- 25 Sep 2019
Date received: 12 Sep 2019
Date responded: 25 Sep 2019
1. How many employee devices that can store data (such as devices including smartphones, laptops, PDAs, external storage devices [hard drives, memory cards, CDs and DVDs] and tablets) were lost or stolen between 1 June 2018 and 1 June 2019
a. Of these devices, if available, how many were lost and how many were stolen
b. Of these devices, if available, how many were recovered after they were lost or stolen
2. Where were devices lost or stolen?
a. At work
b. At home
c. During the commute between home and work
d. During business travel – e.g. to another region or country
e. Other – e.g. out-of-work activity
3. Of the devices that were lost or stolen, how many were
a. Encrypted (i.e. the data was protected by either manufacturer provided encryption or third-party encryption)
b. Not encrypted
4. Following the loss or theft of a device, how many employees were: disciplined, sent on training course, reminded of security practices.
5. When was your last audit by the Information Commissioner’s Office
Q1 - 4. There were no reported lost or stolen devices between 1 June 2018 – 1 June 2019.
Q5. SPPA has not been audited by the Information Commissioner’s Office.
Organisations can request a voluntary audit or can be audited by the ICO following a breach where an advisory audit is undertaken to help improve data protection practices. Further information on ICO audits can be found on the Information Commissioner’s website.
The Scottish Government is committed to publishing all information released in response to Freedom of Information requests. View all FOI responses at http://www.gov.scot/foi-responses.
Please quote the FOI reference
Central Enquiry Unit
Phone: 0300 244 4000
The Scottish Government
St Andrews House