FOI/202100203290 · FOI · unclear

Breaches of data protection recorded by Scottish Government: FOI release

Published: 2021-06-17
Received: 2021-05-18
Responded: 2021-06-16
Directorate: Digital Directorate
Topic: Law and order, Public sector
Exemptions: 20

Information requested

1. A yearly (2018/2019/2020/2021) breakdown of the number of data protection breaches under GDPR recorded by the Scottish Government since April 1, 2018. 2. A yearly breakdown of the number of data protection breaches under GDPR reported to the Information Commissioner's Office by the Scottish Government since April 1, 2018. 3. For each year, please provide the number of data protection breaches which took longer than 72 hours to be reported to the ICO. 4. Please also provide a yearly breakdown of the number of each type of data protection breach, described as a ‘Confidentiality breach’ – where there is an unauthorised or accidental disclosure of, or access to, personal data; an ‘Availability breach’ – where there is an accidental or unauthorised loss of access to, or destruction of, personal data, which could be permanent or temporary; or an ‘Integrity breach’ – where there is an unauthorised or accidental alteration of personal data. as described by the Law Society of Scotland.

Response

Year Incidents or breaches logged Breaches reported to ICO >72 hours 2018/19 57 4 0 2019/20 106 5 0 2020/21 115 2 1

All were assessed as Confidentiality incidents. You also requested the same information from Social Security Scotland and their response is as follows: 1. Please see below figures for breaches per calendar year. Its worth noting that GDPR was not applicable until 25th May 2018, and in addition, the Social Security Scotland (Agency) did not come into effect until September 2018. The figures are reflective of this. 2018 – 5 breaches 2019 – 26 breaches 2020 - 26 Breaches 2021 – 13 breaches 2. There have been no referrals to the ICO from Social Security Scotland. 3. As above there have been no referrals to the ICO. 4. The terminology here is an information security model and not used in GDPR. We do not categorise personal data breaches in this way. Therefore I give notice under s17 of FOISA 2002 that the information requested is not held. About FOI The Scottish Government is committed to publishing all information released in response to Freedom of Information requests. View all FOI responses at http://www.gov.scot/foi-responses.

Contact Please quote the FOI reference Central Enquiry Unit Email: ceu@gov.scot Phone: 0300 244 4000 The Scottish Government St Andrews House Regent Road Edinburgh EH1 3DG

Attachments

No attachments found.

Similar releases

Perth and Kinross broadband queries: FOI release 2026-05-14 · not held · 0 files
Scottish Prison Service Policy for the Management of Transgender People in Custody Operational Guidance spend: FOI release 2026-05-14 · unclear · 0 files
Ministerial submissions, briefings and advice relating to body-worn video cameras for Police Scotland: FOI release 2026-05-14 · partially withheld · 0 files
Compensation for miscarriages of justice queries: FOI release 2026-05-14 · partially withheld · 0 files
Operation Branchform communications between Crown Office and Procurator Fiscal Service and First Minister: FOI release 2026-05-13 · unclear · 0 files
Number of memos/minutes sent from Lord Advocate’s office/Law Officers to the First Minister: FOI release 2026-05-13 · not held · 0 files
Records of Law Officers communications with First Minister since 2016: FOI release 2026-05-13 · released · 0 files
Disclosure Scotland expenditure: FOI release 2026-05-13 · already published · 0 files