Skip to main content

Departmental Security

Volume 478: debated on Monday 23 June 2008

To ask the Secretary of State for Justice which public sector organisations have notified data security breaches to the Information Commissioner since November 2007. (210958)

The Information Commissioner’s Office (ICO) is an independent body created by statute. One of their responsibilities is the handling of complaints made under the Data Protection Act 1998 (DPA). The ICO has provided the answer to this question.

The Commissioner encourages organisations to report serious data breaches to his Office, although there is no legal obligation on them to do so. Because of the subjective criteria used by organisations when deciding whether to notify, the severity and impact of the breaches vary.

As notification of breaches is voluntary and to protect the confidentiality of the information provided, the Information Commissioner does not disclose details of individual breaches. However, he has broken down the number of notifications as:

Notifications since November 2007

Private sector


Local government


Central Government


Other public sector organisations