Disclosure Scotland data protection breach statistics: FOI release

Information requested

1) A yearly (2018/2019/2020/2021) breakdown of the number of data protection breaches under GDPR recorded by the organisation since April 1, 2018. 2) A yearly breakdown of the number of data protection breaches under GDPR reported to the Information Commissioner's Office by the organisation since April 1, 2018. 3) For each year, please provide the number of data protection breaches which took longer than 72 hours to be reported to the ICO. 4) Please also provide a yearly breakdown of the number of each type of data protection breach, described as a ‘Confidentiality breach’ – where there is an unauthorised or accidental disclosure of, or access to, personal data; an ‘Availability breach’ – where there is an accidental or unauthorised loss of access to, or destruction of, personal data, which could be permanent or temporary; or an ‘Integrity breach’ – where there is an unauthorised or accidental alteration of personal data. as described by the Law Society of Scotland.

Response

1) A yearly (2018/2019/2020/2021) breakdown of the number of data protection breaches under GDPR recorded by the organisation since April 1, 2018.

Year Total 2018 16 2019 91 2020 82 2021* 20

*Until 11 May 2021, date of FOI request.

2) A yearly breakdown of the number of data protection breaches under GDPR reported to the Information Commissioner's Office by the organisation since April 1, 2018.

Year Reported to ICO 2018 4 2019 0 2020 2 2021* 1

*Until 11 May 2021, date of FOI request. 3) For each year, please provide the number of data protection breaches which took longer than 72 hours to be reported to the ICO. All data breaches notified to the ICO were reported within 72 hours. 4) Please also provide a yearly breakdown of the number of each type of data protection breach, described as a ‘Confidentiality breach’ – where there is an unauthorised or accidental disclosure of, or access to, personal data; an ‘Availability breach’ – where there is an accidental or unauthorised loss of access to, or destruction of, personal data, which could be permanent or temporary; or an ‘Integrity breach’ – where there is an unauthorised or accidental alteration of personal data. as described by the Law Society of Scotland.

2018 2019 2020 2021* Confidentiality Breach 14 81 70 17 Availability Breach 1 2 2 0 Integrity Breach 1 8 10 3

*Until 11 May 2021, date of FOI request. About FOI

The Scottish Government is committed to publishing all information released in response to Freedom of Information requests. View all FOI responses at http://www.gov.scot/foi-responses.

Contact Please quote the FOI reference Central Enquiry Unit Email: ceu@gov.scot Phone: 0300 244 4000 The Scottish Government St Andrews House Regent Road Edinburgh EH1 3DG

Attachments

No attachments found.

Similar releases

• Correspondence discussing the response to FOI request 202600503390: FOI release 2026-05-15 · partially withheld · 2 files
• Perth and Kinross broadband queries: FOI release 2026-05-14 · not held · 0 files
• Crown Office and Procurator Fiscal Service funding query: FOI release 2026-05-14 · unclear · 0 files
• Scottish Government documentation regarding the procurement of Oracle: FOI release 2026-05-14 · not held · 0 files
• Brand Scotland marketing spend information: FOI release 2026-05-13 · unclear · 0 files
• Number of Freedom of Information requests which have proceeded to a review: FOI release 2026-05-13 · unclear · 0 files
• Sensitive and routine Freedom of Information request statistics: FOI release 2026-05-12 · unclear · 0 files
• Correspondence regarding Information Commissioner decision notices: FOI release 2026-05-12 · partially withheld · 2 files