Freedom of information response
- Can you please provide me with all information about the procedures for uploading material on your Council website as part of the website content management process? If any relevant policy or procedure documents, please forward copies.
- How are such procedures are communicated to Council staff?
- Is there a written process or standard operating procedure in your department where staff who publish content online must adhere to in relation to redaction and uploading of documents onto a public domain (Council public website)?
3a. Who oversees the process?
- What procedures, policies or protocols do you have in place to ensure special category or sensitive personal data is not published on your website?
- In relation to documents which hold personal information, how do staff know what information should be redacted and identified as public or private?
- Who holds the administrative function of checking documents before being published online?
- What department/service is responsible for the management (e.g editor, moderator) of the content on the Council website.
- Please detail what your IT Departments' function is concerning the management of the Council website.
1. In issuing our response, the Council have applied Section 31 exemption (Law Enforcement) due to potential online security risks, as it cannot share such documentation externally. The reasons for this have been captured below under the public interest test section.
2. For staff with access to update content within the CMS of the council's core website, documentation and/or guidance is provided on the technical functionality of the CMS itself. Additional resources such as content, style and writing guides are made available via the council's intranet.
3. In the limited number of instances where redaction is used within a document, it is undertaken by, or on the authority of, the officer responsible for the document. Staff who publish content online do not undertake redaction or independent verification related to its use, and there is no operating procedure for them to do so.
3a. The overall responsibility for published data and redacted data within any given public document resides with the officer responsible for the document and the request for it to be made available in the public domain.
4. All staff undertake data protection training.
5. See 4 above
6. See 3a above
7. The Web Manager within the Strategy, Engagement and Growth directorate is responsible for adding, updating and deleting content within the council's core website. Individual service areas are responsible for the accuracy of the content to be added, updated or deleted on behalf of their area.
8. The council's IT Department maintains the domain name and the secure sockets layer (SSL) certificate for the council's core website.
Section 31 Law Enforcement
With regards to Question 1, it is our view that the information should not be released. The Council have therefore applied the exemption contained in Section 31 - Law Enforcement to this request. Providing the information you have requested could compromise the security of the councils network / data. The reasons for the application of this exemption have been captured below under the public interest test section.
Public Interest Test:
· Public interest in disclosure:
o It would inform the public of internal procedures for uploading content to the CMS of our core website.
· Public interest to maintain the exemption:
o A realistic outcome/consequence of releasing this information would be that the Council would be subject to a security/cyber-attack and/or become increasingly vulnerable to such an attack
o It is not in the public interest for the Council to make itself vulnerable to a cyber-attack as it is tax payers money that will be used to pay for additional software to increase our protection as well as the cost of repairing damage done during an attack
Based on the above, it is the Council’s view that there is a stronger public interest to maintain the use of the exemption for section 31 as he Council feels the factors in favour of withholding the information outweigh those in favour of publication.
You are free to use any information supplied to you for your own use, including non-commercial research purposes. However, any other type of re-use, for example, by publishing the information or issuing copies to the public will require the permission of the copyright owner.
Where the copyright is owned by Thurrock Council, you must apply to the Council to re-use the information. Please email firstname.lastname@example.org if you wish to re-use the information you have been supplied. For information where the copyright is owned by another person or organisation, you must apply to the copyright owner to obtain their permission.
If you are dissatisfied with the way in which the council have managed your FOI request you can pursue an Internal Review by contacting us using the above email address. Your request will be considered by a senior member of the Information Management Team who will update you with the outcome of the review.
If you remain unhappy following the outcome of your Internal Review you may wish to refer your case to the Information Commissioner’s Office (ICO) and details of this organisation can be found at www.ico.org.uk . Please be advised that the ICO will not consider your case until they have confirmation that you have already been through the Internal Review stage with the council.