Request for information - Ref No: FOI221114
Request
Thank you for your email of 8 November 2022, requesting information from Ordnance Survey in accordance with the Freedom of Information Act (FOIA) 2000, as set out in the extract below:
Could you please provide me with up to date names, job titles and email addresses for your Senior IT staff, such as:
- Chief Information Officer
- Chief Digital Officer
- Chief Technology Officer
- Head of Digital Transformation
- Director of IT / ICT / IM&T / Digital / Information / Technology
- Head of IT / ICT / IM&T / Digital / Information / Technology
- IT / ICT / IM&T / Digital / Information / Technology Manager
- Chief / Deputy Operating Officer
- Head / Director of Cyber Security
- ICT Project Manager
- ICT Programme Manager
- Network Manager / Head / Director
- ICT Infrastructure
- ICT Business Manager
- Head of IT Procurement
- ICT Officer
- ICT Network Officer
Our response
I confirm that Ordnance Survey does hold the names, job titles and email address for our senior IT staff.
The name of our Chief Technology Officer is Richard Gifford, this information is available from our Organisational Structure Chart via our Publication Scheme on our website: https://www.ordnancesurvey.co.uk/governance/information/publication-scheme under the heading ‘Who we are and what we do’
This information is exempt from disclosure under section 21 (Information accessible by other means) of the Freedom of Information Act (FOIA) 2000, as it is already accessible to you; however, we have not relied on this exemption in this response. Please note the information on our Directors page of our website has not been updated and refers to the previous Director of Technology and Design who has recently left OS, this will be updated in due course.
 Exempt information
We consider that the names, job titles of the remaining senior IT staff, and the email addresses (including the Chief Technology Officer’s email address) to be exempt from disclosure, this is explained below:
Exempt information under section 31(1)(a) (prevention or detection of crime) of the FOIA
I confirm we hold the email addresses; however, we consider this information to be exempt from disclosure under section 31(1)(a) of the FOIA.  This exempts information if its disclosure is likely to prejudice the prevention or detection of crime.  In this case, we consider that disclosure of email addresses would be likely to make OS more vulnerable to crime; this information could be exploited by individuals or groups with hostile intent, i.e., this information could enable a malicious social engineering attack on our computer systems.
This is a qualified exemption, and we are required to consider the public interest.
Public interest test
OS recognises the need for transparency; however, release of this information would increase the risk of social engineering attacks, therefore facilitating the possibility of crime.   Section 31(1)(a) is a prejudice-based exemption, and there is a public interest inherent in avoiding the harm specified.  OS considers that the prejudice would be likely to occur, and we are satisfied there is a greater public interest in protecting our systems by withholding the information under this exemption.
Exempt information under section 40(2) (personal information) of the FOIA
Names, job titles (other than that of the CTO) and email addresses constitute personal data.   
 Section 40(2) provides that personal data is exempt information if one of the conditions set out in section 40(3) is satisfied. In our view, disclosure of this information would breach the data protection principles contained in the General Data Protection Regulations and Data Protection Act 2018  
 In reaching this decision, we have particularly considered:  
-  the reasonable expectations of the employees given their positions; Ordnance Survey considered that none of the individuals would have a reasonable expectation that their personal data would be disclosed;  
- the consequences of disclosure; and  
- any legitimate public interest in disclosure.  
 Section 40(2) is an absolute exemption and therefore not subject to the public interest test.  
However, under the duty to provide information and assistance in accordance with section 16 of FOIA we can provide contact details for Customer Services who can be contacted by email: CustomerServices@os.uk, and also for over-the-phone queries Monday to Friday, 08:30–17:30 (except for Bank Holidays), on 03456 05 05 05. In addition, our website provides useful contact information: Contact us | Ordnance Survey
Internal review
Your enquiry has been processed according to the Freedom of Information Act (FOIA) 2000. If you are unhappy with our response, you may request an internal review with our Internal Review Officer by contacting them, within two months of receipt of our final response to your Freedom of Information (FOI) request, as follows:
Internal Review Officer
Customer Service Centre
Ordnance Survey
Adanac Drive
Southampton
SO16 0AS
Please include the reference number above. You may request an internal review where you believe Ordnance Survey has:
- Failed to respond to your request within the time limits (normally 20 working days)
- Failed to tell you whether or not we hold the information
- Failed to provide the information you have requested
- Failed to explain the reasons for refusing a request
- Failed to correctly apply an exemption or exception
The Internal Review Officer will not have been involved in the original decision. They will conduct an independent internal review and will inform you of the outcome of the review normally within 20 working days, but exceptionally within 40 working days, in line with the Information Commissioner’s guidance.
The Internal Review Officer will either: uphold the original decision, provide an additional explanation of the exemption/s applied or release further information, if it is considered appropriate to do so.
Appeal to Information Commissioner’s Office (ICO)
If, following the outcome of the internal review you remain unhappy with our response, you may raise an appeal, within three months of receiving our response, with the Information Commissioner’s Office.
Further information can be found on the ICO website (ico.org.uk) under ‘Report a concern’ or you may wish to call the ICO helpline on 0303 123 1113.