Social Security Scotland security incidents and breaches: FOI release
- Social Security Directorate
- Part of
- Public sector
Information request and response under the Freedom of Information (Scotland) Act 2002.
1. The number and nature of IT security incidents (computers going offline, system crashes or otherwise) in regards to the new benefits system since September 2018.
2. Full details (and any relevant documents) on the number and nature of personal data/GDPR breaches at Social Security since September 2018, broken down by month.
1. The number and nature of IT security incidents (computers going offline, system crashes or otherwise) in regards to the new benefits system since September 2018 - see attached document
Since Social Security Scotland started delivering benefits in September 2018, there have been 19 security incidents, none of which have resulted in the service going offline, or systems crashing. The nature of those incidents are generally associated with system configuration or human error. The internal cyber security team have implemented a variety of security systems and methods to detect, investigate and respond to incidents swiftly. On top of this, there is a robust security education and awareness programme to equip staff with the knowledge and tools they need to help keep the organisation and it’s data secure.
2. Full details (and any relevant documents) on the number and nature of personal data/GDPR breaches at Social Security since September 2018, broken down by month - see attached document
While our aim is to provide information whenever possible, in this instance we are unable to provide the relevant documents you have requested because an exemption under section 38(1)(b) of FOISA applies to that information. We have however included a summary of the incident to provide more detail about it. The reasons why that exemption applies are explained in the Annex
REASONS FOR NOT PROVIDING INFORMATION
An exemption applies
Section 38(1)(b) – applicant has asked for personal data of a third party
An exemption under section 38(1)(b) of FOISA (personal information) applies to some of the information requested because it is personal data of a third party, i.e. names, email addresses and contact details of individuals, and disclosing it would contravene the data protection principles in Article 5(1) of the General Data Protection Regulation and in section 34(1) of the Data Protection Act 2018.
This exemption is not subject to the ‘public interest test’, so we are not required to consider if the public interest in disclosing the information outweighs the public interest in applying the exemption.
The Scottish Government is committed to publishing all information released in response to Freedom of Information requests. View all FOI responses at http://www.gov.scot/foi-responses.
- File type
- 4 page PDF
- File size
- 28.4 kB
Please quote the FOI reference
Central Enquiry Unit
Phone: 0300 244 4000
The Scottish Government
St Andrews House
There is a problem
Thanks for your feedback