Departmental Security
Justice
Francis Maude (Shadow Minister for the Cabinet Office & Shadow Chancellor of the Duchy of Lancaster, Cabinet Office; Horsham, Conservative)
To ask the Secretary of State for Justice which public sector organisations have notified data security breaches to the Information Commissioner since November 2007.
Michael Wills (Minister of State, Ministry of Justice; North Swindon, Labour)
The Information Commissioner's Office (ICO) is an independent body created by statute. One of their responsibilities is the handling of complaints made under the Data Protection Act 1998 (DPA). The ICO has provided the answer to this question.
The Commissioner encourages organisations to report serious data breaches to his Office, although there is no legal obligation on them to do so. Because of the subjective criteria used by organisations when deciding whether to notify, the severity and impact of the breaches vary.
As notification of breaches is voluntary and to protect the confidentiality of the information provided, the Information Commissioner does not disclose details of individual breaches. However, he has broken down the number of notifications as:
| Notifications since November 2007 | |
| Private sector | 41 |
| Local government | 17 |
| Central Government | 30 |
| Other public sector organisations | 50 |
| Total | 138 |