Information Governance
Request ID: FOI-2877-1819
Date published: 29 May 2019
You asked
I would like to request information about the work and structure of your Information Governance team and how these functions and responsibilities are carried out in your organisation. By Information Governance, I am referring to how you comply with Information Access legislation (FoIA & EIR), data protection, and records management.
I would therefore be grateful if you can provide me with the following information:
1. The total number of staff employed by your authority – the FTE (full-time equivalent)
2. The total number of FoIA & EIR requests received by your authority in your last annual monitoring period – as either a calendar or financial year, whichever is easier.
3. The total number of Subject Access Requests (SARs) received by your authority over the same period
4. The number of SAR requests received since the introduction of the General Data Protection Regulation (GDPR) on 25 May 2018.
5. Please provide information about the structure of your Information Governance team(s), and/or the relevant roles within your authority where these responsibilities lie. This should include:
- Team structure(s), job titles, role responsibilities and job descriptions;
- Pay bands for these roles – if the pay band is identified by an alphanumeric identifier (e.g. Band D, or Grade 8), please provide a table which identifies the range of salaries within these pay bands.
- Where the Information Governance function sits within your authority and the member of your Senior Management Team / Corporate Management Team / Board with overall responsibility for Information Governance.
6. Please identify where the role of Data Protection Officer (DPO) sits within your authority, to whom they report, they pay band, whether your DPO has any additional roles or responsibilities, and whether they fulfil the DPO role for any other data controller.
7. Please provide a copy of any audits or inspection reports covering FoIA, EIR , DPA and GDPR compliance from the past three years, and copies of reports referencing any restructuring or resourcing of the Information Governance functions within your authority.
If you are providing links to information published on your website, please ensure they relate to the specific information being requested.
We answered
TfL Ref: FOI-2877-1819
Thank you for your email received by Transport for London (TfL) on 26 January 2019 asking for information about Information Governance.
Your request has been considered in accordance with the requirements of the Freedom of Information Act our information access policy. I can confirm we do hold the information you require. You asked for:
1. The total number of staff employed by your authority – the FTE (full-time equivalent)
We have 30 members of staff in Information Governance.
2. The total number of FoIA & EIR requests received by your authority in your last annual monitoring period – as either a calendar or financial year, whichever is easier.
Please refer to our 2017/18 figure which is published on our website at https://tfl.gov.uk/corporate/transparency/freedom-of-information/foi-performance?intcmp=8657
3. The total number of Subject Access Requests (SARs) received by your authority over the same period
We received 317 complex SARs in 2017/18 (excluding business as usual requests handled by TfL’s contact centres).
4. The number of SAR requests received since the introduction of the General Data Protection Regulation (GDPR) on 25 May 2018.
We do our recording periodically and can therefore confirm that from period 3 (27 May) to the latest complete period 10 (5 Jan) we received a total of 348 SARs. This includes SARs collected for the following TfL departments; Privacy and Data Protection Team, HR Services, Occupational Health, Pensions, Taxi & Private Hire, London Transport Museum, Bus Operations and LU Network Security.
5. Please provide information about the structure of your Information Governance team(s), and/or the relevant roles within your authority where these responsibilities lie. This should include:
Team structure(s), job titles, role responsibilities and job descriptions;
- Pay bands for these roles – if the pay band is identified by an alphanumeric identifier (e.g. Band D, or Grade 8), please provide a table which identifies the range of salaries within these pay bands.
- Where the Information Governance function sits within your authority and the member of your Senior Management Team / Corporate Management Team / Board with overall responsibility for Information
Please see the attached organogram for team structure(s), job titles, role responsibilities, job descriptions and pay bands.
Information Governance is a part of TfL’s General Counsel directorate and the General Counsel has accountability at executive management level.
Please note that in accordance with TfL’s obligations under Data Protection legislation some personal data has been removed form the chart, as required by section 40(2) of the FOI Act. This is because disclosure of this personal data would be a breach of the legislation, specifically the first principle which requires all processing of personal data to be fair and lawful. It would not be fair to disclose this personal information when the individuals have no expectation it would be disclosed and TfL has not satisfied one of the conditions which would make the processing ‘fair’.
This exemption to the right of access to information is an absolute exemption and not subject to an assessment of whether the public interest favours use of the exemption.
6. Please identify where the role of Data Protection Officer (DPO) sits within your authority, to whom they report, they pay band, whether your DPO has any additional roles or responsibilities, and whether they fulfil the DPO role for any other data controller.
The DPO reports to the General Counsel. Please see the attached chart for pay band information. The DPO is also the Head of Information Governance and fulfils the role for TfL and its subsidiaries.
7. Please provide a copy of any audits or inspection reports covering FoIA, EIR , DPA and GDPR compliance from the past three years, and copies of reports referencing any restructuring or resourcing of the Information Governance functions within your authority.
Please find attached the business case for a restructuring of the Information Governance department which took place in 2018. This was focussed on the resourcing of the records management and management system parts of the department but reference is also made to the impact on data protection resources. No other restructuring has taken place.
If this is not the information you are looking for, or if you are unable to access it for some reason, please do not hesitate to contact me.
Please see the attached information sheet for details of your right to appeal as well as information on copyright and what to do if you would like to re-use any of the information we have disclosed.
Yours sincerely
Eva Hextall
FOI Case Officer
FOI Case Management Team
General Counsel
Transport for London
Back to top
