Data security incidents reported to Data Protection and Information Assets team: FOI review

FOI reference: FOI/18/02715/Review  
Date received: 25 October 2018  
Date responded: 22 November 2018

 

 

Thank you for your request of 25 October 2018 for a review of our response to your request under the Freedom of Information (Scotland) Act 2002 (FOISA) for: Further details of the 18 data security incidents internally reported to the SG Data Protection and Information Assets team in 2017-18, mentioned on p.29 of the Consolidated Accounts: https://www.gov.scot/Resource/0054/00540845.pdf

 

 

I have been asked by Director of Digital to carry out the review because I was not involved in handling your original request. I have looked at the case afresh to establish whether the original response should be confirmed, with or without modifications as appropriate, or a fresh decision should be substituted.
I have concluded that there is more information available than was provided to you and I note that you have asked for the ‘maximum’ amount of information available to be provided. I have balanced this with the requirement under FOISA to consider the rights of data subjects under the GDPR. Those involved in an incident have an expectation that their details will not be further exposed beyond the purposes of incident management. Redacting these details would be a manual process and will present a further risk to the individuals concerned.
I do however believe that more information can be made available safely on the narrative of the incident, number of persons affected and the response. The attached tables provide that richer information set.

 

The Scottish Government is committed to publishing all information released in response to Freedom of Information requests. View all FOI responses at http://www.gov.scot/foi-responses