The National Archives’ use of O365 and email

FOI request reference: F0061468
Publication date: April 2020

Outcome

Successful

 

Request & response

I can confirm that The National Archives holds information relevant to your request.
We are pleased to be able to provide some of this information to you.

We are unable to provide you with some of the information you have requested because it is covered by the exemption at section 31 (1) (a) of the FOI Act, which exempts information if disclosure would prejudice the prevention or detection of crime. For further information about why this exemption has been applied, please see the Explanatory Annex at the end of this letter.

 

I would be grateful if you could please let me know whether:
– you use Office 365(O365)?

We can neither confirm nor deny that The National Archives is using the Microsoft Office 365 solution as to do so would or would be likely to prejudice the prevention or detection of crime, consequently this information is considered exempt under sections 31(1)(3) and 31(1)(a) of the FOI Act.

– If so what is the process for users requesting new SharePoint sites or Teams at your organisation?

Information regarding specific hardware and software is exempt under section 31 (1) (a) of the FOI Act.

All IT related requests are handled by our internal IT Service Desk.

– If you use O365 have you implemented retention policies or retention labels within your O365 tenancy and can you provide a list of those that you have implemented and the O365 applications to which they have been rolled out?

We can neither confirm nor deny that The National Archives is using the Microsoft Office 365 solution as to do so would or would be likely to prejudice the prevention or detection of crime, consequently this information is considered exempt under sections 31(1)(3) and 31(1)(a) of the FOI Act.

– Do you apply a blanket retention period to email?

Yes.

– Are users encouraged to save emails with enduring corporate value outside of Outlook and if so in what system are they saved in?

Yes.

Information regarding specific hardware and software is exempt under section 31 (1) (a) of the FOI Act.

– Do you apply a size limit or blanket retention period to One Drive?

Information regarding specific hardware and software is exempt under section 31 (1) (a) of the FOI Act.

Explanatory Annex

Exemptions applied

Section 31: Law Enforcement

We are unable to provide you with information regarding hardware brands and specific contract end dates because this information is exempt from disclosure under section 31 (1) (a) of the FOI Act. Section 31 (1) (a) exempts information if its disclosure is likely to prejudice the prevention or detection of crime.

Section 31 is a qualified exemption and we are required to conduct a public interest test when applying any qualified exemption. This means that after it has been decided that the exemption is engaged, the public interest in releasing the information must be considered. If the public interest in disclosing the information outweighs the public interest in withholding it then the exemption does not apply and the information must be released. In the FOI Act there is a presumption that information should be released unless there are compelling reasons to withhold it.

The public interest has now been concluded and the balance of the public interest has been found to fall in favour of withholding information covered by the section 31 (1) (a) exemption. Considerations in favour of the release of the information included the principle that there is a public interest in transparency and accountability in disclosing information about government procedure and contracts. However, release of this information would make The National Archives more vulnerable to crime. The crime in question here would be a malicious attack on The National Archives’ computer systems. As such release of this information would be seen to prejudice the prevention or detection of crime by making The National Archives’ computer system more vulnerable to hacking. There is an overwhelming public interest in keeping government computer systems secure which would be served by non-disclosure. This would outweigh any benefits of release. It has therefore been decided that the balance of the public interest lies clearly in favour of withholding the material on this occasion.

Further guidance on section 31 can be found here:

https://ico.org.uk/media/for-organisations/documents/1207/law-enforcement-foi-section-31.pdf