Scottish Public Pensions Agency data protection breaches under GDPR: FOI release

Information requested

1) A yearly (2018/2019/2020/2021) breakdown of the number of data protection breaches under GDPR recorded by the organisation since April 1, 2018. 2) A yearly breakdown of the number of data protection breaches under GDPR reported to the Information Commissioner's Office by the organisation since April 1, 2018. 3) For each year, please provide the number of data protection breaches which took longer than 72 hours to be reported to the ICO. 4) Please also provide a yearly breakdown of the number of each type of data protection breach, described as a ‘Confidentiality breach’ – where there is an unauthorised or accidental disclosure of, or access to, personal data; an ‘Availability breach’ – where there is an accidental or unauthorised loss of access to, or destruction of, personal data, which could be permanent or temporary; or an ‘Integrity breach’ – where there is an unauthorised or accidental alteration of personal data. as described by the Law Society of Scotland.

Response

1) A yearly (2018/2019/2020/2021) breakdown of the number of data protection breaches under GDPR recorded by the organisation since April 1, 2018. 2018 (1st April >): 14 2019: 35 2020: 29 2021(up to 21st May): 10 2) A yearly breakdown of the number of data protection breaches under GDPR reported to the Information Commissioner's Office by the organisation since April 1, 2018. 2018 (1st April >): 2 2019: 0 2020: 1 2021 (up to 21st May): 0 3) For each year, please provide the number of data protection breaches which took longer than 72 hours to be reported to the ICO. 2018 - (1st April >): 0 2019: N/A [Information not held] 2020: 0 2021 (up to 21st May): N/A [Information not held] 4) Please also provide a yearly breakdown of the number of each type of data protection breach, described as a ‘Confidentiality breach’ – where there is an unauthorised or accidental disclosure of, or access to, personal data; an ‘Availability breach’ – where there is an accidental or unauthorised loss of access to, or destruction of, personal data, which could be permanent or temporary; or an ‘Integrity breach’ – where there is an unauthorised or accidental alteration of personal data. as described by the Law Society of Scotland. 2018 - (1st April >): 14 Confidentiality 12 Availability 0 Integrity 2 2019: 35 Confidentiality 34 Availability 0 Integrity 1 2020: 29 Confidentiality 26 Availability 0 Integrity 3 2021 (up to 21st May): 10 Confidentiality 8 Availability 0 Integrity 2 About FOI

The Scottish Government is committed to publishing all information released in response to Freedom of Information requests. View all FOI responses at http://www.gov.scot/foi-responses.

Contact Please quote the FOI reference Central Enquiry Unit Email: ceu@gov.scot Phone: 0300 244 4000 The Scottish Government St Andrews House Regent Road Edinburgh EH1 3DG

Attachments

No attachments found.

Similar releases

• Cabinet Secretary for Health and Social Care expense claims for 2024: FOI release 2026-05-20 · partially withheld · 2 files
• Cabinet Secretary for Finance and Local Government expense claims for 2025: FOI release 2026-05-20 · partially withheld · 2 files
• Cabinet Secretary for Finance and Local Government expense claims for 2024: FOI release 2026-05-20 · partially withheld · 2 files
• Podcast transcript for Preparing for the 2026 Scottish Parliamentary Election: FOI release 2026-05-20 · released · 2 files
• Accountant in Bankruptcy work from home policy and office occupancy rates: FOI release 2026-05-20 · unclear · 2 files
• Funding to LGBT Health and Wellbeing for conversion practices support services: FOI release 2026-05-19 · not held · 2 files
• Transport Scotland - Performance Audit Group (PAG) and gully clearance information: FOI release 2026-05-19 · unclear · 4 files
• Scottish Government Right to Disconnect agreement: FOI release 2026-05-18 · unclear · 2 files