Improving Health, Improving Lives
NHS Calderdale Clinical Commissioning Group Logo

The number of staff, contractors and data protection incidents (1617039)

1a. Approximately how many members of staff do you have?

The CCG directly employs 79 members of staff which equates to 77.7 full time equivalents as at the 13th April 2016. The CCG also shares a number of staff with neighbouring CCGs who are employed by other CCGs.

1b. Approximately how many contractors have routine access to your information?
(see www.suresite.net/foi.php for clarification of contractors if needed)

The CCG undertakes an annual review of its information asset register which includes identifying 3rd parties with access to CCG information assets. During 2014/15 3rd party organisations with access to the CCG’s information assets were Greater Huddersfield CCG, the Health Informatics Service and the former Yorkshire and Humber Commissioning Support Unit.

2b. Can you provide me with the information or document(s) referred to in 2a? (This can be an email attachment of the document(s), a link to the document(s) on your publicly facing web site or a ‘cut and paste’ of the relevant section of these document(s))

The policy documents are already available from the ‘Documents’ section of the CCG’s website www.calderdaleccg.nhs.uk. A copy of the Incident Management, Reporting and Investigation Procedure is enclosed.

3a. Do you know how many data protection incidents your organisation has had since April 2011? (Incidents reported to the Information Commissioners Office (ICO) as a Data Protection Act (DPA) breach)
Answer: Yes, No, Only since (date):

Yes, only since April 1, 2013. This is the date of the establishment of NHS Calderdale Clinical Commissioning Group

3b. How many breaches occurred for each Financial Year the figures are available for? Answer FY11-12: N/A FY12-13: 0 FY13-14: 0 FY14-15: 0

The CCG has not had any Level 2 serious incidents requiring reporting to the Information Commissioner’s office.

4a. Do you know how many other information security incidents your organisation has had since April 2011? (A breach resulting in the loss of organisational information other than an incident reported to the ICO, e.g. compromise of sensitive contracts or encryption by malware.)
Answer: Yes, No, Only since (date):

Yes, only since April 1, 2013. This is the date of the establishment of NHS Calderdale Clinical Commissioning Group.

4b. How many incidents occurred for each Financial Year the figures are available for?
Answer FY11-12: n/a FY12-13: n/a FY13-14: 9 FY14-15: 5

These figures are taken from Governance Assurance Reports to the CCG’s Audit Committee, these are low level information governance incidents involving data security, loss or confidentiality breaches.

5a. Do you know how many information security events/anomaly your organisation has had since April 2011? (Events where information loss did not occur but resources were assigned to investigate or recover, e.g. nuisance malware or locating misfiled documents.)
Answer: Yes, No, Only since (date):

Yes, only since April 1, 2013. This is the date of the establishment of NHS Calderdale Clinical Commissioning Group.

5b. How many events occurred for each Financial Year the figures are available for?
Answer FY11-12: n/a FY12-13:n/a FY13-14:0 FY14-15: 1

6a. Do you know how many information security near misses your organisation has had since April 2011? (Problems reported to the information security teams that indicate a possible technical, administrative or procedural issue.)
Answer: Yes, No, Only since (date):

Yes, only since April 1, 2013. This is the date of the establishment of NHS Calderdale Clinical Commissioning Group.

6b. How many near-misses occurred for each Financial Year the figures are available for?
Answer FY11-12: n/a FY12-13: n/a FY13-14: 0 FY14-15: 2

If the specific answers to 4, 5 and 6 are not readily available, I am content for these questions to be modified/replaced with similar questions that are derived from your organisations categorisation/classification system within the documents requested in question 2. I would need to first make an FoI request for question 2 in order to frame suitable questions 4, 5 and 6, then make a second request. If you are considering a manual review of all incidents to satisfy 4, 5 and 6, please re-read this section and interpret it as latitude to reuse information that you are currently recording (manual review may be the best for some organisations). Similarly calendar year can replace financial year. Please state in the reply if this option has been implemented. Question 6a is typically IG SIRI level 2 or higher incident, Question 7a is typically IG SIRI level 1 incidents and Question 8a is typically IG SIRI level 0 incidents. If your information is managed by a parent organisation or the information I seek is consolidated for several organisations, I am content to accept a consolidated return from the lead organisation identifying who the return covers. My preferred format to receive this information is electronically, but if that is not possible I will be willing to accept hard copy.

NHS Choices
NHS Constitution
NHS Constitution
Disability Confident Employer Badge

NHS Calderdale Clinical Commissioning Group: 5th floor, F Mill, Dean Clough, Halifax, HX3 5AX. Tel: 01422 307400

| Accessibility | Privacy Notice | Glossary of Terms | Work for us |

Icons provided by Icons8. Free Stock Videos by Videezy

© NHS Calderdale CCG 2019