Publication - FOI/EIR release

Disclosure Scotland data protection breach statistics: FOI release

Published: 10 Jun 2021
Part of:
Public sector

Information request and response under the Freedom of Information (Scotland) Act 2002

Published:
10 Jun 2021
Disclosure Scotland data protection breach statistics: FOI release
FOI reference: FOI/202100204070
Date received: 18 May 2021
Date responded: 4 Jun 2021
Information requested

1) A yearly (2018/2019/2020/2021) breakdown of the number of data protection breaches under GDPR recorded by the organisation since April 1, 2018.

2) A yearly breakdown of the number of data protection breaches under GDPR reported to the Information Commissioner's Office by the organisation since April 1, 2018.

3) For each year, please provide the number of data protection breaches which took longer than 72 hours to be reported to the ICO.

4) Please also provide a yearly breakdown of the number of each type of data protection breach, described as a ‘Confidentiality breach’ – where there is an unauthorised or accidental disclosure of, or access to, personal data; an ‘Availability breach’ – where there is an accidental or unauthorised loss of access to, or destruction of, personal data, which could be permanent or temporary; or an ‘Integrity breach’ – where there is an unauthorised or accidental alteration of personal data. as described by the Law Society of Scotland.

Response

1) A yearly (2018/2019/2020/2021) breakdown of the number of data protection breaches under GDPR recorded by the organisation since April 1, 2018.

Year Total
2018 16
2019 91
2020 82
2021* 20

*Until 11 May 2021, date of FOI request.

2) A yearly breakdown of the number of data protection breaches under GDPR reported to the Information Commissioner's Office by the organisation since April 1, 2018.

Year Reported to
ICO
2018 4
2019 0
2020 2
2021* 1

*Until 11 May 2021, date of FOI request.

3) For each year, please provide the number of data protection breaches which took longer than 72 hours to be reported to the ICO.

All data breaches notified to the ICO were reported within 72 hours.

4) Please also provide a yearly breakdown of the number of each type of data protection breach, described as a ‘Confidentiality breach’ – where there is an unauthorised or accidental disclosure of, or access to, personal data; an ‘Availability breach’ – where there is an accidental or unauthorised loss of access to, or destruction of, personal data, which could be permanent or temporary; or an ‘Integrity breach’ – where there is an unauthorised or accidental alteration of personal data. as described by the Law Society of Scotland.

  2018 2019 2020 2021*
Confidentiality Breach 14 81 70 17
Availability Breach 1 2 2 0
Integrity Breach 1 8 10 3

*Until 11 May 2021, date of FOI request.

About FOI

The Scottish Government is committed to publishing all information released in response to Freedom of Information requests. View all FOI responses at http://www.gov.scot/foi-responses.

Contact

Please quote the FOI reference
Central Enquiry Unit
Email: ceu@gov.scot
Phone: 0300 244 4000

The Scottish Government
St Andrews House
Regent Road
Edinburgh
EH1 3DG