Transport Scotland data protection breach statistics: FOI release

Information requested

1. A yearly (2018/2019/2020/2021) breakdown of the number of data protection breaches under GDPR recorded by the organisation since April 1, 2018.

2. A yearly breakdown of the number of data protection breaches under GDPR reported to the Information Commissioner's Office by the organisation since April 1, 2018.

3. For each year, please provide the number of data protection breaches which took longer than 72 hours to be reported to the ICO.

4. Please also provide a yearly breakdown of the number of each type of data protection breach, described as a ‘Confidentiality breach’ – where there is an unauthorised or accidental disclosure of, or access to, personal data; an ‘Availability breach’ – where there is an accidental or unauthorised loss of access to, or destruction of, personal data, which could be permanent or temporary; or an ‘Integrity breach’ – where there is an unauthorised or accidental alteration of personal data, as described by the Law Society of Scotland.

Response

The answer to your questions are as follows:

Questions 1-3

Year	Number of Transport Scotland breaches	Number reported to ICO	Number outwith 72 hour report window
2018	3	0	0
2019	4	0	0
2020	5	0	0
2021	3	1	0

Question 4

With the categories you have described, the breaches detailed above would be all listed as confidentiality breaches.

About FOI

The Scottish Government is committed to publishing all information released in response to Freedom of Information requests. View all FOI responses at http://www.gov.scot/foi-responses.