My Department has a full suite of policies and procedures in place relating to data protection, as required by legislation, including a data breach policy. My Department's Data Protection Officer oversees robust training to all staff and engages in regular data protection awareness-raising campaigns. The information on data breaches requested by the Deputy is set out in the table beneath:
Year
|
No. of Recorded Personal Data Breaches (up to 16 October 2023)
|
Nature of Breaches
|
Severity of Breaches
|
All Individuals Informed
|
DPC Informed Yes/No
|
2023
|
19
|
Lost/Stolen Device – 8
Confidentiality Breach (unintentional publication or sharing of personal data - 11
|
Low Risk – 17Medium Risk -1 High Risk - 1
|
Yes (Where a breach is likely to result in a high risk to the affected individuals)
|
DPC informed of one high risk and one medium risk cases only.
|
2022
|
5
|
Lost/Stolen Device – 2
Confidentiality Breach (unintentional publication or sharing of personal data -3
|
Low Risk - 5
|
N/A
|
No – All low risk breaches.
|
2021
|
6
|
Confidentiality Breach (unintentional publication or sharing of personal data – 5
Cyber Attack - 1
|
Low Risk – 6
|
N/A
|
No – All low risk breaches.
|
2020
|
0
|
N/A
|
N/A
|
N/A
|
N/A
|
2019
|
1
|
Confidentiality Breach (unintentional publication or sharing of personal data – 1
|
Low Risk - 1
|
N/A
|
No - low risk breach.
|
2018
|
4
|
Confidentiality Breach (unintentional publication or sharing of personal data) – 3
Ransomware Attack - 1
|
Low Risk – 3High Risk - 1
|
Yes (Where a breach is likely to result in a high risk to the affected individuals)
|
Yes – in the High Risk case.
|
2013 - 2017
|
0
|
N/A
|
N/A
|
N/A
|
N/A
|