Secondly, I asked about the Information Commissioner's office purely because these are MAJOR breaches (Not just sending the wrong email to the wrong person).

So what are the answers?  Here we go!

Name of Department	Amount of times
Her Majesty’s Inspector of Education	0
Department of Energy and Climate Change	0
Department for Environment, Food and Rural Affairs	0
Department for Communities and Local Government	4
Export Credits Guarantee Department	0
Department of Health	0
Department for Work and Pensions	2
Department for Transport	1
Department for International Development	0
Department for Education	2
Department for Culture, Media and Sport	0
Department for Business, Innovation and Skills	2
Cabinet Office	5
Attorney General’s Office	0
Her Majesty’s Inspector of Education
Home Office	0
Government Equalities Office
Her Majesty’s Treasury	0
Foreign and Commonwealth Office	2
Ministry of Defence	0
Prime Minister Office
Ministry of Justice	5

Now this doesn't give the whole story.  For example the department for work and pensions had two but one of those was for the loss of 1100 records (including Names, address, DOB, NI number).  When I said these are major, I mean it.  Was quite impressed by the DWP simple because they said it was available to the public BUT they also sent me their report to make sure that I could see it. Great stuff, eh?

I would like to also state that I have read a LOT of reports because of this…  One of the most detailed was the Department for International Development who also showed how many days absence have been had and even their water levels.  That pretty good detail, eh?

Control of Major Accident Hazards

The Control of Major Accident Hazards (COMAH) is something that the Health and safety Executive (HSE) take very seriously; in fact they have a whole section of their website dedicated to the topic. This law is mainly there to make sure that there is sufficient methods to keep people safe and reduce the harm to the surround areas for places which are dangerous or harmful.  It is enforced by the Complementing Authority (Find out more about who these are here), of which one of these is Natural Resources Wales.  

The thing is these are REALLY interesting, as they are site which could be harmful to the surrounding area or even be a hazardous zone on a wider scale. So why bring it up here?  Numerous people have asked for a list of the sites which are covered by COMAH (see HERE, Here, and here), not realising that there can find an area within three miles of their house if they searched the HSE website.  The interesting thing is with this, however, is the amount of things that are covered by it.

Have a look at this one.  Response to fires in an naval oil pipe depot. This is great.  As you can read from the guys request, he really is worried about the locality's risk.  He’s got the response that he was looking for and has helped put him, and his communities mind at rest. What better use of the FoI is there?  Want to set up a hotel for 300 to 500 guest near a COMAH level 1 site?  Here’s the response (Very specific, I know).  Again great advice and a lot of detailed information.

So here’s another one.  The interesting bit is the renewals.  Did you think of it?  Did you think that you could get this information?  Neither did I.  Now this again give a good insight into the world of Health and safety AND shows us that the HSE are being transparent. Not only that, you can see how they are developing their policies too.

So what about the ones that fail?  There is this one about the amount of foam that each site has. Again, this is not a HSE issue. What about this one looking into the assessment of the competent authority?  Again something that was a little bit too specific or wrongly worded.

So this has shown us that there are high level risks in the UK, but that there are measures in place to reduce the harm and deal with it.  It also shows that we can find these reports and assess the risk ourselves. This is great!  Again, that is not the whole of the story.  It makes you think that there is so much information out there and we can get our hands on it.  For example, here is a list of reports that the HSE did into incidents at COMAH sites.  Again a great way for you to see what has happened and what is happening. Good isn't it kids?

PS, have a look at this.  

Alton Towers

Alton Tower in the UK has had a pretty bad time of it lately. a lot of this comes down to the incident with the Smiler Ride broke down and killed and maimed a lot of people.  The owners of the ride admitted liability and stated that they missed a lot of health and safety points on this matter.  This is not a good thing; statistically speaking you are safer on a park ride than you are on the journey to the park itself. So what can we gather from this accident?  Are there any further details that we can find?  Well, this is where the FoI Act comes in.  We can find some more information on this.

The Health and Safety Executive are the people who look after ALL health and safety issues in the United Kingdom. Whilst sometimes that can go a bit mad, The UK is considered a world leader in Health and safety matters. They are also subject to the Freedom of information act..  As a result we can ask them questions about Alton Towers...

