FOI request detail

Software applications

Request ID: FOI-0609-1920
Date published: 18 June 2019

You asked
1. What percentage of software applications are developed in-house vs. supplied by third parties (commercial software and open source components)? a. Less than 10 percent b. More than 10 percent, but less than 50 percent c. More than 50 percent 2. What percentage of your software development organization has received data privacy related training? a. Less than 10 percent b. More than 10 percent, but less than 50 percent c. More than 50 percent 3. In the past five years, has your organisation suffered a data privacy incident which would now be required to be reported under GDPR? a. What processes were implemented to address shortcomings contributing to these incidents? 4. Has your organisation suffered at least one data privacy incident which was reported under GDPR? a. Yes b. No 5. To which position(s) does your data protection officer report? a. CISO b. CRMO c. CIO d. CFO e. CEO 6. Has your organisation received any requests under the GDPR “Right to Access” provisions? a. Yes b. No

We answered

TfL Ref: FOI-0609-1920

Thank you for your email received by Transport for London (TfL) on 28 May 2019.

Your request has been considered in accordance with the requirements of the Freedom of Information Act and our information access policy.  I can confirm we hold some of the information you require. You asked:

  1. What percentage of software applications are developed in-house vs. supplied by third parties (commercial software and open source components)?
    1. Less than 10 percent
    2. More than 10 percent, but less than 50 percent
    3. More than 50 percent

Approximately 20 per cent of the applications provisioned by TfL are either developed in-house, or are commercial software that has been significantly developed for TfL in collaboration with a vendor.

  1. What percentage of your software development organization has received data privacy related training?
    1. Less than 10 percent
    2. More than 10 percent, but less than 50 percent
    3. More than 50 percent

Unfortunately, we do not hold this information. We are not able to identify individual roles that have completed training which will fall under the category “software development”. However, we estimate over 50 per cent of people have completed our data protection training.

In the past five years, has your organisation suffered a data privacy incident which would now be required to be reported under GDPR?

Yes.

    1. What processes were implemented to address shortcomings contributing to these incidents?

We made changes to our processes and updated our data protection training.

  1. Has your organisation suffered at least one data privacy incident which was reported under GDPR?
    1. Yes
    2. No

Yes.

  1. To which position(s) does your data protection officer report?
    1. CISO
    2. CRMO
    3. CIO
    4. CFO
    5. CEO

The DPO reports to General Counsel.

  1. Has your organisation received any requests under the GDPR “Right to Access” provisions?
    1. Yes
    2. No

Yes.

If this is not the information you are looking for, or if you are unable to access it for some reason, please do not hesitate to contact me.

Please see the attached information sheet for details of your right to appeal as well as information on copyright and what to do if you would like to re-use any of the information we have disclosed.

Yours sincerely

Eva Hextall

FOI Case Officer

FOI Case Management Team

General Counsel

Transport for London

Back to top

Want to make a request?

We'll email you the response within 20 working days.


We'll publish the response online without disclosing any personal information.

Make a request

Something wrong with this request?


If you believe this request is not suitable, you can report it for attention, at foi@tfl.gov.uk