IT and information security

FOI request reference: CAS-66467-R0P0B7
Publication date: January 2021

Request
Please can you process a Freedom of Information (FOI).

Please can you confirm the person responsible for IT/Information Security. Different organisations have different job titles for this responsibility, I’ve listed below the possible job titles:

Manager or Head for IT, Cyber, Information Security, IT Security, Information Governance or CIO (Chief Information Officer) or CISO (Chief Information Security Officer).

Please can you provide name, job title, email, direct phone number/mobile number.
Please provide information via email.
Outcome
Some information provided.
Response
We are unable to provide you with this information because it would identify a junior member of staff and as such is exempt from release under section 40(2) of the FOI Act. However, at The National Archives we apply the general principle that members of staff at Head of Department level and above are sufficiently senior for their names and/or job titles to already be in the public domain and are therefore not exempt from release.

Overall responsibility for IT and Information Security is held by Julian Muller, our Head of IT Operations. The National Archives’ full contact options can be found on our website here: http://apps.nationalarchives.gov.uk/contact/
EXPLANATORY ANNEX
Exemptions applied.

Section 40(2): Personal Information where the applicant is not the data subject
Data Protection Legislation prevents personal information from release if it would be unfair or at odds with the reason why it was collected, or where the subject had officially served notice that releasing it would cause them damage or distress.

In this case the exemption applies because this information represents the personal information of junior members of staff at The National Archives.

Publishing the names and contact details of junior members of staff is considered an unfair use of personal data. Junior members of staff would have no expectation that information about their positions would be made available in the public domain; to do so would be unfair and contravene Art. 5 of the General Data Protection Regulation. As such, the names, positions and contact details of junior officials are withheld under section 40 (2) of the FOI Act.

Further guidance can be found at: https://ico.org.uk/media/1187/section_40_requests_for_personal_data_about_employees.pdf