· FOI · unclear

Reporting of four specific data security incidents 2016/17: FOI release

Published: 2017-11-01
Received
Responded
Directorate: Digital Directorate
Topic: Public sector
Exemptions: 2

Information requested

Details of the four significant data security incidents in 2016-2017 Reason why only three of the incidents were reported to the information commissioner's office. Reason why only three of these data security incidents were reported in FOI 17/01932

Response

1. Details of the four significant data security incidents in 2016-2017

I. Disclosure Scotland. An email was sent out to users of a system, but addresses were put into the CC field instead of the BCC field. This meant users of the system could see email addresses and names of other users of the system.

II. Scottish Public Pensions Agency. Sensitive information was emailed to an incorrect, external address due to accidental concatenation of a legitimate recipient's personal and work email addresses.

III. Agriculture & Rural Environment. An email was sent out to users of a system, but addresses were put into the CC field instead of the BCC field. This meant users of the system could see email addresses and names of other users of the system.

IV. Scottish Government. Sensitive information was accidentally emailed to an external email address.

2. Reason why only three of the incidents were reported to the information commissioner's office

Three of the four incidents involved personal information being disclosed in error, so these three incidents were reported to the ICO. As there was no personal data disclosed in error in the fourth incident, although this was a loss of information, it was not considered a breach of the Data Protection Act and therefore there was no requirement to report this incident to ICO.

3. Reason why only three of these data security incidents were reported in FOI 17/01932

In FOI 17/01932 you requested details of cyber attacks on the Scottish Government in 2016/17. The information in the URL you provided http://www.gov.scot/Resource/0052/00525249.pdf refers to data security incidents in 2016/17. These are two different types of event.

Attachments

No attachments found.

Similar releases

Correspondence discussing the response to FOI request 202600503390: FOI release 2026-05-15 · partially withheld · 2 files
Perth and Kinross broadband queries: FOI release 2026-05-14 · not held · 0 files
Crown Office and Procurator Fiscal Service funding query: FOI release 2026-05-14 · unclear · 0 files
Scottish Government documentation regarding the procurement of Oracle: FOI release 2026-05-14 · not held · 0 files
Brand Scotland marketing spend information: FOI release 2026-05-13 · unclear · 0 files
Number of Freedom of Information requests which have proceeded to a review: FOI release 2026-05-13 · unclear · 0 files
Sensitive and routine Freedom of Information request statistics: FOI release 2026-05-12 · unclear · 0 files
Correspondence regarding Information Commissioner decision notices: FOI release 2026-05-12 · partially withheld · 2 files