We use cookies to collect anonymous data to help us improve your site browsing experience.

Click 'Accept all cookies' to agree to all cookies that collect anonymous data. To only allow the cookies that make the site work, click 'Use essential cookies only.' Visit 'Set cookie preferences' to control specific cookies.

Set cookie preferences

Your cookie preferences have been saved. You can change your cookie settings at any time.

Publication - FOI/EIR release

Scottish Public Pensions Agency data protection breaches under GDPR: FOI release

Published
1 June 2021
Part of
Public sector
FOI reference
FOI/202100204073
Date received
18 May 2021
Date responded
25 May 2021

Information request and response under the Freedom of Information (Scotland) Act 2002

Information requested

1) A yearly (2018/2019/2020/2021) breakdown of the number of data protection breaches under GDPR recorded by the organisation since April 1, 2018.

2) A yearly breakdown of the number of data protection breaches under GDPR reported to the Information Commissioner's Office by the organisation since April 1, 2018.

3) For each year, please provide the number of data protection breaches which took longer than 72 hours to be reported to the ICO.

4) Please also provide a yearly breakdown of the number of each type of data protection breach, described as a ‘Confidentiality breach’ – where there is an unauthorised or accidental disclosure of, or access to, personal data; an ‘Availability breach’ – where there is an accidental or unauthorised loss of access to, or destruction of, personal data, which could be permanent or temporary; or an ‘Integrity breach’ – where there is an unauthorised or accidental alteration of personal data. as described by the Law Society of Scotland.

Response

1) A yearly (2018/2019/2020/2021) breakdown of the number of data protection breaches under GDPR recorded by the organisation since April 1, 2018.

2018 (1st April >): 14
2019: 35
2020: 29
2021(up to 21st May): 10

2) A yearly breakdown of the number of data protection breaches under GDPR reported to the Information Commissioner's Office by the organisation since April 1, 2018.

2018 (1st April >): 2
2019: 0
2020: 1
2021 (up to 21st May): 0

3) For each year, please provide the number of data protection breaches which took longer than 72 hours to be reported to the ICO.

2018 - (1st April >): 0
2019: N/A [Information not held]
2020: 0
2021 (up to 21st May): N/A [Information not held]

4) Please also provide a yearly breakdown of the number of each type of data protection breach, described as a ‘Confidentiality breach’ – where there is an unauthorised or accidental disclosure of, or access to, personal data; an ‘Availability breach’ – where there is an accidental or unauthorised loss of access to, or destruction of, personal data, which could be permanent or temporary; or an ‘Integrity breach’ – where there is an unauthorised or accidental alteration of personal data. as described by the Law Society of Scotland.

2018 - (1st April >): 14
Confidentiality 12
Availability 0
Integrity 2

2019: 35
Confidentiality 34
Availability 0
Integrity 1

2020: 29
Confidentiality 26
Availability 0
Integrity 3

2021 (up to 21st May): 10
Confidentiality 8
Availability 0
Integrity 2

About FOI

The Scottish Government is committed to publishing all information released in response to Freedom of Information requests. View all FOI responses at http://www.gov.scot/foi-responses.

Contact

Please quote the FOI reference
Central Enquiry Unit
Email: ceu@gov.scot
Phone: 0300 244 4000

The Scottish Government
St Andrews House
Regent Road
Edinburgh
EH1 3DG

Back to top