PARLIAMENTARY WRITTEN QUESTION
Tribunals: Scotland (5 February 2016)
Question Asked
Asked by:
Kirsty Blackman (Scottish National Party)
Answer
Her Majesty's Courts & Tribunals Service takes its responsibility for data incidents very seriously and treats each case on its individual merits. Notifying individuals of data breaches or incidents is considered, but is not a mandatory action in every instance.
Informing people and organisations about a breach is not an end in itself. Notification should have a clear purpose, whether this is to enable individuals who may have been affected to take steps to protect themselves or to allow the appropriate regulatory bodies to perform their functions, provide advice and deal with complaints.
The above criteria is considered when deciding whether or not to inform individuals or organisations of a data breach. In relation to the incidents referred to in this PQ it is unclear, as no statistical information has been retained, as to whether or not individuals were notified.
Guidance on data breach notification is set out by the Information Commissioners Office (ICO) in the link below:
https://ico.org.uk/for-organisations/guide-to-data-protection/principle-7-security/
Answered by:
Shailesh Vara (Conservative)
10 February 2016
Contains Parliamentary information licensed under the Open Parliament Licence v3.0.