FOI release

FOI21/22-029 - DPO and SIRO information

Updated 27 October 2021

Our ref: FOI21/22-029

Date: 10th June 2021

Dear

Re: Freedom of Information Act (FOIA) Request

Thank you for your email of 14May in which you requested from the Insolvency Service:

“1. Name of SIRO / Senior Information Risk Owner, or equivalent. A name and job title, or if they are below the disclosable level just a job title is fine.

If you do not have a nominated SIRO could you please answer Q1 with the person(s) with responsibilities equivalent to a SIRO.

“A Senior Information Risk Owner (SIRO) is an Executive Director or member of the Senior Management Board of an organisation with overall responsibility for an organisation's information risk policy. The SIRO is accountable and responsible for information risk across the organisation. They ensure that everyone is aware of their personal responsibility to exercise good judgement, and to safeguard and share information appropriately.”

1. Contact email for answer to Q1.

2. Name of Data Protection Officer.

3. Contact email for DPO.

4. Do you have Information Asset Owners appointed?

5. Who would be responsible for organising training IAO’s (If appointed)”;

Your request has been dealt with under the Freedom of Information Act 2000 (FOIA).

I can confirm the agency holds some of the information that you have requested, however, most of this request is exempt information under section 40(2) because it constitutes personal data. I have provided answers to your questions below:

1. Ms Sarah Harrison MBE - https://www.gov.uk/government/people/sarah-harrison

2. The information requested in this question is personal information, and is exempt from disclosure under section 40(2) of the FOIA. More information on this exemption can be found below.

3. Ms Farahnaz Ashouri.

4. Email: dataprotection@beis.gov.uk

5. Yes

6. Information Governance Team (FOI@insolvency.gov.uk).

Section 40(2) - personal information

Personal data can only be released if to do so would not contravene any of the data protection principles set out in Article 5(1) of the General Data Protection Regulation and Data Protection Act 2018. This is an absolute exemption and does not require a public interest test.

As such, the legitimate interests in releasing the information do not outweigh the rights and interests of these individuals. The release of the requested personal information in this instance would therefore be unlawful, and not be in keeping with data protection principles outlined above

If you are not satisfied with the response we have provided you and would like us to reconsider our decision by way of an internal review (IR), pleasecontact our Information Rights Team at foi@insolvency.gov.uk or by post at:

Information Rights Team
The Insolvency Service
3rd Floor
Cannon House
18 Priory Queensway
Birmingham
B4 6FD
United Kingdom

You also have the right to contact the Information Commissioner’s Office (ICO) if you wish for them to investigate any complaint you may have regarding our handling of your request. However, please note that the ICO is likely to expect an IR to have been completed in the first instance.

Yours sincerely,

Information Rights Team

The Insolvency Service

The Department for Business, Energy and Industrial Strategy, Official receivers and the Adjudicator are Data Controllers in respect of personal data processed by the Insolvency Service. For the details about how personal data is processed by the agency, please see the full Insolvency Service Personal Information Charter here: https://www.gov.uk/government/organisations/insolvency-service/about/personal-information-charter