PARLIAMENTARY WRITTEN QUESTION
Tribunals: Scotland (5 February 2016)

Question Asked

To ask the Secretary of State for Justice, pursuant to the Answer of 2 February 2016 to Question 24107 on tribunals: Scotland, how many of those people whose data was breached were not made aware that that breach had occurred.

Asked by:
Kirsty Blackman (Scottish National Party)

Answer

Her Majesty's Courts & Tribunals Service takes its responsibility for data incidents very seriously and treats each case on its individual merits. Notifying individuals of data breaches or incidents is considered, but is not a mandatory action in every instance.

Informing people and organisations about a breach is not an end in itself. Notification should have a clear purpose, whether this is to enable individuals who may have been affected to take steps to protect themselves or to allow the appropriate regulatory bodies to perform their functions, provide advice and deal with complaints.

The above criteria is considered when deciding whether or not to inform individuals or organisations of a data breach. In relation to the incidents referred to in this PQ it is unclear, as no statistical information has been retained, as to whether or not individuals were notified.

Guidance on data breach notification is set out by the Information Commissioners Office (ICO) in the link below:

https://ico.org.uk/for-organisations/guide-to-data-protection/principle-7-security/


Answered by:
Shailesh Vara (Conservative)
10 February 2016

Contains Parliamentary information licensed under the Open Parliament Licence v3.0.