Received: 2 April 2019

Please disclose the following information under the Act:

1. Date first cyber attack reported to police and in what form (eg by email, phone, in person).
2. Ditto second cyber attack.
3. Name of Police Federation Data Controller.
4. Name of executive officer to whom Data Controller reports.
5. Name of contractor(s) (if any) who inspects, audits, maintains, ensures compliance of data systems at the Police Federation.
6. Date a Disaster Recovery Plan (DRP) was first instituted.
7. Dates upon which any revisions to DRP were made.
8. A copy of the Disaster Recovery Plan.

Responded: 10 April 2019

1. The first cyber-attack was reported to the National Crime Agency by phone on Sunday 10 March 2019.
2. The second cyber-attack was reported to the National Crime Agency by phone on Thursday 21 March 2019.
3. The Police Federation of England and Wales is the designated data controller. Our Data Protection Officer is Mr Alex Duncan.
4. Mr Alex Duncan is the National Secretary and therefore is the head of the organisation and so does not report into another executive officer.
5. PFEW does not employ an external contractor to carry out these functions. This is done by staff within the Police Federation of England and Wales.
6. We are unable to provide a response due to the cyber-attacks which has resulted in information being inaccessible.
7. We are unable to provide a response due to the cyber-attacks which has resulted in information being inaccessible.
8. We are unable to provide a response due to the cyber-attacks which has resulted in information being inaccessible.