Gallagher Bassett / Claims Management - Freedom of information requests

Title or Description
Gallagher Bassett / Claims Management
FOI Number
133
Date Received
01/02/2022
Type of Request
FOI
Request or Question
1: Does your Council use Gallagher Bassett as a Claims Management or Handling Company? 2: If your Council does use Gallagher Bassett then: 
A: Is your Council aware of the Gallagher Bassett Ransomware/Databreach in June to Sept 2020?
 
B: Has your Council been contacted by Gallagher Bassett over the Ransomware/Databreach?
 
C: Did Gallagher Bassett identify any claimants who may have had their "notifiable" data exposed? How many were identified?
 
D: How many "notifiable" claimants were identified?
 
E: Did your Council raise the matter with the ICO? If so what was the Incident reference number?
 
F: Did Gallagher Bassett identify any others that may have had their data exposed? (EG Name, Account and Amount received?) How many were identified?
 
G: Did Gallagher Bassett raise any of the above to the ICO?
 
H: Did your Council , after identifying others that were not "notifiable" raise a further matter with the ICO?
 
I: What was the advise from the ICO on these matters?
 
J: Has your Council contacted any of the "notifiable" claimants of the data breach?
 
K: Has your Council contacted any of the non "notifiable" claimants of the data breach?
 
L Does your Council allow for Claimants to object to their data being processed by an external firm?
 
M: Do you inform your claimants that their data will be transferred outside of Europe for processing?
 
N: How much last year did your Council pay Gallagher Bassett for all its services?
 
3: What is your Information Security / Cyber Security Vendor Management Due Diligence questions on engagement of a Vendor such as Gallagher Bassett?
 
Response
1. Scottish Borders Council does not use Gallagher Bassett as a Claims Management or Handling Company.
2.  N/A
3.  As an outsourced IT Authority, Scottish Borders Council would request our IT partners to carry out relevant security assessment. Scottish Borders Council does not hold a copy of the questions that are passed to vendors from CGI. Therefore, we give notice under s17 of FOI(S)A 2002.