Backup policy for The National Archives’ Office 365 deployment

FOI request reference: F0061661
Publication date: April 2020

Outcome
Successful

 

Request & response
1. Can you please confirm if you are using the Microsoft Office 365 solution in your IT environment?

2. If so, how you currently back up your Office 365 data? If it is backed up please confirm which software or service solution you currently have in place.

3. If a system or service is in place to back up The National Archives’ Office 365 environment can you confirm the retention period the data is stored for?

We can neither confirm nor deny that The National Archives is using the Microsoft Office 365 solution as to do so would or would be likely to prejudice the prevention or detection of crime, consequently this information is considered exempt under sections 31(1)(3) and 31(1)(a) of the FOI Act.

4. Who in The National Archives is responsible for the protection of your critical data?

We are unable to provide you with this information because it would identify a junior member of staff and as such is exempt from release under section 40(2) of the FOI Act. However, at The National Archives we apply the general principle that members of staff at Head of Department level and above are sufficiently senior for their names and/or job titles to already be in the public domain and are therefore not exempt from release.

The Head of IT Operations at The National Archives is Julian Muller.

The National Archives’ full contact options can be found on our website here:  http://apps.nationalarchives.gov.uk/contact/

 

EXPLANATORY ANNEX

Exemptions applied

Section 31: Law Enforcement
We are unable to provide you with information which confirms or denies The National Archives use of a specific IT system because this information is exempt from disclosure under sections 31(3) and 31(1) (a) of the FOI Act.

Section 31(3) removes the duty to confirm or deny if, or to the extent that, such compliance would, or would be likely to, prejudice any of the matters mentioned in subsection (1).

Section 31 (1) (a) exempts information if its disclosure is likely to prejudice the prevention or detection of crime.

Section 31 is a qualified exemption and we are required to conduct a public interest test when applying any qualified exemption. This means that after it has been decided that the exemption could be engaged, the public interest in releasing the information must be considered. If the public interest in disclosing the information outweighs the public interest in withholding it then the exemption does not apply and the information can be released. In the FOI Act there is a presumption that information should be released unless there are compelling reasons to withhold it.

The public interest has now been concluded and the balance of the public interest has been found to fall in favour of withholding information covered by the section 31 (3) exemption. Considerations in favour of the release of the information included the principle that there is a public interest in transparency and accountability in disclosing information about government procedure and contracts. However, release of this information could make The National Archives more vulnerable to crime. The crime in question here could be a malicious attack on The National Archives’ computer systems. As such release of this information could be seen to prejudice the prevention or detection of crime by potentially making The National Archives’ computer system more vulnerable to hacking. There is an overwhelming public interest in keeping government computer systems secure which could be served by non-disclosure. This could outweigh any benefits of release. It has therefore been decided that the balance of the public interest lies in favour of applying the exemption.

Further guidance on section 31 can be found here:

https://ico.org.uk/media/for-organisations/documents/1207/law-enforcement-foi-section-31.pdf

 

Section 40(2): Personal Information where the applicant is not the data subject 
Data Protection Legislation prevents personal information from release if it would be unfair or at odds with the reason why it was collected, or where the subject had officially served notice that releasing it would cause them damage or distress.

In this case the exemption applies because this information represents the personal information of a junior member of staff at The National Archives.

Publishing the names and contact details of junior members of staff is considered an unfair use of personal data. Junior members of staff would have no expectation that information about their positions would be made available in the public domain; to do so would be unfair and contravene Art. 5 of the General Data Protection Regulation. As such, the names, positions and contact details of junior officials are withheld under section 40 (2) of the FOI Act.

Further guidance can be found at:

https://ico.org.uk/media/for-organisations/documents/1187/section_40_requests_for_personal_data_about_employees.pdf