So what has been found?  A direct ask for the report on the alton towers case produced nothing purely because it was an ongoing investigation and would unfairly bias people. Fair enough.  There are a lot of other request asking about this issue (Such as this, this, & this).

Does this mean that this is the end of the storey?  Of course not!  There are lots of things that we can look into on this matter. So what about the things that have to be looked into when making a Roller Coaster?  Already asked. This should give us some perspective on the development of a roller coaster.  What about, in context, other theme parks; how many of them have been investigated?  Again, already asked.

The thing is, this is an interesting one. It it a good thing that we can look at this issue and interesting that we can look at the inner working of the Health and Safety board.  It also makes us think about these places as well.  As in the case with the Smiler records, there should be a trace back of everything that they do/.  We shall now look into this in more depth to see what they have done wrong.  it also shows that we should be able to find more more about this in the fullness of time.

--

Open Data

OPen data is something that we should all be on our hands and knees praying that God gives us more of it. The reasons is that it gives us more ability to find out what is going on , AND find out if there are any errors that the government are making. Just look at this, someone using open data to reverse parking charges. New York's own data being used to prove its actions wrong. Amazing isn't it? So why is this important and why should we be looking at it? Because it means we have more information on what is going on in the local area and we are also more empowered to make decisions in our local area.

So why bring this up to you guys? Shouldn't we find out what the government is doing to improve open data, or its policy on open data is? I mean we pay them to generate this information, shouldn't we be able to see it? This is the thing, the government has actually published a lot of data, and finances, to increase the amount of data that is published. The local government association has a huge amount of data that is published (And shows which projects have been funded) and the government has published a set of guidelines that help increase the amount of data that is published, too. Central Government even blogged about the issue, which shows how much they want to increase how much data is generated for open use.

Now all of this is great, and helps build a picture of what is going on, but it doesn't really show us the amount of work OR what data is being produced. For example, the Welsh government has released a lot of open data and created a really cool noise map, which shows you how noisey different areas in Wales are (and the cause of them). But what about Welsh Councils? What about the Welsh Government? How much money are they funding and what are they releasing? Do they have policies on open data? Wales does have an Stat Wales which holds a huge amount of information on things going on in wales.

So how much money is funded to it? Only time will tell. What about the National Assembly of Wales? Again, Time will tell.

So let's get the crux of the matter. What did the local councils answer? I asked them all the same questions, which were

1) How much funding was allocated to your council by the Welsh Government for use in open data

2) How much funding did your council give towards the development of open data policies and resources

3) How much funding did your council receive from central government for the development of open data

4) Has your council participated in any "Hackfests" (For example http://nhshackday.com/)

Here are the results:

Name	Welsh Government	Council	Central	Hackdays
Blaenau
Bridgend	No	No	No	No
Caerphilly	No	No	No	No
Cardiff	No	no	no	No
Carmarthenshire	No	No	no	No
Ceredigion	NO	No	No	No
Conway
Denbighshire	No	No	No	No
Flintshire	No	No	No	No
Gwynedd	No	No	No	No – possible regional
Anglesey	No	No	No	no
Merthyr Tydfil	No	No	No	No
Monmouth	No	No	No	No
Neath Port Talbot
Newport	No	Unable – allocated in other budgets	No	No
Pembroke	No	No	No	No
Powys	No	No	No	No
RCT
Swansea	No	No	No	Hack the City @ Tech Hub Swansea, not in Westminster Hackthon
Torfaen	No	No	No	Yes – Camp Cymru + ODI training
Vale Of Glamorgan	No	No	No	No
Wrexham	No	No	No	No

Well, that's a pretty clear picture, isn't it? So why even bring this up here? Its because Wales needs to look at innovations with the way that it uses it services. It needs to be able to look at different ways to change and develop. This would be an amazing way for councils to be able to open up and develop.

I am proud of Swansea and Torfaen as they have looked at Hack Fests (Which are opportunities for people to tinker with data and see what pops up. I wonder how it has affected their council and what innovations that they have made..